Heads

Minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.

Declared in: projects/Heads/default.nix

Demo

Implement missing demo

Options

programs.heads

: Heads board targets that should be built & symlinked.

Note: Using this option, you can specify boards that aren't currently provided or tested by NGIpkgs. This will cause a heavy build process to run on your system, which may end in a build failure.

Type:

list of string

Default:

pkgs.heads.allowedBoards

Declared in:

projects/Heads/module.nix
: Whether to enable symlinking of the selected Heads boards' ROMs under /etc/heads/${board}.rom.

Type:

boolean

Default:

false

Declared in:

projects/Heads/module.nix

Examples

qemu-coreboot-fbwhiptail-tpm1-hotp

{ ... }:
{
  programs.heads = {
    enable = true;
    boards = [ "qemu-coreboot-fbwhiptail-tpm1-hotp" ];
    # The ROM image will be symlinked under /etc/heads/qemu-coreboot-fbwhiptail-tpm1-hotp.rom
  };
}

    
    
  

Declared in: projects/Heads/example.nix

Binary files

Binaries are available under `pkgs.BINARY_NAME`, for example:

# test.nix
{
  ngipkgs ? import (fetchTarball "https://github.com/ngi-nix/ngipkgs/tarball/main") { },
  # Extend Nixpkgs package set with NGIpkgs
  pkgs ? ngipkgs.pkgs.extend ngipkgs.overlays.default,
}:
{
  heads.UNTESTED_talos-2 = pkgs.heads.UNTESTED_talos-2;
}

    
    
  

Which, you can build with:

$ nix-build -A heads.UNTESTED_talos-2 test.nix

Available binaries:

heads.UNTESTED_talos-2
heads.librem_11
heads.librem_14
heads.librem_l1um_v2
heads.librem_mini
heads.librem_mini_v2
heads.qemu-coreboot-fbwhiptail-tpm1-hotp
heads.qemu-coreboot-fbwhiptail-tpm2-hotp-prod_quiet
heads.qemu-coreboot-whiptail-tpm1
heads.qemu-coreboot-whiptail-tpm2-prod

Metadata

This project is funded by NLnet through these subgrants:

Review: AuthenticatedHeads; AccessibleSecurity