Xen Support #536
Description
When boot.lanzaboote.enable = true; the Xen boot entries (generated by virtualisation.xen.enable = true;) are not included in the boot menu, and their corresponding EFI binaries are removed from /boot/EFI/nixos/.
virtualisation.xen.enable = true; and boot.lanzaboote.enable = false;
saya@Gamma ~> nixos-rebuild switch --sudo --flake ~/Projects/nixos
building the system configuration...
Checking switch inhibitors... done
Installing Xen Project Hypervisor boot entries...done.
activating the configuration...
reloading user units for saya...
restarting sysinit-reactivation.target
the following new units were started: run-keys.mount, sysinit-reactivation.target, systemd-tmpfiles-resetup.service, xendomains.service
Done. The new configuration is /nix/store/kdyi1shjbchqw7k61dkn8m5p7i0g3179-nixos-system-Gamma-26.05.20260102.fb7944c
saya@Gamma ~> sudo tree /boot
/boot
├── EFI
│ ├── BOOT
│ │ └── BOOTX64.EFI
│ ├── Linux
│ │ └── nixos-generation-1-dxezq5w47agoeezoijt4g7w57sjvlv7gvs7lv77zbzhc2yo75d5q.efi
│ ├── nixos
│ │ ├── 0mnwlryk444asm44qngihs8sqbds1gmg-linux-6.18.3-bzImage.efi
│ │ ├── 87b7fx2ggfsm6apn52hy2ggg9p9xk8yd-initrd-linux-6.18.3-initrd.efi
│ │ └── xen-generation-1.efi
│ └── systemd
│ └── systemd-bootx64.efi
└── loader
├── entries
│ ├── nixos-generation-1.conf
│ └── xen-generation-1.conf
├── entries.srel
├── keys
├── loader.conf
└── random-seed
9 directories, 11 files
saya@Gamma ~>
virtualisation.xen.enable = true; and boot.lanzaboote.enable = true;
saya@Gamma ~> nixos-rebuild switch --sudo --flake ~/Projects/nixos
building the system configuration...
Checking switch inhibitors... done
Installing Lanzaboote to "/boot"...
Collecting garbage...
Successfully installed Lanzaboote.
activating the configuration...
reloading user units for saya...
restarting sysinit-reactivation.target
Done. The new configuration is /nix/store/4bpqcbf7qxkdj36cpya81hgqi70ix6q7-nixos-system-Gamma-26.05.20260102.fb7944c
saya@Gamma ~> sudo tree /boot
/boot
├── EFI
│ ├── BOOT
│ │ └── BOOTX64.EFI
│ ├── Linux
│ │ ├── nixos-generation-1-jhfbl2dyv67pjewzry3t6qtcpwgdrqs665bpqqlik4mk4ahwu7ca.efi
│ │ └── nixos-generation-2-dxezq5w47agoeezoijt4g7w57sjvlv7gvs7lv77zbzhc2yo75d5q.efi
│ ├── nixos
│ │ ├── initrd-6.18.3-yo3n4blfo3suhtux3ofxhdnkpw3bmfho5zbya2x7wb3orc75imoa.efi
│ │ └── kernel-6.18.3-4gxwufe7pyges3lr6ari24vq75gnsoxio6yib3qwqwqosubjroya.efi
│ └── systemd
│ └── systemd-bootx64.efi
└── loader
├── entries
│ ├── nixos-generation-1.conf
│ └── xen-generation-1.conf
├── entries.srel
├── keys
├── loader.conf
└── random-seed
9 directories, 11 files
saya@Gamma ~>
I noticed that /boot/EFI/nixos/xen-generation-1.efi has been deleted.
Expected Behavior
- Recognize and sign the Xen EFI stub (if compatible with its Secure Boot logic).
- At least allow the standard NixOS Xen installation logic to persist alongside Lanzaboote's generated EFI, ensuring Xen remains functional (even if it is not automatically signed by the Lanzaboote toolchain).