| Commit message (Collapse) | Author | Age | Lines |
|
|
|
|
| |
The old gnuefi flag does not exist anymore, and a "generic" installation
of systemd should not pull in the bootloader.
|
|
|
|
|
| |
With the upstream addition of hardened/systemd profiles, we no longer
have to set these settings manually.
|
| |
|
|
|
|
|
| |
We use systemd-boot and bootctl on at least one machine with the
init-systemd profile, so enable it here.
|
| |
|
|
|
|
|
|
|
| |
Because of [1] this will now pull in cryptsetup. Since there's no point
in having fido2 enabled without it for now, we can simply disable it.
[1] https://bugs.gentoo.org/902831
|
|
|
|
|
| |
We have at least one machine with both a TPM chip and a FIDO2 device. It
shouldn't hurt enabling this for every systemd-based system we have.
|
|
|
|
|
| |
These are not needed in the general case and should instead be enabled
in a host-specific profile.
|
|
This more clearly describes what this profile does.
|