docs(bootstrap): mention optional linux-hardened EFI entry

The hardened kernel ships as a parallel UKI; document its efibootmgr registration alongside the stock one. Stock stays default-boot; hardened is selected on demand (efibootmgr --bootnext or firmware menu).
author: sommerfeld <sommerfeld@sommerfeld.dev> 2026-05-29 11:18:12 +0100
committer: sommerfeld <sommerfeld@sommerfeld.dev> 2026-05-29 11:18:12 +0100
commit: 5bad9a9d0a88316c577151fef5655299e58c74c2 (patch)
tree: bb87f0d108b1f38882bb0c00a5ac7ad973db8fca
parent: 1a8a19e6286aa58c5a46f03882f8f09e54456051 (diff)
download: dotfiles-5bad9a9d0a88316c577151fef5655299e58c74c2.tar.gz
dotfiles-5bad9a9d0a88316c577151fef5655299e58c74c2.tar.bz2
dotfiles-5bad9a9d0a88316c577151fef5655299e58c74c2.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/bootstrap.sh b/bootstrap.sh
index d6f986c..de244df 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -129,6 +129,10 @@ if [ -d /sys/firmware/efi ]; then
     # shellcheck disable=SC1003 # backslash is literal text shown to the user
     warn '  sudo efibootmgr --create --disk /dev/nvme0n1 --part 1 \'
     warn "      --label 'Arch UKI' --loader '\\EFI\\Linux\\arch-linux.efi'"
+    warn 'optionally, also register the linux-hardened UKI (opt-in boot):'
+    # shellcheck disable=SC1003
+    warn '  sudo efibootmgr --create --disk /dev/nvme0n1 --part 1 \'
+    warn "      --label 'Arch Hardened' --loader '\\EFI\\Linux\\arch-linux-hardened.efi'"
   fi
 fi
author	sommerfeld <sommerfeld@sommerfeld.dev>	2026-05-29 11:18:12 +0100
committer	sommerfeld <sommerfeld@sommerfeld.dev>	2026-05-29 11:18:12 +0100
commit	5bad9a9d0a88316c577151fef5655299e58c74c2 (patch)
tree	bb87f0d108b1f38882bb0c00a5ac7ad973db8fca
parent	1a8a19e6286aa58c5a46f03882f8f09e54456051 (diff)
download	dotfiles-5bad9a9d0a88316c577151fef5655299e58c74c2.tar.gz dotfiles-5bad9a9d0a88316c577151fef5655299e58c74c2.tar.bz2 dotfiles-5bad9a9d0a88316c577151fef5655299e58c74c2.zip