From 8ebe3f106e53dc4032428a2e3435c4feea969087 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Fri, 29 May 2026 11:18:12 +0100 Subject: feat(boot): add linux-hardened as parallel UKI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Installs linux-hardened + linux-hardened-headers alongside the stock linux kernel. Stock kernel remains the default; linux-hardened is opt-in via efibootmgr --bootnext after the EFI entry is registered (one-time host-side step, documented in the preset). After first 'just pkg-apply', mkinitcpio auto-builds /boot/EFI/Linux/arch-linux-hardened.efi from the new preset (sharing etc/kernel/cmdline.tmpl with the stock UKI — same LUKS root, no kernel-specific cmdline knobs). Host-side EFI entry registration: sudo efibootmgr --create --disk /dev/nvme0n1 --part 1 \ --label 'Arch Hardened' --loader '\\EFI\\Linux\\arch-linux-hardened.efi' Roll back any time by removing both packages and the preset file; the stock kernel and its UKI are untouched. --- meta/base.txt | 2 ++ 1 file changed, 2 insertions(+) (limited to 'meta') diff --git a/meta/base.txt b/meta/base.txt index 3872a98..3a0a73b 100644 --- a/meta/base.txt +++ b/meta/base.txt @@ -20,6 +20,8 @@ iwd kernel-modules-hook linux linux-firmware +linux-hardened +linux-hardened-headers lostfiles lshw man-db -- cgit v1.3.1