# mkinitcpio preset for the 'linux-hardened' kernel. Produces a UKI at
# /boot/EFI/Linux/arch-linux-hardened.efi alongside the stock linux UKI.
# Uses its own cmdline file (etc/kernel/cmdline-linux-hardened.tmpl) to
# force `mem_sleep_default=s2idle`: this hardware's S3 firmware path
# wakes reliably on stock linux but hard-hangs the hardened kernel
# (INIT_ON_FREE + slab hardening turn a latent driver race fatal).
# Stock linux keeps the minimal etc/kernel/cmdline.tmpl. Register the
# EFI entry once with efibootmgr:
#
#   sudo efibootmgr --create --disk /dev/nvme0n1 --part 1 \
#     --label 'Arch Hardened' --loader '\EFI\Linux\arch-linux-hardened.efi'
#
# Boot it on demand via:  sudo efibootmgr --bootnext XXXX && systemctl reboot

#ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz-linux-hardened"
ALL_cmdline="/etc/kernel/cmdline-linux-hardened"

PRESETS=('default' 'fallback')

default_uki="/boot/EFI/Linux/arch-linux-hardened.efi"

fallback_uki="/boot/EFI/Linux/arch-linux-hardened-fallback.efi"
fallback_options="-S autodetect"