{ lib, pkgs, ... }:
{
  boot = {
    loader.systemd-boot.enable = lib.mkForce false;
    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
      configurationLimit = 10;
      settings = {
        editor = false;
      };
    };
    loader.efi.canTouchEfiVariables = true;
    bootspec.enable = true;
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = [
      "amdgpu.sg_display=0"
      "resume_offset=533760"
    ];

    resumeDevice = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
    tmp.useTmpfs = true;
    kernel.sysctl = {
      "vm.max_map_count" = 262144;
    };
  };

  environment.systemPackages = with pkgs; [
    efibootmgr
  ];
}