From 429ac598a3336b8e67d9a8894b2d83609963fbe8 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Sun, 22 Mar 2026 01:18:33 -0400
Subject: [PATCH] boot: disable canTouchEfiVariables due to corruption issue

This gave me a lot of panic and grief. JetKVM got NO monitor output
I was panicing and away from home. Was awful. After letting it sit off
for a few hours it fixed itself, inline with nvram state draining over
time.
---
 configuration.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/configuration.nix b/configuration.nix
index 5b5ea80..26602a5 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -129,7 +129,10 @@
 
     loader = {
       # Use the systemd-boot EFI boot loader.
-      efi.canTouchEfiVariables = true;
+      # Disabled: ASRock B550M Pro4 AMI UEFI hangs on POST when NixOS
+      # writes EFI variables (NVRAM corruption). Lanzaboote boot entries
+      # are discovered via BLS Type #2 on the ESP, so this is not needed.
+      efi.canTouchEfiVariables = false;
 
       # 1s timeout
       timeout = 1;