diff --git a/hosts/nas/boot.nix b/hosts/nas/boot.nix
index 121eba6..6439577 100755
--- a/hosts/nas/boot.nix
+++ b/hosts/nas/boot.nix
@@ -9,7 +9,7 @@ in
     kernelModules = [ "nct6775" ];
     loader = {
       systemd-boot = {
-        enable = true;
+        enable = false;
         configurationLimit = configLimit;
       };
 
@@ -17,6 +17,15 @@ in
         canTouchEfiVariables = true;
         efiSysMountPoint = "/boot";
       };
+
+      lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+        settings = {
+          console-mode = "max";
+        };
+        configurationLimit = configLimit;
+      };
     };
 
     kernel.sysctl = {