{
  inputs,
  outputs,
  config,
  lib,
  pkgs,
  ...
}:
let
  configLimit = 5;
  kernel = pkgs.linuxPackages_latest;
in
{
  # Configure bootloader with lanzaboot and secureboot
  boot = {
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = configLimit;
      };

      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };

    # Override kernel to latest
    kernelPackages = kernel;

    kernelParams = [
      "nohibernate"
      "amd_pstate=active"
    ];

    consoleLogLevel = 3;
    bootspec.enable = true;

    initrd = {
      kernelModules = [
        "tpm"
        "tpm_tis"
        "tpm_crb"
        "tpm_infineon"
      ];
      systemd = {
        enable = true;
        enableTpm2 = true;
      };
    };
  };
}