{
  lib,
  config,
  pkgs,
  machineProps,
  ...
}:
with lib;
{
  options.enableSystemdBoot = mkOption {
    type = types.bool;
    default = true;
    example = false;
    description = ''
      Whether or not enable the default systemd boot system.
      Can be useful for devices using u-boot.
    '';
  };

  config.environment.systemPackages = lib.mkIf config.enableSystemdBoot [ pkgs.sbctl ];
  config.boot =
    {
      loader.systemd-boot.enable = false;
    }
    // (
      if config.enableSystemdBoot then
        {
          lanzaboote = {
            enable = true;
            pkiBundle = "/etc/secureboot";
          };
        }
      else
        { }
    );
}