diff --git a/modules/nixos/services/secureboot/default.nix b/modules/nixos/services/secureboot/default.nix
index 6c88bc0..c7409f6 100644
--- a/modules/nixos/services/secureboot/default.nix
+++ b/modules/nixos/services/secureboot/default.nix
@@ -20,7 +20,7 @@ in
     boot = {
       lanzaboote = {
         enable = true;
-        pkiBundle = "/etc/secureboot";
+        pkiBundle = mkDefault "/etc/secureboot";
       };
       loader.systemd-boot.enable = lib.mkForce false;
     };
diff --git a/systems/x86_64-linux/halo/default.nix b/systems/x86_64-linux/halo/default.nix
index 798e99c..1a1115e 100644
--- a/systems/x86_64-linux/halo/default.nix
+++ b/systems/x86_64-linux/halo/default.nix
@@ -10,6 +10,22 @@ with lib.metacfg;
     ./hardware-configuration.nix
     ./xremap.nix
   ];
+  boot.lanzaboote.pkiBundle = "/var/lib/sbctl"; 
+  boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
+
+  systemd.tmpfiles.rules = 
+  let
+    rocmEnv = pkgs.symlinkJoin {
+      name = "rocm-combined";
+      paths = with pkgs.rocmPackages; [
+        rocblas
+        hipblas
+        clr
+      ];
+    };
+  in [
+    "L+    /opt/rocm   -    -    -     -    ${rocmEnv}"
+  ];
 
   powerManagement.cpuFreqGovernor = "performance";
 
diff --git a/systems/x86_64-linux/halo/hardware-configuration.nix b/systems/x86_64-linux/halo/hardware-configuration.nix
index 1558c0c..16d059a 100644
--- a/systems/x86_64-linux/halo/hardware-configuration.nix
+++ b/systems/x86_64-linux/halo/hardware-configuration.nix
@@ -26,6 +26,15 @@
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
+  boot.kernelParams = [
+    "lockdown=confidentiality"
+    "quiet"
+    "splash"
+    "video=efifb:nobgrt"
+    "ttm.pages_limit=31457280"
+    "ttm.page_pool_size=31457280"
+  ];
+
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/d22a1052-f142-44c0-993c-76b15c27b2b3";
     fsType = "ext4";