feat(nix): update secure boot and HALO system configuration

- Set `pkiBundle` in `secureboot` to use `mkDefault` for better configurability.
- Added kernel parameters for HALO, improving performance and boot customization.
- Configured ROCm symlink and switched HALO to `linuxPackages_latest`.

modules/nixos/services/secureboot/default.nix

@@ -20,7 +20,7 @@ in
     boot = {
       lanzaboote = {
         enable = true;
-        pkiBundle = "/etc/secureboot";
+        pkiBundle = mkDefault "/etc/secureboot";
       };
       loader.systemd-boot.enable = lib.mkForce false;
     };

systems/x86_64-linux/halo/default.nix

@@ -10,6 +10,22 @@ with lib.metacfg;
     ./hardware-configuration.nix
     ./xremap.nix
   ];
+  boot.lanzaboote.pkiBundle = "/var/lib/sbctl"; 
+  boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
+
+  systemd.tmpfiles.rules = 
+  let
+    rocmEnv = pkgs.symlinkJoin {
+      name = "rocm-combined";
+      paths = with pkgs.rocmPackages; [
+        rocblas
+        hipblas
+        clr
+      ];
+    };
+  in [
+    "L+    /opt/rocm   -    -    -     -    ${rocmEnv}"
+  ];
 
   powerManagement.cpuFreqGovernor = "performance";
 

systems/x86_64-linux/halo/hardware-configuration.nix

@@ -26,6 +26,15 @@
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
+  boot.kernelParams = [
+    "lockdown=confidentiality"
+    "quiet"
+    "splash"
+    "video=efifb:nobgrt"
+    "ttm.pages_limit=31457280"
+    "ttm.page_pool_size=31457280"
+  ];
+
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/d22a1052-f142-44c0-993c-76b15c27b2b3";
     fsType = "ext4";