diff --git a/flake.nix b/flake.nix
index 5c5a331..de4adce 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,7 +27,7 @@
     };
 
     lanzaboote = {
-      url = "github:nix-community/lanzaboote/v0.4.3";
+      url = "github:nix-community/lanzaboote/v1.0.0";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -178,12 +178,6 @@
           lanzaboote.nixosModules.lanzaboote
 
           nixos-hardware.nixosModules.dell-xps-13-9370
-
-          sops-nix.nixosModules.sops
-
-          lanzaboote.nixosModules.lanzaboote
-
-          nixos-hardware.nixosModules.dell-xps-13-9370
         ];
       };
 
diff --git a/hosts/legolas/hardware-configuration.nix b/hosts/legolas/hardware-configuration.nix
index 8e1b665..c5f4fbe 100644
--- a/hosts/legolas/hardware-configuration.nix
+++ b/hosts/legolas/hardware-configuration.nix
@@ -61,11 +61,11 @@
 
   # Disable hibernation
   systemd.sleep = {
-    extraConfig = ''
-      AllowHibernation=no
-      AllowHybridSleep=no
-      AllowSuspendThenHibernate=no
-    '';
+    settings.Sleep = {
+      AllowHibernation="no";
+      AllowHybridSleep="no";
+      AllowSuspendThenHibernate="no";
+    };
   };
 
   # Disable PCIe wakeups
diff --git a/modules/boot.nix b/modules/boot.nix
index 9d03e45..64eb276 100644
--- a/modules/boot.nix
+++ b/modules/boot.nix
@@ -37,8 +37,12 @@
   boot.loader.grub.enable = lib.mkForce false;
   boot.lanzaboote = {
     enable = true;
-    #pkiBundle = "/etc/secureboot"; # old way. use sbctl setup --migrate
-    pkiBundle = "/var/lib/sbctl"; # sudo sbctl create-keys
+    pkiBundle = "/var/lib/sbctl";
+    autoGenerateKeys.enable = true;
+    autoEnrollKeys = {
+      enable = true;
+      includeMicrosoftKeys = true;
+    };
   };
 
   # TPM-based LUKS unlock put in hardware configuration.nix.