Most recent nixpkgs and kernel 6.17 on NixOS unstable failing to boot

I have recently updated my flake nixpkgs on NixOS unstable (nix flake info shows github:NixOS/nixpkgs/f61125a668a320878494449750330ca58b78c557?narHash=sha256-BmPWzogsG2GsXZtlT%2BMTcAWeDK5hkbGRZTeZNW42fwA%3D) and am unable to boot.

Initially, I got messages like microcode: No sha256 digest for patch ID: 0xb404035 found as the first messages during the boot process, and after decrypting my drives messages like:

Failed to start create-needed-for-boot-dirs.service.

Failed to mount /sysroot.

Dependency failed for /sysroot/nix.

Dependency failed for Initrd File Systems.

Dependency failed for Find NixOS closure.

Dependency failed for /sysroot/usr/lib/nixos.

Dependency failed for Initrd Root File System.

Dependency failed for /sysroot/persist.

Dependency failed for /sysroot/run

I then updated my BIOS for my Gigabyte X870 Aorus Elite Wifi 7 motherboard from F4 to F8. Initially, I couldn’t even get past the BIOS as the bootloader failed due to an Invalid signature detectederror, it seems the BIOS update turned on Secure Boot.

I turned that off, got past bootloader, and the microcode messages were gone during boot, but after decrypting I still got the failed /sysroot mounting and dependencies.

I have an AMD 9800X3D, and the failing generation is kernel 6.17.10. My last successful generation was with nixpkgs01f116e4df6a15f4ccdffb1bcd41096869fb385 and kernel 6.16.12. I use ZFS.

bootctl status:

System:
      Firmware: UEFI 2.90 (American Megatrends 5.35)
 Firmware Arch: x64
   Secure Boot: disabled
  TPM2 Support: yes
  Measured UKI: no
  Boot into FW: supported

Current Boot Loader:
       Product: systemd-boot 258.2
     Features: ✓ Boot counting
               ✓ Menu timeout control
               ✓ One-shot menu timeout control
               ✓ Default entry control
               ✓ One-shot entry control
               ✓ Support for XBOOTLDR partition
               ✓ Support for passing random seed to OS
               ✓ Load drop-in drivers
               ✓ Support Type #1 sort-key field
               ✓ Support @saved pseudo-entry
               ✓ Support Type #1 devicetree field
               ✓ Enroll SecureBoot keys
               ✓ Retain SHIM protocols
               ✓ Menu can be disabled
               ✓ Multi-Profile UKIs are supported
               ✓ Loader reports network boot URL
               ✓ Support Type #1 uki field
               ✓ Support Type #1 uki-url field
               ✓ Loader reports TPM2 active PCR banks
     Partition: /dev/disk/by-partuuid/a84be96e-a1b2-42e3-a82b-a52758b54d9b
        Loader: └─/boot//EFI/BOOT/BOOTX64.EFI
 Current Entry: nixos-generation-190.conf

Random Seed:
 System Token: not set
       Exists: yes

Available Boot Loaders on ESP:
          ESP: /boot (/dev/disk/by-partuuid/a84be96e-a1b2-42e3-a82b-a52758b54d9b)
         File: ├─/boot//EFI/systemd/systemd-bootx64.efi (systemd-boot 258.2)
               └─/boot//EFI/BOOT/BOOTX64.EFI (systemd-boot 258.2)

Boot Loaders Listed in EFI Variables:
        Title: UEFI OS
           ID: 0x0002
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/a84be96e-a1b2-42e3-a82b-a52758b54d9b
         File: └─/boot//EFI/BOOT/BOOTX64.EFI

        Title: Windows Boot Manager
           ID: 0x0000
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/dfe74d07-ea92-4d44-936b-36430fc3bd3a
         File: └─/boot//EFI/Microsoft/Boot/bootmgfw.efi

Boot Loader Entry Locations:
          ESP: /boot (/dev/disk/by-partuuid/a84be96e-a1b2-42e3-a82b-a52758b54d9b, $BOOT)
       config: /boot//loader/loader.conf
        token: nixos

Default Boot Loader Entry:
         type: Boot Loader Specification Type #1 (.conf)
        title: NixOS (Generation 191 NixOS Yarara 26.05.20251205.f61125a (Linux 6.17.10), built on 2025-12-08)
           id: nixos-generation-191.conf
       source: /boot//loader/entries/nixos-generation-191.conf (on the EFI System Partition)
     sort-key: nixos
      version: Generation 191 NixOS Yarara 26.05.20251205.f61125a (Linux 6.17.10), built on 2025-12-08
   machine-id: df374d06639f492eb6ab076160488b26
        linux: /boot//EFI/nixos/ssphq3589qmdvplivrp28hmbacva6aam-linux-6.17.10-bzImage.efi
       initrd: /boot//EFI/nixos/i5xrjziqn89r436id796qx858n52dlhj-initrd-linux-6.17.10-initrd.efi
      options: init=/nix/store/360l9qp4vwdd3idwcgyxw16phkifyzn2-nixos-system-nixos-26.05.20251205.f61125a/init nohibernate root=fstab loglevel=4 lsm=landlock,yama,bpf nvidia-drm.modeset=1 nvidia-drm.fbdev=1 nvidia.NVreg_OpenRmEnableUnsupportedGpus=1

Any help is appreciated, thanks.

Can you get into a rescue shell and get the output of journalctl --boot, or journalctl --unit create-needed-for-boot-dirs.service?

I don’t think so, after decrypting I get the “You are now in emergency mode” message, but when I press enter it says the root account is locked so I can’t get to the shell. Any other ways I may get to one?

In the boot menu, you can press e, and add rd.systemd.debug_shell. Then, when it goes to emergency mode, press ctrl+alt+f9 to get to a debug shell where you can do things. Alternatively, your nixos config can set boot.initrd.systemd.emergencyAccess to either a hashed password or true for no password.

Thanks for the suggestion. I was able to view these. The first errors come from create-needed-for-boot-dirs.start:

Starting Rollback ZFS datasets to a blank snapshot taken immediately after disko formatting
filesystem 'zroot/root/persist' cannot be mounted using 'mount'
Use 'zfs set mountpoint=legacy' or 'zfs mount zroot/root/persist'
See zfs(8) for more information

This is related to my impermanence configuration.

Immediately after this, it fails to mount /sysroot:

Mounting /sysroot...
filesystem `zroot/root' cannot be mounted using 'mount'
Use 'zfs set mountpoint=legacy' or 'zfs mount zroot/root'
See zfs(8) for more information

The nixpkgs update includes ZFS 2.3.5, I’m wondering if something changed in the newest ZFS version and my previous mount settings no longer work. Here are my impermanence configurations:

# Impermanence
  boot.initrd.systemd.enable = true;
  boot.initrd.systemd.services.rollback = {
    description = "Rollback ZFS datasets to a blank snapshot taken immediately after disko formatting.";
    wantedBy = [
      "initrd.target"
    ];
    after = [
      "zfs-import-zroot.service"
    ];
    before = [
      "sysroot.mount"
    ];
    path = with pkgs; [
      zfs
    ];
    unitConfig.DefaultDependencies = "no";
    serviceConfig.Type = "oneshot";
    script = ''
      zfs rollback -r zroot/root@blank && echo "blank rollback complete" | tee /dev/kmsg
    '';
  };
  fileSystems."/persist".neededForBoot = true;
  environment.persistence."/persist" = {
    directories = [
      "/etc/nixos"
      "/var/lib/nixos"
      "/var/lib/systemd"
      "/var/log/journal/df374d06639f492eb6ab076160488b26"
    ];
    files = [
      "/etc/machine-id"
      "/etc/zfs/zpool.cache"
    ];
  };

I commented this out to try rebooting, but after rebuilding when I entered my password to switch to the new generation Hyprland crashed. Upon rebooting, the generation had not been built. It seems commenting it out breaks something.

I think this is my relevant ZFS info:

zfs list
NAME                 USED  AVAIL  REFER  MOUNTPOINT
zroot                652G  6.49T   192K  none
zroot/root           651G  6.49T  2.54M  /
zroot/root/home      623G  6.49T   623G  /home
zroot/root/nix      28.4G  6.49T  28.4G  /nix
zroot/root/persist  55.9M  6.49T  55.9M  /persist

~
❯ zfs get mountpoint
NAME                PROPERTY    VALUE       SOURCE
zroot               mountpoint  none        local
zroot/root          mountpoint  /           local
zroot/root@blank    mountpoint  -           -
zroot/root/home     mountpoint  /home       local
zroot/root/nix      mountpoint  /nix        local
zroot/root/persist  mountpoint  /persist    local

And this is how I configured my drive with disko when installing:

https://codeberg.org/DJJ/impermanix/src/branch/main/disk-config.nix

I was able to solve this by setting my root, nix, and persist ZFS datasets to legacy mountpoints:

zfs set mountpoint=legacy zroot/root
zfs set mountpoint=legacy zroot/root/nix
zfs set mountpoint=legacy zroot/root/persist