gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OVMF: Add test with secure boot enabled

Browse Source 
Co-authored-by: Arthur Gautier <arthur.gautier@arista.com>
This commit is contained in:
Shea Levy
2024-02-04 08:28:30 -05:00
parent 4673ad7254
commit 9188bb5186
4 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/modules/virtualisation/qemu-vm.nix
View File

@@ -877,9 +877,11 @@ in
type = types.package;
default = (pkgs.OVMF.override {
secureBoot = cfg.useSecureBoot;
systemManagementModeRequired = cfg.useSecureBoot;
}).fd;
defaultText = ''(pkgs.OVMF.override {
secureBoot = cfg.useSecureBoot;
systemManagementModeRequired = cfg.useSecureBoot;
}).fd'';
description =
lib.mdDoc "OVMF firmware package, defaults to OVMF configured with secure boot if needed.";
@@ -1183,6 +1185,10 @@ in
"-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm"
"-device ${cfg.tpm.deviceModel},tpmdev=tpm_dev_0"
])
(mkIf (cfg.efi.OVMF.systemManagementModeRequired or false) [
"-machine" "q35,smm=on"
"-global" "driver=cfi.pflash01,property=secure,value=on"
])
];
virtualisation.qemu.drives = mkMerge [