diff options
author | nikstur <nikstur@outlook.com> | 2024-03-02 21:04:12 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-02 21:04:12 +0100 |
commit | b6401f808a81578655d4745760379cd621cf97b9 (patch) | |
tree | ba8a149402cb96e160acb981780fe059dfa6f48d /nixos | |
parent | 025c5d860b78c4eafa0362e467a451e681c86c1f (diff) | |
parent | ee2a53dc86295b4169b8378c8c3688c31ad28597 (diff) |
Merge pull request #292636 from RaitoBezarius/smm-works-for-something-else-than-x86-actually
OVMF: remove invalid `assert` on SMM
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/virtualisation/qemu-vm.nix | 4 | ||||
-rw-r--r-- | nixos/tests/systemd-boot.nix | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 75ba6dacc122c..b5a8b08eee70d 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -877,11 +877,9 @@ in type = types.package; default = (pkgs.OVMF.override { secureBoot = cfg.useSecureBoot; - systemManagementModeRequired = cfg.useSecureBoot; }).fd; defaultText = ''(pkgs.OVMF.override { secureBoot = cfg.useSecureBoot; - systemManagementModeRequired = cfg.useSecureBoot; }).fd''; description = lib.mdDoc "OVMF firmware package, defaults to OVMF configured with secure boot if needed."; @@ -1185,7 +1183,7 @@ in "-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm" "-device ${cfg.tpm.deviceModel},tpmdev=tpm_dev_0" ]) - (mkIf (cfg.efi.OVMF.systemManagementModeRequired or false) [ + (mkIf (pkgs.stdenv.hostPlatform.isx86 && cfg.efi.OVMF.systemManagementModeRequired) [ "-machine" "q35,smm=on" "-global" "driver=cfi.pflash01,property=secure,value=on" ]) diff --git a/nixos/tests/systemd-boot.nix b/nixos/tests/systemd-boot.nix index 1b7e83253e59e..90a8769592b6a 100644 --- a/nixos/tests/systemd-boot.nix +++ b/nixos/tests/systemd-boot.nix @@ -115,15 +115,17 @@ in virtualisation.useSecureBoot = true; }; - testScript = '' + testScript = let + efiArch = pkgs.stdenv.hostPlatform.efiArch; + in { nodes, ... }: '' machine.start(allow_reboot=True) machine.wait_for_unit("multi-user.target") machine.succeed("sbctl create-keys") machine.succeed("sbctl enroll-keys --yes-this-might-brick-my-machine") - machine.succeed('sbctl sign /boot/EFI/systemd/systemd-bootx64.efi') - machine.succeed('sbctl sign /boot/EFI/BOOT/BOOTX64.EFI') - machine.succeed('sbctl sign /boot/EFI/nixos/*bzImage.efi') + machine.succeed('sbctl sign /boot/EFI/systemd/systemd-boot${efiArch}.efi') + machine.succeed('sbctl sign /boot/EFI/BOOT/BOOT${toUpper efiArch}.EFI') + machine.succeed('sbctl sign /boot/EFI/nixos/*${nodes.machine.system.boot.loader.kernelFile}.efi') machine.reboot() |