betaboon/uefi.patch Secret

## uefi.patch
diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix
index e313d2b411b..989cf28222d 100644
--- a/nixos/modules/virtualisation/qemu-vm.nix
+++ b/nixos/modules/virtualisation/qemu-vm.nix
@@ -101,13 +104,16 @@ let

         ${if cfg.useEFIBoot then ''
           # VM needs a writable flash BIOS.
-          cp ${bootDisk}/bios.bin $TMPDIR || exit 1
-          chmod 0644 $TMPDIR/bios.bin || exit 1
+          cp ${bootDisk}/efi_firmware.bin $TMPDIR || exit 1
+          cp ${bootDisk}/efi_vars.bin $TMPDIR || exit 1
+          chmod 0444 $TMPDIR/efi_firmware.bin || exit 1
+          chmod 0644 $TMPDIR/efi_vars.bin || exit 1
         '' else ''
         ''}
       '' else ''
       ''}

       cd $TMPDIR
       idx=0
       ${flip concatMapStrings cfg.emptyDiskImages (size: ''
@@ -145,23 +154,40 @@ let
       pkgs.runCommand "nixos-boot-disk"
         { preVM =
             ''
               mkdir $out
               diskImage=$out/disk.img
-              bootFlash=$out/bios.bin
               ${qemu}/bin/qemu-img create -f qcow2 $diskImage "40M"
               ${if cfg.useEFIBoot then ''
-                cp ${pkgs.OVMF-CSM.fd}/FV/OVMF.fd $bootFlash
-                chmod 0644 $bootFlash
+                efiFirmware=$out/efi_firmware.bin
+                efiVars=$out/efi_vars.bin
+                cp ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd $efiFirmware
+                cp ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd $efiVars
+                chmod 0444 $efiFirmware
+                chmod 0644 $efiVars
               '' else ''
               ''}
             '';

           buildInputs = [ pkgs.utillinux ];
           QEMU_OPTS = if cfg.useEFIBoot
-                      then "-pflash $out/bios.bin -nographic -serial pty"
-                      else "-nographic -serial pty";
+            then builtins.concatStringsSep " " [
+              "-nographic"
+              "-drive if=pflash,format=raw,readonly,file=$efiFirmware"
+              "-drive if=pflash,format=raw,file=$efiVars"
+            ]
+            else "-nographic";
         }
         ''
           # Create a /boot EFI partition with 40M and arbitrary but fixed GUIDs for reproducibility
           ${pkgs.gptfdisk}/bin/sgdisk \
             --set-alignment=1 --new=1:34:2047 --change-name=1:BIOSBootPartition --typecode=1:ef02 \
             --set-alignment=512 --largest-new=2 --change-name=2:EFISystem --typecode=2:ef00 \
@@ -192,6 +218,7 @@ let
           # Install GRUB and generate the GRUB boot menu.
           touch /etc/NIXOS
           mkdir -p /nix/var/nix/profiles
+          export USER=root
           ${config.system.build.toplevel}/bin/switch-to-configuration boot

           umount /boot
@@ -509,8 +536,10 @@ in
         "-initrd ${config.system.build.toplevel}/initrd"
         ''-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS"''
       ])
+      # TODO IS THIS EVEN REQUIRED ?
       (mkIf cfg.useEFIBoot [
-        "-pflash $TMPDIR/bios.bin"
+        "-drive if=pflash,format=raw,readonly,file=$TMP/efi_firmware.bin"
+        "-drive if=pflash,format=raw,file=$TMP/efi_vars.bin"
       ])
       (mkIf (!cfg.graphics) [
         "-nographic"
diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
index 50a980aab02..f978fe74c6c 100644
--- a/nixos/tests/installer.nix
+++ b/nixos/tests/installer.nix
@@ -47,7 +47,6 @@ let

         ${optionalString (bootLoader == "refind") ''
           boot.loader.refind.enable = true;
-          boot.loader.refind.installAsRemovable = true; # required as initial nixos-install is run in bios-mode
         ''}

         users.users.alice = {
@@ -84,15 +83,26 @@ let
         qemuFlags =
           (if system == "x86_64-linux" then "-m 768 " else "-m 512 ") +
           (optionalString (system == "x86_64-linux") "-cpu kvm64 ") +
-          (optionalString (system == "aarch64-linux") "-enable-kvm -machine virt,gic-version=host -cpu host ");
+          (optionalString (system == "aarch64-linux") "-enable-kvm -machine virt,gic-version=host -cpu host ") +
+          (optionalString isEfi
+            "-drive if=pflash,format=raw,readonly,file=${pkgs.OVMF.fd}/FV/OVMF_CODE.fd " +
+            "-drive if=pflash,format=raw,file=${pkgs.OVMF.fd}/FV/OVMF_VARS.fd,snapshot=on "
+          );

         hda = "vm-state-machine/machine.qcow2";
         hdaInterface = iface;
-      } // (optionalAttrs isEfi {
-        bios = if pkgs.stdenv.isAarch64
-          then "${pkgs.OVMF.fd}/FV/QEMU_EFI.fd"
-          else "${pkgs.OVMF.fd}/FV/OVMF.fd";
-      })));
+      }));

     in if !isEfi && !(pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then
       throw "Non-EFI boot methods are only supported on i686 / x86_64"
@@ -292,8 +302,14 @@ let
             virtualisation.qemu.diskInterface =
               if grubVersion == 1 then "scsi" else "virtio";

+            virtualisation.useBootLoader = true;
+            virtualisation.useEFIBoot = true;
+
             boot.loader.systemd-boot.enable = mkIf (bootLoader == "systemd-boot") true;
-            boot.loader.refind.enable = mkIf (bootLoader == "refind") true;
+            boot.loader.refind = mkIf (bootLoader == "refind") {
+              enable = true;
+              installAsRemovable = true;
+            };

             hardware.enableAllFirmware = mkForce false;
	diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix
	index e313d2b411b..989cf28222d 100644
	--- a/nixos/modules/virtualisation/qemu-vm.nix
	+++ b/nixos/modules/virtualisation/qemu-vm.nix
	@@ -101,13 +104,16 @@ let

	${if cfg.useEFIBoot then ''
	# VM needs a writable flash BIOS.
	- cp ${bootDisk}/bios.bin $TMPDIR \|\| exit 1
	- chmod 0644 $TMPDIR/bios.bin \|\| exit 1
	+ cp ${bootDisk}/efi_firmware.bin $TMPDIR \|\| exit 1
	+ cp ${bootDisk}/efi_vars.bin $TMPDIR \|\| exit 1
	+ chmod 0444 $TMPDIR/efi_firmware.bin \|\| exit 1
	+ chmod 0644 $TMPDIR/efi_vars.bin \|\| exit 1
	'' else ''
	''}
	'' else ''
	''}

	cd $TMPDIR
	idx=0
	${flip concatMapStrings cfg.emptyDiskImages (size: ''
	@@ -145,23 +154,40 @@ let
	pkgs.runCommand "nixos-boot-disk"
	{ preVM =
	''
	mkdir $out
	diskImage=$out/disk.img
	- bootFlash=$out/bios.bin
	${qemu}/bin/qemu-img create -f qcow2 $diskImage "40M"
	${if cfg.useEFIBoot then ''
	- cp ${pkgs.OVMF-CSM.fd}/FV/OVMF.fd $bootFlash
	- chmod 0644 $bootFlash
	+ efiFirmware=$out/efi_firmware.bin
	+ efiVars=$out/efi_vars.bin
	+ cp ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd $efiFirmware
	+ cp ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd $efiVars
	+ chmod 0444 $efiFirmware
	+ chmod 0644 $efiVars
	'' else ''
	''}
	'';

	buildInputs = [ pkgs.utillinux ];
	QEMU_OPTS = if cfg.useEFIBoot
	- then "-pflash $out/bios.bin -nographic -serial pty"
	- else "-nographic -serial pty";
	+ then builtins.concatStringsSep " " [
	+ "-nographic"
	+ "-drive if=pflash,format=raw,readonly,file=$efiFirmware"
	+ "-drive if=pflash,format=raw,file=$efiVars"
	+ ]
	+ else "-nographic";
	}
	''
	# Create a /boot EFI partition with 40M and arbitrary but fixed GUIDs for reproducibility
	${pkgs.gptfdisk}/bin/sgdisk \
	--set-alignment=1 --new=1:34:2047 --change-name=1:BIOSBootPartition --typecode=1:ef02 \
	--set-alignment=512 --largest-new=2 --change-name=2:EFISystem --typecode=2:ef00 \
	@@ -192,6 +218,7 @@ let
	# Install GRUB and generate the GRUB boot menu.
	touch /etc/NIXOS
	mkdir -p /nix/var/nix/profiles
	+ export USER=root
	${config.system.build.toplevel}/bin/switch-to-configuration boot

	umount /boot
	@@ -509,8 +536,10 @@ in
	"-initrd ${config.system.build.toplevel}/initrd"
	''-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo}/registration ${consoles} $QEMU_KERNEL_PARAMS"''
	])
	+ # TODO IS THIS EVEN REQUIRED ?
	(mkIf cfg.useEFIBoot [
	- "-pflash $TMPDIR/bios.bin"
	+ "-drive if=pflash,format=raw,readonly,file=$TMP/efi_firmware.bin"
	+ "-drive if=pflash,format=raw,file=$TMP/efi_vars.bin"
	])
	(mkIf (!cfg.graphics) [
	"-nographic"
	diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
	index 50a980aab02..f978fe74c6c 100644
	--- a/nixos/tests/installer.nix
	+++ b/nixos/tests/installer.nix
	@@ -47,7 +47,6 @@ let

	${optionalString (bootLoader == "refind") ''
	boot.loader.refind.enable = true;
	- boot.loader.refind.installAsRemovable = true; # required as initial nixos-install is run in bios-mode
	''}

	users.users.alice = {
	@@ -84,15 +83,26 @@ let
	qemuFlags =
	(if system == "x86_64-linux" then "-m 768 " else "-m 512 ") +
	(optionalString (system == "x86_64-linux") "-cpu kvm64 ") +
	- (optionalString (system == "aarch64-linux") "-enable-kvm -machine virt,gic-version=host -cpu host ");
	+ (optionalString (system == "aarch64-linux") "-enable-kvm -machine virt,gic-version=host -cpu host ") +
	+ (optionalString isEfi
	+ "-drive if=pflash,format=raw,readonly,file=${pkgs.OVMF.fd}/FV/OVMF_CODE.fd " +
	+ "-drive if=pflash,format=raw,file=${pkgs.OVMF.fd}/FV/OVMF_VARS.fd,snapshot=on "
	+ );

	hda = "vm-state-machine/machine.qcow2";
	hdaInterface = iface;
	- } // (optionalAttrs isEfi {
	- bios = if pkgs.stdenv.isAarch64
	- then "${pkgs.OVMF.fd}/FV/QEMU_EFI.fd"
	- else "${pkgs.OVMF.fd}/FV/OVMF.fd";
	- })));
	+ }));

	in if !isEfi && !(pkgs.stdenv.isi686 \|\| pkgs.stdenv.isx86_64) then
	throw "Non-EFI boot methods are only supported on i686 / x86_64"
	@@ -292,8 +302,14 @@ let
	virtualisation.qemu.diskInterface =
	if grubVersion == 1 then "scsi" else "virtio";

	+ virtualisation.useBootLoader = true;
	+ virtualisation.useEFIBoot = true;
	+
	boot.loader.systemd-boot.enable = mkIf (bootLoader == "systemd-boot") true;
	- boot.loader.refind.enable = mkIf (bootLoader == "refind") true;
	+ boot.loader.refind = mkIf (bootLoader == "refind") {
	+ enable = true;
	+ installAsRemovable = true;
	+ };

	hardware.enableAllFirmware = mkForce false;