colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/qemu-vm: remove implicit dependency on SSM

Browse Source 
The qemu module shouldn't implicitly (and for all architectures) enable
SSM when enabling Secure Boot.

Additionally, this breaks aarch64 Secure Boot tests because this module
doesn't use the right machine type for anything but X86.
This commit is contained in:
nikstur 2024-03-01 21:06:47 +01:00
parent 99cf2d1e88
commit ce1d1f3e6c
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -877,11 +877,9 @@ in
type = types.package;
default = (pkgs.OVMF.override {
secureBoot = cfg.useSecureBoot;
systemManagementModeRequired = cfg.useSecureBoot;
}).fd;
defaultText = ''(pkgs.OVMF.override {
secureBoot = cfg.useSecureBoot;
systemManagementModeRequired = cfg.useSecureBoot;
}).fd'';
description =
lib.mdDoc "OVMF firmware package, defaults to OVMF configured with secure boot if needed.";
@ -1185,7 +1183,7 @@ in
"-tpmdev emulator,id=tpm_dev_0,chardev=chrtpm"
"-device ${cfg.tpm.deviceModel},tpmdev=tpm_dev_0"
])
(mkIf (cfg.efi.OVMF.systemManagementModeRequired or false) [
(mkIf (pkgs.stdenv.hostPlatform.isx86 && cfg.efi.OVMF.systemManagementModeRequired) [
"-machine" "q35,smm=on"
"-global" "driver=cfi.pflash01,property=secure,value=on"
])