From fe347240f550320653ededb7661e42c0a018b08b Mon Sep 17 00:00:00 2001 From: Astro Date: Wed, 24 May 2023 01:12:51 +0200 Subject: [PATCH] enable secureboot --- wfvm/autounattend.nix | 6 +----- wfvm/utils.nix | 8 ++++++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/wfvm/autounattend.nix b/wfvm/autounattend.nix index e73636f..065c8fd 100644 --- a/wfvm/autounattend.nix +++ b/wfvm/autounattend.nix @@ -155,14 +155,10 @@ let 2 - reg add HKLM\System\Setup\LabConfig /v BypassSecureBootCheck /t reg_dword /d 0x00000001 /f - - - 3 reg add HKLM\System\Setup\LabConfig /v BypassRAMCheck /t reg_dword /d 0x00000001 /f - 5 + 3 reg add HKLM\System\Setup\LabConfig /v BypassCPUCheck /t reg_dword /d 0x00000001 /f diff --git a/wfvm/utils.nix b/wfvm/utils.nix index 7138d0b..fa5ea78 100644 --- a/wfvm/utils.nix +++ b/wfvm/utils.nix @@ -4,18 +4,22 @@ rec { # qemu_test is a smaller closure only building for a single system arch qemu = pkgs.qemu; + OVMF = pkgs.OVMF.override { + secureBoot = true; + }; + mkQemuFlags = extraFlags: [ "-enable-kvm" "-cpu host" "-smp ${cores}" "-m ${qemuMem}" - "-M q35" + "-M q35,smm=on" "-vga qxl" "-rtc base=${baseRtc}" "-device qemu-xhci" "-device virtio-net-pci,netdev=n1" ] ++ pkgs.lib.optionals efi [ - "-bios ${pkgs.OVMF.fd}/FV/OVMF.fd" + "-bios ${OVMF.fd}/FV/OVMF.fd" ] ++ extraFlags; # Pass empty config file to prevent ssh from failing to create ~/.ssh