From 49519cb289a6d1304d5047d6636a590da84fafe7 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Fri, 25 Nov 2022 03:04:44 +0100
Subject: [PATCH] nixos: secureboot reached

---
 flake.nix                    | 6 ++++--
 rust/lanzatool/src/signer.rs | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/flake.nix b/flake.nix
index 808bd61..6a8217c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -154,6 +154,8 @@
           })
           pkgs.sbsigntool
           pkgs.efitools
+          pkgs.python39Packages.ovmfvartool
+          pkgs.qemu
         ];
 
         inputsFrom = [
@@ -176,7 +178,7 @@
             virtualisation = {
               useBootLoader = true;
               useEFIBoot = true;
-              useSecureBoot = false;
+              useSecureBoot = true;
             };
 
             boot.loader.efi = {
@@ -192,7 +194,7 @@
           };
           testScript = ''
             machine.start()
-            machine.shutdown()
+            print(machine.succeed("bootctl status"))
           '';
         };
       };
diff --git a/rust/lanzatool/src/signer.rs b/rust/lanzatool/src/signer.rs
index b7c9f92..d47b85c 100644
--- a/rust/lanzatool/src/signer.rs
+++ b/rust/lanzatool/src/signer.rs
@@ -13,8 +13,8 @@ impl<'a> Signer<'a> {
     pub fn new(signer: &Path, public_key: &'a Path, private_key: &'a Path) -> Self {
         Self {
             sbsigntool: signer.to_path_buf(),
-            public_key: public_key,
-            private_key: private_key
+            public_key,
+            private_key
         }
     }
 
@@ -24,6 +24,8 @@ impl<'a> Signer<'a> {
             String::from(self.private_key.to_str().unwrap()),
             String::from("--cert"),
             String::from(self.public_key.to_str().unwrap()),
+            String::from(filepath.to_str().unwrap()),
+            String::from("--output"),
             String::from(filepath.to_str().unwrap())
         ];