diff --git a/flake.lock b/flake.lock index 8be1779..5e60451 100644 --- a/flake.lock +++ b/flake.lock @@ -2,25 +2,16 @@ "nodes": { "crane": { "inputs": { - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], "nixpkgs": [ "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" ] }, "locked": { - "lastModified": 1688772518, - "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=", + "lastModified": 1697677553, + "narHash": "sha256-ozj7HFo/1iQdzZ2U6tHP4QBW59eUbDZ/5HI8lLe9wos=", "owner": "ipetkov", "repo": "crane", - "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e", + "rev": "bc5fa8cd53ef32b9b827f24b993c42a8c4dd913b", "type": "github" }, "original": { @@ -32,11 +23,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -52,11 +43,11 @@ ] }, "locked": { - "lastModified": 1688466019, - "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", + "lastModified": 1696343447, + "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", + "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4", "type": "github" }, "original": { @@ -70,11 +61,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -106,11 +97,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1695859332, - "narHash": "sha256-w2a7NW3VtI5FgFPUKslYRGAj5Qb7y4i0I2QO0S/lBMQ=", + "lastModified": 1697713104, + "narHash": "sha256-DN7YOyKMCpAVeZ44N42LrujtTkoerkS9+kTufQiuntY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "248a83fffc10b627da67fa6b25d2c13fc7542628", + "rev": "6be2c349a30fcb489a3153dd331e9df387ab6449", "type": "github" }, "original": { @@ -151,11 +142,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1689668210, - "narHash": "sha256-XAATwDkaUxH958yXLs1lcEOmU6pSEIkatY3qjqk8X0E=", + "lastModified": 1696846637, + "narHash": "sha256-0hv4kbXxci2+pxhuXlVgftj/Jq79VSmtAyvfabCCtYk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "eb433bff05b285258be76513add6f6c57b441775", + "rev": "42e1b6095ef80a51f79595d9951eb38e91c4e6ca", "type": "github" }, "original": { @@ -185,11 +176,11 @@ ] }, "locked": { - "lastModified": 1694657451, - "narHash": "sha256-cRZa9ZmUi0EFKcmzpsOXLVhiMQD8XLrku8v+U1YiGm8=", + "lastModified": 1697681535, + "narHash": "sha256-vVkqg+qTgTQ/YEreZyi/eyxoj26yyowI4/5ffTGT90w=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "7c4f46f0b3597e3c4663285e6794194e55574879", + "rev": "d5977a020c216526144dbf08ab0825b6c1121593", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 336ca75..2e1abdd 100644 --- a/flake.nix +++ b/flake.nix @@ -21,9 +21,6 @@ crane = { url = "github:ipetkov/crane"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - inputs.flake-utils.follows = "flake-utils"; - inputs.flake-compat.follows = "flake-compat"; }; rust-overlay = { diff --git a/nix/tests/lanzaboote.nix b/nix/tests/lanzaboote.nix index e1888d3..3599e79 100644 --- a/nix/tests/lanzaboote.nix +++ b/nix/tests/lanzaboote.nix @@ -86,8 +86,7 @@ let ${testScript} ''; - - nodes.machine = { lib, ... }: { + nodes.machine = { pkgs, lib, ... }: { imports = [ lanzabooteModule machine @@ -97,11 +96,35 @@ let useBootLoader = true; useEFIBoot = true; - efi.OVMF = pkgs.OVMF.override { - secureBoot = useSecureBoot; - tpmSupport = useTPM2; # This is needed otherwise OVMF won't initialize the TPM2 protocol. - }; + # We actually only want to enable features in OVMF, but at + # the moment edk2 202308 is also broken. So we downgrade it + # here as well. How painful! + # + # See #240. + efi.OVMF = + let + edk2Version = "202305"; + edk2Src = pkgs.fetchFromGitHub { + owner = "tianocore"; + repo = "edk2"; + rev = "edk2-stable${edk2Version}"; + fetchSubmodules = true; + hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s="; + }; + edk2 = pkgs.edk2.overrideAttrs (old: rec { + version = edk2Version; + src = edk2Src; + }); + in + (pkgs.OVMF.override { + secureBoot = useSecureBoot; + tpmSupport = useTPM2; # This is needed otherwise OVMF won't initialize the TPM2 protocol. + + edk2 = edk2; + }).overrideAttrs (old: { + src = edk2Src; + }); qemu.options = lib.mkIf useTPM2 [ "-chardev socket,id=chrtpm,path=${tpmSocketPath}"