Merge pull request #241 from nix-community/pin-edk2-202305

Pin EDK2 202305

flake.lock

@@ -2,25 +2,16 @@
   "nodes": {
     "crane": {
       "inputs": {
-        "flake-compat": [
-          "flake-compat"
-        ],
-        "flake-utils": [
-          "flake-utils"
-        ],
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "rust-overlay": [
-          "rust-overlay"
         ]
       },
       "locked": {
-        "lastModified": 1688772518,
+        "lastModified": 1697677553,
-        "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=",
+        "narHash": "sha256-ozj7HFo/1iQdzZ2U6tHP4QBW59eUbDZ/5HI8lLe9wos=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e",
+        "rev": "bc5fa8cd53ef32b9b827f24b993c42a8c4dd913b",
         "type": "github"
       },
       "original": {
@@ -32,11 +23,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
+        "lastModified": 1696426674,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -52,11 +43,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1688466019,
+        "lastModified": 1696343447,
-        "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=",
+        "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec",
+        "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4",
         "type": "github"
       },
       "original": {
@@ -70,11 +61,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1689068808,
+        "lastModified": 1694529238,
-        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
         "type": "github"
       },
       "original": {
@@ -106,11 +97,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1695859332,
+        "lastModified": 1697713104,
-        "narHash": "sha256-w2a7NW3VtI5FgFPUKslYRGAj5Qb7y4i0I2QO0S/lBMQ=",
+        "narHash": "sha256-DN7YOyKMCpAVeZ44N42LrujtTkoerkS9+kTufQiuntY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "248a83fffc10b627da67fa6b25d2c13fc7542628",
+        "rev": "6be2c349a30fcb489a3153dd331e9df387ab6449",
         "type": "github"
       },
       "original": {
@@ -151,11 +142,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1689668210,
+        "lastModified": 1696846637,
-        "narHash": "sha256-XAATwDkaUxH958yXLs1lcEOmU6pSEIkatY3qjqk8X0E=",
+        "narHash": "sha256-0hv4kbXxci2+pxhuXlVgftj/Jq79VSmtAyvfabCCtYk=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "eb433bff05b285258be76513add6f6c57b441775",
+        "rev": "42e1b6095ef80a51f79595d9951eb38e91c4e6ca",
         "type": "github"
       },
       "original": {
@@ -185,11 +176,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694657451,
+        "lastModified": 1697681535,
-        "narHash": "sha256-cRZa9ZmUi0EFKcmzpsOXLVhiMQD8XLrku8v+U1YiGm8=",
+        "narHash": "sha256-vVkqg+qTgTQ/YEreZyi/eyxoj26yyowI4/5ffTGT90w=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "7c4f46f0b3597e3c4663285e6794194e55574879",
+        "rev": "d5977a020c216526144dbf08ab0825b6c1121593",
         "type": "github"
       },
       "original": {

flake.nix

@@ -21,9 +21,6 @@
     crane = {
       url = "github:ipetkov/crane";
       inputs.nixpkgs.follows = "nixpkgs";
-      inputs.rust-overlay.follows = "rust-overlay";
-      inputs.flake-utils.follows = "flake-utils";
-      inputs.flake-compat.follows = "flake-compat";
     };
 
     rust-overlay = {

nix/tests/lanzaboote.nix

@@ -86,8 +86,7 @@ let
         ${testScript}
       '';
 
-
+      nodes.machine = { pkgs, lib, ... }: {
-      nodes.machine = { lib, ... }: {
         imports = [
           lanzabooteModule
           machine
@@ -97,11 +96,35 @@ let
           useBootLoader = true;
           useEFIBoot = true;
 
-          efi.OVMF = pkgs.OVMF.override {
+          # We actually only want to enable features in OVMF, but at
-            secureBoot = useSecureBoot;
+          # the moment edk2 202308 is also broken. So we downgrade it
-            tpmSupport = useTPM2; # This is needed otherwise OVMF won't initialize the TPM2 protocol.
+          # here as well. How painful!
-          };
+          #
+          # See #240.
+          efi.OVMF =
+            let
+              edk2Version = "202305";
+              edk2Src = pkgs.fetchFromGitHub {
+                owner = "tianocore";
+                repo = "edk2";
+                rev = "edk2-stable${edk2Version}";
+                fetchSubmodules = true;
+                hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";
+              };
 
+              edk2 = pkgs.edk2.overrideAttrs (old: rec {
+                version = edk2Version;
+                src = edk2Src;
+              });
+            in
+            (pkgs.OVMF.override {
+              secureBoot = useSecureBoot;
+              tpmSupport = useTPM2; # This is needed otherwise OVMF won't initialize the TPM2 protocol.
+
+              edk2 = edk2;
+            }).overrideAttrs (old: {
+              src = edk2Src;
+            });
 
           qemu.options = lib.mkIf useTPM2 [
             "-chardev socket,id=chrtpm,path=${tpmSocketPath}"