From 61beed4911f2fa8028829250b6890391c4089561 Mon Sep 17 00:00:00 2001
From: Frantisek Bohacek <rutherther@proton.me>
Date: Tue, 5 Dec 2023 14:46:04 +0100
Subject: [PATCH] feat(qemu): add uefi secure boot support

---
 modules/desktop/virtualisation/qemu.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/modules/desktop/virtualisation/qemu.nix b/modules/desktop/virtualisation/qemu.nix
index 8d6c24e..f494359 100644
--- a/modules/desktop/virtualisation/qemu.nix
+++ b/modules/desktop/virtualisation/qemu.nix
@@ -13,6 +13,8 @@
       enable = true;                          # Virtual drivers
       #qemuPackage = pkgs.qemu_kvm;           # Default
       qemu = {
+        ovmf.enable = true;
+        ovmf.packages = [ pkgs.OVMFFull.fd ];
         verbatimConfig = ''
          nvram = [ "${pkgs.OVMF}/FV/OVMF.fd:${pkgs.OVMF}/FV/OVMF_VARS.fd" ]
         '';
@@ -22,7 +24,18 @@
     spiceUSBRedirection.enable = true;        # USB passthrough
   };
 
+
   environment = {
+    etc = {
+      "ovmf/edk2-x86_64-secure-code.fd" = {
+        source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-x86_64-secure-code.fd";
+      };
+
+      "ovmf/edk2-i386-vars.fd" = {
+        source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-i386-vars.fd";
+      };
+    };
+
     systemPackages = with pkgs; [
       virt-manager
       virt-viewer
-- 
2.48.1