Refactor secure boot initialization: remove initsecureboot, integrate into initefi, and update drive references to use ovmfcodesb

dist/archlinux/PKGBUILD

@@ -1,24 +0,0 @@
-# Maintainer: MatMoul <matmoul@gmail.com>
-
-pkgname=bootdisk
-pkgver=0.1
-pkgrel=1
-pkgdesc="Simple command to boot device with QEMU/KVM"
-arch=('any')
-url="https://github.com/MatMoul/bootdisk"
-license=('GPL3')
-depends=('qemu' 'edk2-ovmf' 'swtpm')
-provides=("bootdisk=${pkgver}")
-source=("git://github.com/MatMoul/${pkgname}.git")
-#source=("git://github.com/MatMoul/${pkgname}.git#branch=")
-md5sums=('SKIP')
-
-build() {
-	cd ${pkgname}
-}
-
-package() {
-	cd ${pkgname}
-	install -Dm755 "src/bootdisk" "${pkgdir}/usr/bin/bootdisk"
-	install -Dm644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-}

src/bootdisk

@@ -14,27 +14,23 @@ qemuworkdirpersistent=
 diskoverlay=
 bootcmd=bootefi
 
-ovmfcode=/usr/share/edk2-ovmf/x64/OVMF_CODE.fd
+ovmfcode=/usr/share/edk2-ovmf/x64/OVMF_CODE.4m.fd
-ovmfcodesb=/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.fd
+ovmfcodesb=/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.4m.fd
-ovmfvars=/usr/share/edk2-ovmf/x64/OVMF_VARS.fd
+ovmfvars=/usr/share/edk2-ovmf/x64/OVMF_VARS.4m.fd
 
+initefi(){
+	if [[ ! -f ${qemuworkdir}/OVMF_VARS.fd ]]; then
+		cp ${ovmfvars} ${qemuworkdir}/OVMF_VARS.fd
+	fi
+}
 inittpm(){
 	swtpm socket \
 		--tpm2 \
 		--tpmstate dir=${qemuworkdir} \
 		--ctrl type=unixio,path=${qemuworkdir}/swtpm-sock &
 }
-initsecureboot(){
-	if [[ ! -f ${qemuworkdir}/OVMF_CODE.secboot.fd ]]; then
-		cp ${ovmfcodesb} ${qemuworkdir}/OVMF_CODE.secboot.fd
-	fi
-	if [[ ! -f ${qemuworkdir}/OVMF_VARS.fd ]]; then
-		cp ${ovmfvars} ${qemuworkdir}/OVMF_VARS.fd
-	fi
-}
 initbootargs(){
 	bootargs="-boot menu=on,strict=on,reboot-timeout=1000 "
-	bootargs+="-no-hpet "
 	bootargs+="-rtc base=${qemurtcbase} "
 	bootargs+="-cpu host "
 	bootargs+="-smp cores=${qemucpucores} "
@@ -57,21 +53,27 @@ bootbios(){
 bootefi(){
 	echo "Booting EFI..."
 	initbootargs
+	initefi
 	${qemubin} \
 		-bios ${ovmfcode} \
 		${bootargs} \
 		-machine accel=kvm \
+		-drive if=pflash,format=raw,unit=0,file=${ovmfcode},readonly=on \
+		-drive if=pflash,format=raw,unit=1,file=${qemuworkdir}/OVMF_VARS.fd \
 		${qemusrctype} ${qemusrc} \
 		${qemusdb}
 }
 bootefitpm(){
 	echo "Booting EFI + TPM..."
+	initefi
 	inittpm
 	initbootargs
 	${qemubin} \
 		-bios ${ovmfcode} \
 		${bootargs} \
 		-machine accel=kvm \
+		-drive if=pflash,format=raw,unit=0,file=${ovmfcode},readonly=on \
+		-drive if=pflash,format=raw,unit=1,file=${qemuworkdir}/OVMF_VARS.fd \
 		-chardev socket,id=tpmchar,path=${qemuworkdir}/swtpm-sock \
 		-tpmdev emulator,id=tpmdev,chardev=tpmchar \
 		-device tpm-tis,tpmdev=tpmdev \
@@ -80,8 +82,8 @@ bootefitpm(){
 }
 bootefisec(){
 	echo "Booting EFI + TPM + Secure boot..."
+	initefi
 	inittpm
-	initsecureboot
 	initbootargs
 	${qemubin} \
 		-bios ${ovmfcode} \
@@ -89,7 +91,7 @@ bootefisec(){
 		-machine type=q35,smm=on,accel=kvm \
 		-global driver=cfi.pflash01,property=secure,value=on \
 		-global ICH9-LPC.disable_s3=1 \
-		-drive if=pflash,format=raw,unit=0,file=${qemuworkdir}/OVMF_CODE.secboot.fd,readonly=on \
+		-drive if=pflash,format=raw,unit=0,file=${ovmfcodesb},readonly=on \
 		-drive if=pflash,format=raw,unit=1,file=${qemuworkdir}/OVMF_VARS.fd \
 		-chardev socket,id=tpmchar,path=${qemuworkdir}/swtpm-sock \
 		-tpmdev emulator,id=tpmdev,chardev=tpmchar \