From bb708e3e61102caef9337c45f29b033dfd2b4ebe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 26 Mar 2025 10:37:38 +0100
Subject: [PATCH] feat(image): parameter to include microcode and secureboot

---
 flake.nix              |  4 +++-
 pkgs/image/default.nix | 14 ++++++++++----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/flake.nix b/flake.nix
index 9e92cc8..99fce5b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,12 +18,14 @@
         pkgs = import nixpkgs { inherit system; };
         patosPkgs = self.packages.${system};
         version = "0.0.1";
+        secureBoot = "false";
+        cpuArch = "intel";
         updateUrl = "http://10.0.2.2:8000/";
       in
       {
         packages = {
           default = patosPkgs.image;
-          image = pkgs.callPackage ./pkgs/image { inherit patosPkgs version updateUrl; };
+          image = pkgs.callPackage ./pkgs/image { inherit patosPkgs version updateUrl cpuArch secureBoot; };
           rootfs = pkgs.callPackage ./pkgs/rootfs/mkrootfs.nix { inherit patosPkgs version; };
           initrd = pkgs.callPackage ./pkgs/rootfs/mkinitrd.nix { inherit patosPkgs version; };
           kernel = pkgs.callPackage ./pkgs/kernel { };
diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index a248a09..05d9c72 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -1,16 +1,21 @@
 {
+  lib,
   pkgs,
   patosPkgs,
   version,
   runCommand,
-  updateUrl
+  updateUrl,
+  cpuArch ? "",
+  secureBoot ? "false"
 }:
 let
   pname = "patos-image";
 in
 runCommand pname {
-  inherit version;
-  inherit updateUrl;
+  inherit version cpuArch updateUrl secureBoot;
+
+  microcode = lib.optionalString (cpuArch == "amd") "--microcode ${pkgs.microcode-amd}/amd-ucode.img"
+      + lib.optionalString (cpuArch == "intel") "--microcode ${pkgs.microcode-intel}/intel-ucode.img";
 
   buildInputs = with pkgs; [
     erofs-utils
@@ -25,7 +30,7 @@ runCommand pname {
     SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
   };
 
-  kernelCmdLine = "console=ttyS0 patos.secureboot=false";
+  kernelCmdLine = "console=ttyS0 patos.secureboot=${secureBoot}";
 }
 ''
 mkdir -p $out/init.repart.d $out/final.repart.d
@@ -176,6 +181,7 @@ ln -sf patos_$version.root.raw patos_${version}_$rootUuid.root
 ${patosPkgs.systemd}/usr/bin/ukify build \
   --linux ${patosPkgs.kernel}/bzImage \
   --initrd ${patosPkgs.initrd}/initrd.xz \
+  $microcode \
   --os-release @rootfs/etc/os-release \
   --cmdline "$kernelCmdLine roothash=$roothash" \
   -o patos_${version}.efi