feat: enable factory reset

pkgs/image/default.nix

@@ -27,7 +27,7 @@ runCommand pname {
   kernelCmdLine = "console=ttyS0";
 }
 ''
-mkdir -p $out/init.repart.d $out/final.repart.d $out/boot
+mkdir -p $out/init.repart.d $out/final.repart.d
 pushd $out
 
 # Don't seem to work just to create a symlink to rootfs derivation?
@@ -106,9 +106,28 @@ SYSTEMD_RELAX_ESP_CHECKS=1 ${patosPkgs.systemd}/usr/bin/bootctl install --root .
   --secure-boot-auto-enroll=true --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem
 echo "timeout 2" > rootfs/boot/loader/loader.conf
 
+# setup factory reset
+mkdir -p rootfs/boot/EFI/tools
+cp ${pkgs.edk2-uefi-shell}/shell.efi rootfs/boot/EFI/tools/
+
+cat <<EOF > rootfs/boot/EFI/tools/factoryreset.nsh
+setvar FactoryReset -guid 8cf2644b-4b0b-428f-9387-6d876050dc67 -nv -rt =%1
+reset
+EOF
+
+cat <<EOF > rootfs/boot/loader/entries/factoryreset.conf
+title Enable Factory Reset
+options -nostartup -nomap
+options \EFI\tools\factoryreset.nsh L"t"
+efi EFI/tools/shell.efi
+EOF
+
 # sign EFIs
 ${patosPkgs.systemd}/usr/lib/systemd/systemd-sbsign sign --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem \
-  rootfs/boot/EFI/BOOT/BOOTX64.EFI  --output=rootfs/boot/EFI/BOOT/BOOTX64.EFI
+  rootfs/boot/EFI/tools/shell.efi --output=rootfs/boot/EFI/tools/shell.efi
+
+${patosPkgs.systemd}/usr/lib/systemd/systemd-sbsign sign --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem \
+  rootfs/boot/EFI/BOOT/BOOTX64.EFI --output=rootfs/boot/EFI/BOOT/BOOTX64.EFI
 
 ${patosPkgs.systemd}/usr/lib/systemd/systemd-sbsign sign --certificate=${patosPkgs.cert}/cert.pem --private-key=${patosPkgs.cert}/key.pem \
   patos_${version}.efi --output=patos_${version}.efi
@@ -123,8 +142,8 @@ cat <<EOF > final.repart.d/10-esp.conf
 [Partition]
 Type=esp
 Format=vfat
-SizeMinBytes=160M
-SizeMaxBytes=160M
+SizeMinBytes=96M
+SizeMaxBytes=96M
 CopyFiles=/rootfs/boot:/
 EOF