OVMF/OVMFFull: drop CSM support

Upstream dropped CSM from the previous release.
Unfortunately, this release (edk2 202402) includes a number of critical security
fixes and it was backported to protect our users.

This may break some users, but I think the benefits of better security
outweigh some earlier inconvenience for them. They will have to find an
alternative in few months anyway.

2 files changed, 1 insertions, 4 deletions

diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index ca2c0f890d9a..dc66d625b0b8 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -12,7 +12,7 @@
 , sourceDebug ? false
 }:
 
-assert csmSupport -> seabios != null;
+assert csmSupport -> throw "CSM support has been dropped upstream due to security and maintenance concerns. For qemu, seabios is the default and can be used instead.";
 
 let
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 48a0afe17033..620b087f1344 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -27117,9 +27117,6 @@ with pkgs;
   OVMF = callPackage ../applications/virtualization/OVMF { };
   OVMFFull = callPackage ../applications/virtualization/OVMF {
     secureBoot = true;
-    # CSM support is a BIOS emulation mechanism,
-    # SeaBIOS is only available on x86.
-    csmSupport = stdenv.hostPlatform.isx86;
     httpSupport = true;
     tpmSupport = true;
   };