use newest arm64 UEFI and amd64 OVMF CODE/VARS firmware

it updates the arm64 UEFI firmware to a version newer than 2023.11,
as running on qemu >= 9.0 can trigger a bug in the older versions of the EDK2 guest firmware,
causing Synchronous Exception and potential bootloops.

While doing so it updates the amd64 OVMF firmware, which now has removed
support for the 2M firmware and only supports the 4M one.
The 4M OVMF firmware comes with split CODE and VARS images, which need
to be loaded as pflash drives in the qemu vm, rather than via the -bios
flag.

For more details on the migration see: https://salsa.debian.org/qemu-team/edk2/-/blob/debian/latest/debian/howto-2M-to-4M-migration.md

Fixes gokrazy#80

Dockerfile

@@ -1,3 +1,7 @@
-FROM debian:bookworm
+# pinned for reproducibility purposes
+# to get the most recent testing goodies
+# update the tag to the most recent tag
+# https://hub.docker.com/_/debian/tags?name=testing&ordering=-name
+FROM debian:testing-20250113
 
 RUN apt-get update && apt-get install -y qemu-efi-aarch64 ovmf

Makefile

@@ -1,4 +1,4 @@
-.PHONY: test install cover
+.PHONY: test install cover efi
 
 all: install
 
@@ -15,6 +15,8 @@ cover:
 install:
 	go install github.com/gokrazy/tools/cmd/...
 
-third_party/edk2-2022.11-6/QEMU_EFI.fd: Dockerfile
-	docker build --rm -t gokrazy-edk2 .
-	docker run --rm -v $$(pwd)/third_party/edk2-2022.11-6:/tmp/bins gokrazy-edk2 cp /usr/share/qemu-efi-aarch64/QEMU_EFI.fd /usr/share/OVMF/OVMF_CODE.fd /tmp/bins
+
+efi: Dockerfile
+	rm -rf thirdparty/edk2-2024.11-4 && \
+	docker build --rm -t gokrazy-edk2 . && \
+	docker run --rm -v $$(pwd)/third_party/edk2-2024.11-4:/tmp/bins gokrazy-edk2 cp /usr/share/qemu-efi-aarch64/QEMU_EFI.fd /usr/share/OVMF/OVMF_CODE_4M.fd /usr/share/OVMF/OVMF_VARS_4M.fd /tmp/bins

internal/gok/vmrun.go

@@ -14,7 +14,7 @@ import (
 	"github.com/gokrazy/internal/config"
 	"github.com/gokrazy/internal/instanceflag"
 	"github.com/gokrazy/tools/internal/packer"
-	edk "github.com/gokrazy/tools/third_party/edk2-2022.11-6"
+	edk "github.com/gokrazy/tools/third_party/edk2-2024.11-4"
 	"github.com/spf13/cobra"
 )
 
@@ -136,8 +136,12 @@ func (r *vmRunConfig) runQEMU(ctx context.Context, fullDiskImage string) error {
 		return err
 	}
 	defer os.RemoveAll(tmp)
-	amd64EFI := filepath.Join(tmp, "amd64-OVMF_CODE.fd")
-	if err := os.WriteFile(amd64EFI, edk.Amd64EFI, 0644); err != nil {
+	amd64OVMFCODE4M := filepath.Join(tmp, "amd64-OVMF_CODE_4M.fd")
+	if err := os.WriteFile(amd64OVMFCODE4M, edk.Amd64OVMFCODE4M, 0644); err != nil {
+		return err
+	}
+	amd64OVMFVARS4M := filepath.Join(tmp, "amd64-OVMF_VARS_4M.fd")
+	if err := os.WriteFile(amd64OVMFVARS4M, edk.Amd64OVMFVARS4M, 0644); err != nil {
 		return err
 	}
 	arm64EFI := filepath.Join(tmp, "arm64-QEMU_EFI.fd")
@@ -175,7 +179,14 @@ func (r *vmRunConfig) runQEMU(ctx context.Context, fullDiskImage string) error {
 			"-bios", arm64EFI)
 
 	case "amd64":
-		qemu.Args = append(qemu.Args, "-bios", amd64EFI)
+		qemu.Args = append(qemu.Args,
+			// -bios with unified 2M firmware images was deprecated in favor of
+			// two pflash -drive lines with separated CODE/VARS 4M images.
+			// for details see:
+			//  https://salsa.debian.org/qemu-team/edk2/-/blob/debian/latest/debian/howto-2M-to-4M-migration.md
+			"-drive", "if=pflash,format=raw,unit=0,readonly=on,file="+amd64OVMFCODE4M,
+			"-drive", "if=pflash,format=raw,unit=1,readonly=off,file="+amd64OVMFVARS4M,
+		)
 	}
 
 	if goarch == runtime.GOARCH {

third_party/edk2-2022.11-6/edk.go → third_party/edk2-2024.11-4/edk.go

@@ -6,5 +6,8 @@ import _ "embed"
 //go:embed QEMU_EFI.fd
 var Arm64EFI []byte
 
-//go:embed OVMF_CODE.fd
-var Amd64EFI []byte
+//go:embed OVMF_CODE_4M.fd
+var Amd64OVMFCODE4M []byte
+
+//go:embed OVMF_VARS_4M.fd
+var Amd64OVMFVARS4M []byte