From 960e0694d984f0a9da6c8bd1515a1cb13c74518a Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:51 +0000
Subject: [PATCH 01/11] edk2, edk2-uefi-shell, OVMF: add mjoerg as maintainer

---
 pkgs/applications/virtualization/OVMF/default.nix | 2 +-
 pkgs/by-name/ed/edk2/package.nix                  | 7 ++++---
 pkgs/tools/misc/edk2-uefi-shell/default.nix       | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index 60eaa6428d62..949d6e240f7d 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -190,7 +190,7 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
     homepage = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF";
     license = lib.licenses.bsd2;
     platforms = metaPlatforms;
-    maintainers = with lib.maintainers; [ adamcstephens raitobezarius ];
+    maintainers = with lib.maintainers; [ adamcstephens raitobezarius mjoerg ];
     broken = stdenv.isDarwin;
   };
 })
diff --git a/pkgs/by-name/ed/edk2/package.nix b/pkgs/by-name/ed/edk2/package.nix
index 56b6aac253f5..54d34596c806 100644
--- a/pkgs/by-name/ed/edk2/package.nix
+++ b/pkgs/by-name/ed/edk2/package.nix
@@ -100,12 +100,13 @@ edk2 = stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  meta = with lib; {
+  meta = {
     description = "Intel EFI development kit";
     homepage = "https://github.com/tianocore/tianocore.github.io/wiki/EDK-II/";
     changelog = "https://github.com/tianocore/edk2/releases/tag/edk2-stable${edk2.version}";
-    license = licenses.bsd2;
-    platforms = with platforms; aarch64 ++ arm ++ i686 ++ x86_64 ++ riscv64;
+    license = lib.licenses.bsd2;
+    platforms = with lib.platforms; aarch64 ++ arm ++ i686 ++ x86_64 ++ riscv64;
+    maintainers = [ lib.maintainers.mjoerg ];
   };
 
   passthru = {
diff --git a/pkgs/tools/misc/edk2-uefi-shell/default.nix b/pkgs/tools/misc/edk2-uefi-shell/default.nix
index 7547f9b3e476..0e870a98d495 100644
--- a/pkgs/tools/misc/edk2-uefi-shell/default.nix
+++ b/pkgs/tools/misc/edk2-uefi-shell/default.nix
@@ -37,6 +37,6 @@ edk2.mkDerivation "ShellPkg/ShellPkg.dsc" (finalAttrs: {
     inherit (edk2.meta) license platforms;
     description = "UEFI Shell from Tianocore EFI development kit";
     homepage = "https://github.com/tianocore/tianocore.github.io/wiki/ShellPkg";
-    maintainers = with lib.maintainers; [ LunNova ];
+    maintainers = with lib.maintainers; [ LunNova mjoerg ];
   };
 })

From b7a9ac40c8bfe3cb065de0ec0a6fdbf31bd81844 Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:51 +0000
Subject: [PATCH 02/11] edk2: propagate patches

Ensure patches to EDK II and OpenSSL are propagated to edk2.mkDerivation.
---
 pkgs/by-name/ed/edk2/package.nix | 78 ++++++++++++++++++++------------
 1 file changed, 50 insertions(+), 28 deletions(-)

diff --git a/pkgs/by-name/ed/edk2/package.nix b/pkgs/by-name/ed/edk2/package.nix
index 54d34596c806..5510f24445e1 100644
--- a/pkgs/by-name/ed/edk2/package.nix
+++ b/pkgs/by-name/ed/edk2/package.nix
@@ -1,12 +1,12 @@
 { stdenv
 , fetchFromGitHub
 , fetchpatch
+, applyPatches
 , libuuid
 , bc
 , lib
 , buildPackages
 , nixosTests
-, runCommand
 , writeScript
 }:
 
@@ -31,23 +31,10 @@ buildType = if stdenv.isDarwin then
   else
     "GCC5";
 
-edk2 = stdenv.mkDerivation rec {
+edk2 = stdenv.mkDerivation {
   pname = "edk2";
   version = "202402";
 
-  patches = [
-    # pass targetPrefix as an env var
-    (fetchpatch {
-      url = "https://src.fedoraproject.org/rpms/edk2/raw/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/0021-Tweak-the-tools_def-to-support-cross-compiling.patch";
-      hash = "sha256-E1/fiFNVx0aB1kOej2DJ2DlBIs9tAAcxoedym2Zhjxw=";
-    })
-    # https://github.com/tianocore/edk2/pull/5658
-    (fetchpatch {
-      url = "https://github.com/tianocore/edk2/commit/a34ff4a8f69a7b8a52b9b299153a8fac702c7df1.patch";
-      hash = "sha256-u+niqwjuLV5tNPykW4xhb7PW2XvUmXhx5uvftG1UIbU=";
-    })
-  ];
-
   srcWithVendoring = fetchFromGitHub {
     owner = "tianocore";
     repo = "edk2";
@@ -56,20 +43,55 @@ edk2 = stdenv.mkDerivation rec {
     hash = "sha256-Nurm6QNKCyV6wvbj0ELdYAL7mbZ0yg/tTwnEJ+N18ng=";
   };
 
-  # We don't want EDK2 to keep track of OpenSSL,
-  # they're frankly bad at it.
-  src = runCommand "edk2-unvendored-src" { } ''
-    cp --no-preserve=mode -r ${srcWithVendoring} $out
-    rm -rf $out/CryptoPkg/Library/OpensslLib/openssl
-    mkdir -p $out/CryptoPkg/Library/OpensslLib/openssl
-    tar --strip-components=1 -xf ${buildPackages.openssl.src} -C $out/CryptoPkg/Library/OpensslLib/openssl
-    chmod -R +w $out/
+  src = applyPatches {
+    name = "edk2-${edk2.version}-unvendored-src";
+    src = edk2.srcWithVendoring;
 
-    # Fix missing INT64_MAX include that edk2 explicitly does not provide
-    # via it's own <stdint.h>. Let's pull in openssl's definition instead:
-    sed -i $out/CryptoPkg/Library/OpensslLib/openssl/crypto/property/property_parse.c \
-        -e '1i #include "internal/numbers.h"'
-  '';
+    patches = [
+      # pass targetPrefix as an env var
+      (fetchpatch {
+        url = "https://src.fedoraproject.org/rpms/edk2/raw/08f2354cd280b4ce5a7888aa85cf520e042955c3/f/0021-Tweak-the-tools_def-to-support-cross-compiling.patch";
+        hash = "sha256-E1/fiFNVx0aB1kOej2DJ2DlBIs9tAAcxoedym2Zhjxw=";
+      })
+      # https://github.com/tianocore/edk2/pull/5658
+      (fetchpatch {
+        name = "fix-cross-compilation-antlr-dlg.patch";
+        url = "https://github.com/tianocore/edk2/commit/a34ff4a8f69a7b8a52b9b299153a8fac702c7df1.patch";
+        hash = "sha256-u+niqwjuLV5tNPykW4xhb7PW2XvUmXhx5uvftG1UIbU=";
+      })
+    ];
+
+    postPatch = ''
+      # We don't want EDK2 to keep track of OpenSSL, they're frankly bad at it.
+      rm -r CryptoPkg/Library/OpensslLib/openssl
+      mkdir -p CryptoPkg/Library/OpensslLib/openssl
+      (
+      cd CryptoPkg/Library/OpensslLib/openssl
+      tar --strip-components=1 -xf ${buildPackages.openssl.src}
+
+      # Fix missing INT64_MAX include that edk2 explicitly does not provide
+      # via it's own <stdint.h>. Let's pull in openssl's definition instead:
+      sed -i crypto/property/property_parse.c \
+          -e '1i #include "internal/numbers.h"'
+
+      # Apply OpenSSL patches.
+      ${lib.pipe buildPackages.openssl.patches [
+        (builtins.filter (
+          patch:
+          !builtins.elem (baseNameOf patch) [
+            # Exclude patches not required in this context.
+            "nix-ssl-cert-file.patch"
+            "openssl-disable-kernel-detection.patch"
+            "use-etc-ssl-certs-darwin.patch"
+            "use-etc-ssl-certs.patch"
+          ]
+        ))
+        (map (patch: "patch -p1 < ${patch}\n"))
+        lib.concatStrings
+      ]}
+      )
+    '';
+  };
 
   nativeBuildInputs = [ pythonEnv ];
   depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.bash ];

From ad318f1ff4d7f004a66d2c4e835c913e2d45a36c Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:51 +0000
Subject: [PATCH 03/11] edk2: remove patch obsoleted by OpenSSL 3.0.14

---
 pkgs/by-name/ed/edk2/package.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pkgs/by-name/ed/edk2/package.nix b/pkgs/by-name/ed/edk2/package.nix
index 5510f24445e1..a22b018ec0f3 100644
--- a/pkgs/by-name/ed/edk2/package.nix
+++ b/pkgs/by-name/ed/edk2/package.nix
@@ -69,11 +69,6 @@ edk2 = stdenv.mkDerivation {
       cd CryptoPkg/Library/OpensslLib/openssl
       tar --strip-components=1 -xf ${buildPackages.openssl.src}
 
-      # Fix missing INT64_MAX include that edk2 explicitly does not provide
-      # via it's own <stdint.h>. Let's pull in openssl's definition instead:
-      sed -i crypto/property/property_parse.c \
-          -e '1i #include "internal/numbers.h"'
-
       # Apply OpenSSL patches.
       ${lib.pipe buildPackages.openssl.patches [
         (builtins.filter (

From 0bb9616782ce9d2203d5123f0c7b574c58b8bac3 Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:51 +0000
Subject: [PATCH 04/11] edk2: 202402 -> 202405

https://github.com/tianocore/edk2/releases/tag/edk2-stable202405
https://github.com/tianocore/edk2/compare/edk2-stable202402...edk2-stable202405

Add patch to avoid stuck system (#325403).
---
 pkgs/by-name/ed/edk2/package.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkgs/by-name/ed/edk2/package.nix b/pkgs/by-name/ed/edk2/package.nix
index a22b018ec0f3..64fecdb2fb40 100644
--- a/pkgs/by-name/ed/edk2/package.nix
+++ b/pkgs/by-name/ed/edk2/package.nix
@@ -33,14 +33,14 @@ buildType = if stdenv.isDarwin then
 
 edk2 = stdenv.mkDerivation {
   pname = "edk2";
-  version = "202402";
+  version = "202405";
 
   srcWithVendoring = fetchFromGitHub {
     owner = "tianocore";
     repo = "edk2";
     rev = "edk2-stable${edk2.version}";
     fetchSubmodules = true;
-    hash = "sha256-Nurm6QNKCyV6wvbj0ELdYAL7mbZ0yg/tTwnEJ+N18ng=";
+    hash = "sha256-+phKAr3xc4T8tg6YAoGgRWCmxZiFzhazEAai48ICnKM=";
   };
 
   src = applyPatches {
@@ -59,6 +59,13 @@ edk2 = stdenv.mkDerivation {
         url = "https://github.com/tianocore/edk2/commit/a34ff4a8f69a7b8a52b9b299153a8fac702c7df1.patch";
         hash = "sha256-u+niqwjuLV5tNPykW4xhb7PW2XvUmXhx5uvftG1UIbU=";
       })
+      # TODO: remove on next version of edk2
+      # https://github.com/tianocore/edk2/pull/5690
+      (fetchpatch {
+        name = "fix-stuck-system.patch";
+        url = "https://github.com/tianocore/edk2/commit/ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3.patch";
+        hash = "sha256-RHfJ9OcMGs3jDg2jQyzcjbYkJcmc/SZyrdXBsUw9vDA=";
+      })
     ];
 
     postPatch = ''

From aea24a383931ccd2c0be206b8436c01704f262b8 Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:51 +0000
Subject: [PATCH 05/11] OVMF: enable compilation using Clang

Disable -Wno-unneeded-internal-declaration causing the build to fail due to -Wall with Clang.
---
 pkgs/applications/virtualization/OVMF/default.nix | 2 +-
 pkgs/by-name/ed/edk2/package.nix                  | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index 949d6e240f7d..bc65379155ef 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -191,6 +191,6 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
     license = lib.licenses.bsd2;
     platforms = metaPlatforms;
     maintainers = with lib.maintainers; [ adamcstephens raitobezarius mjoerg ];
-    broken = stdenv.isDarwin;
+    broken = stdenv.isDarwin && stdenv.isAarch64;
   };
 })
diff --git a/pkgs/by-name/ed/edk2/package.nix b/pkgs/by-name/ed/edk2/package.nix
index 64fecdb2fb40..4cc1a2160f7c 100644
--- a/pkgs/by-name/ed/edk2/package.nix
+++ b/pkgs/by-name/ed/edk2/package.nix
@@ -92,6 +92,12 @@ edk2 = stdenv.mkDerivation {
         lib.concatStrings
       ]}
       )
+
+      # enable compilation using Clang
+      # https://bugzilla.tianocore.org/show_bug.cgi?id=4620
+      substituteInPlace BaseTools/Conf/tools_def.template --replace-fail \
+        'DEFINE CLANGPDB_WARNING_OVERRIDES    = ' \
+        'DEFINE CLANGPDB_WARNING_OVERRIDES    = -Wno-unneeded-internal-declaration '
     '';
   };
 

From 27627a34cc6a429876103661ba9d0b1494494eda Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:51 +0000
Subject: [PATCH 06/11] OVMFFull: fix build on Darwin

edk2-vars-generator might fail on Darwin due to passing an incompatible locale to mtools.
LC_ALL=C attempts to bypass this issue.
---
 pkgs/applications/virtualization/OVMF/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index bc65379155ef..1a17540e4084 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -138,7 +138,8 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
   '' + lib.optionalString msVarsTemplate ''
     (
     cd ${buildPrefix}
-    python3 $NIX_BUILD_TOP/debian/edk2-vars-generator.py \
+    # locale must be set on Darwin for invocations of mtools to work correctly
+    LC_ALL=C python3 $NIX_BUILD_TOP/debian/edk2-vars-generator.py \
       --flavor ${msVarsArgs.flavor} \
       --enrolldefaultkeys ${msVarsArgs.archDir}/EnrollDefaultKeys.efi \
       --shell ${msVarsArgs.archDir}/Shell.efi \

From 2dc6d27d8a265f29f4df7af3fdd3c8255174fc77 Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:51 +0000
Subject: [PATCH 07/11] OVMFFull: switch debian source to GitLab

The referenced archive is no longer available.
---
 .../virtualization/OVMF/default.nix           | 23 +++++++++++++------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index 1a17540e4084..a309d007e190 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -1,5 +1,5 @@
 { stdenv, nixosTests, lib, edk2, util-linux, nasm, acpica-tools, llvmPackages
-, fetchurl, python3, pexpect, xorriso, qemu, dosfstools, mtools
+, fetchFromGitLab, python3, pexpect, xorriso, qemu, dosfstools, mtools
 , fdSize2MB ? false
 , fdSize4MB ? secureBoot
 , secureBoot ? false
@@ -12,7 +12,7 @@
 # to use as the PK and first KEK for the keystore.
 #
 # By default, we use Debian's cert. This default
-# should chnage to a NixOS cert once we have our
+# should change to a NixOS cert once we have our
 # own secure boot signing infrastructure.
 #
 # Ignored if msVarsTemplate is false.
@@ -66,9 +66,18 @@ let
 
   OvmfPkKek1AppPrefix = "4e32566d-8e9e-4f52-81d3-5bb9715f9727";
 
-  debian-edk-src = fetchurl {
-    url = "http://deb.debian.org/debian/pool/main/e/edk2/edk2_2023.11-5.debian.tar.xz";
-    sha256 = "1yxlab4md30pxvjadr6b4xn6cyfw0c292q63pyfv4vylvhsb24g4";
+  debian-edk-src = fetchFromGitLab {
+    domain = "salsa.debian.org";
+    owner = "qemu-team";
+    repo = "edk2";
+    nonConeMode = true;
+    sparseCheckout = [
+      "debian/edk2-vars-generator.py"
+      "debian/python"
+      "debian/PkKek-1-*.pem"
+    ];
+    rev = "refs/tags/debian/2023.11-5";
+    hash = "sha256-4vDOoZbWQg7yKXiQprK8CRzKGkbKQYlAgQzTqmNxxjU=";
   };
 
   buildPrefix = "Build/*/*";
@@ -111,7 +120,7 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
   env.PYTHON_COMMAND = "python3";
 
   postUnpack = lib.optionalDrvAttr msVarsTemplate ''
-    unpackFile ${debian-edk-src}
+    ln -s ${debian-edk-src}/debian
   '';
 
   postConfigure = lib.optionalDrvAttr msVarsTemplate ''
@@ -166,7 +175,7 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
     ln -sv $fd/FV/${fwPrefix}_CODE{,.ms}.fd
   '' + lib.optionalString stdenv.hostPlatform.isAarch ''
     mv -v $out/FV/QEMU_{EFI,VARS}.fd $fd/FV
-    # Add symlinks for Fedora dir layout: https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec
+    # Add symlinks for Fedora dir layout: https://src.fedoraproject.org/rpms/edk2/blob/main/f/edk2.spec
     mkdir -vp $fd/AAVMF
     ln -s $fd/FV/AAVMF_CODE.fd $fd/AAVMF/QEMU_EFI-pflash.raw
     ln -s $fd/FV/AAVMF_VARS.fd $fd/AAVMF/vars-template-pflash.raw

From ab9a643c0db2fb62b1bbb10b66d59e654364cf7f Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:51 +0000
Subject: [PATCH 08/11] OVMFFull: update debian source to 2024.05-1

---
 pkgs/applications/virtualization/OVMF/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index a309d007e190..e5e737b85daf 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -76,8 +76,8 @@ let
       "debian/python"
       "debian/PkKek-1-*.pem"
     ];
-    rev = "refs/tags/debian/2023.11-5";
-    hash = "sha256-4vDOoZbWQg7yKXiQprK8CRzKGkbKQYlAgQzTqmNxxjU=";
+    rev = "refs/tags/debian/2024.05-1";
+    hash = "sha256-uAjXJaHOVh944ZxcA2IgCsrsncxuhc0JKlsXs0E03s0=";
   };
 
   buildPrefix = "Build/*/*";

From d8c8c8f52742a175e3a44c9db4aef19da72451a7 Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:52 +0000
Subject: [PATCH 09/11] OVMFFull: expose variablesMs similar to firmware and
 variables

---
 pkgs/applications/virtualization/OVMF/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index e5e737b85daf..76d4db7d807c 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -189,6 +189,9 @@ edk2.mkDerivation projectDscPath (finalAttrs: {
   in {
     firmware  = "${prefix}_CODE.fd";
     variables = "${prefix}_VARS.fd";
+    variablesMs =
+      assert msVarsTemplate;
+      "${prefix}_VARS.ms.fd";
     # This will test the EFI firmware for the host platform as part of the NixOS Tests setup.
     tests.basic-systemd-boot = nixosTests.systemd-boot.basic;
     tests.secureBoot-systemd-boot = nixosTests.systemd-boot.secureBoot;

From 48f6248d8a4c236876a2ce2404852823ca1cf156 Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:52 +0000
Subject: [PATCH 10/11] edk2-uefi-shell: mark as broken on Darwin aarch64

---
 pkgs/tools/misc/edk2-uefi-shell/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/tools/misc/edk2-uefi-shell/default.nix b/pkgs/tools/misc/edk2-uefi-shell/default.nix
index 0e870a98d495..0ec010472645 100644
--- a/pkgs/tools/misc/edk2-uefi-shell/default.nix
+++ b/pkgs/tools/misc/edk2-uefi-shell/default.nix
@@ -38,5 +38,6 @@ edk2.mkDerivation "ShellPkg/ShellPkg.dsc" (finalAttrs: {
     description = "UEFI Shell from Tianocore EFI development kit";
     homepage = "https://github.com/tianocore/tianocore.github.io/wiki/ShellPkg";
     maintainers = with lib.maintainers; [ LunNova mjoerg ];
+    broken = stdenv.isDarwin && stdenv.isAarch64;
   };
 })

From 8b47539e653603bfa76ea8b608ab3a519f2218e5 Mon Sep 17 00:00:00 2001
From: Martin Joerg <martin.joerg@gmail.com>
Date: Tue, 27 Aug 2024 15:14:52 +0000
Subject: [PATCH 11/11] edk2: 202405 -> 202408

https://github.com/tianocore/edk2/releases/tag/edk2-stable202408
https://github.com/tianocore/edk2/compare/edk2-stable202408..edk2-stable202405
---
 pkgs/by-name/ed/edk2/package.nix | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/pkgs/by-name/ed/edk2/package.nix b/pkgs/by-name/ed/edk2/package.nix
index 4cc1a2160f7c..b6946ea11949 100644
--- a/pkgs/by-name/ed/edk2/package.nix
+++ b/pkgs/by-name/ed/edk2/package.nix
@@ -33,14 +33,14 @@ buildType = if stdenv.isDarwin then
 
 edk2 = stdenv.mkDerivation {
   pname = "edk2";
-  version = "202405";
+  version = "202408";
 
   srcWithVendoring = fetchFromGitHub {
     owner = "tianocore";
     repo = "edk2";
     rev = "edk2-stable${edk2.version}";
     fetchSubmodules = true;
-    hash = "sha256-+phKAr3xc4T8tg6YAoGgRWCmxZiFzhazEAai48ICnKM=";
+    hash = "sha256-2odaTqiAZD5xduT0dwIYWj3gY/aFPVsTFbblIsEhBiA=";
   };
 
   src = applyPatches {
@@ -59,13 +59,6 @@ edk2 = stdenv.mkDerivation {
         url = "https://github.com/tianocore/edk2/commit/a34ff4a8f69a7b8a52b9b299153a8fac702c7df1.patch";
         hash = "sha256-u+niqwjuLV5tNPykW4xhb7PW2XvUmXhx5uvftG1UIbU=";
       })
-      # TODO: remove on next version of edk2
-      # https://github.com/tianocore/edk2/pull/5690
-      (fetchpatch {
-        name = "fix-stuck-system.patch";
-        url = "https://github.com/tianocore/edk2/commit/ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3.patch";
-        hash = "sha256-RHfJ9OcMGs3jDg2jQyzcjbYkJcmc/SZyrdXBsUw9vDA=";
-      })
     ];
 
     postPatch = ''