From 2f1567ad33d585f93e5314b161fbd2a60fa66e64 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Mon, 8 Feb 2016 23:18:03 +0000
Subject: [PATCH] OVMF: no stackprotector/pic/fortify hardening

---
 pkgs/applications/virtualization/OVMF/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index 479d625c7de..513242271a1 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -17,6 +17,10 @@ stdenv.mkDerivation (edk2.setup "OvmfPkg/OvmfPkg${targetArch}.dsc" {
   # TODO: properly include openssl for secureBoot
   buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ];
 
+  hardening_stackprotector = false;
+  hardening_pic = false;
+  hardening_fortify = false;
+
   unpackPhase = ''
     for file in \
       "${edk2.src}"/{UefiCpuPkg,MdeModulePkg,IntelFrameworkModulePkg,PcAtChipsetPkg,FatBinPkg,EdkShellBinPkg,MdePkg,ShellPkg,OptionRomPkg,IntelFrameworkPkg};