enable support for secure boot on qemu arm64/amd64

Secure boot is now supported upstream in EFI mode. It is disabled
by default, and can be enabled by loading keys from the console:
 https://u-boot.readthedocs.io/en/latest/develop/uefi/uefi.html#configuring-uefi-secure-boot

Gbp-Pq: Topic qemu
Gbp-Pq: Name efi-secure-boot.patch

diff --git a/configs/qemu-x86_64_defconfig b/configs/qemu-x86_64_defconfig
index f29a5aa0f813b03763d1d34412ac628f3c1f32fb..2cdae05f51a3966c951387a0bc5e6d77708d5534 100644 (file)
--- a/configs/qemu-x86_64_defconfig
+++ b/configs/qemu-x86_64_defconfig
@@ -79,3 +79,5 @@ CONFIG_FRAMEBUFFER_VESA_MODE=0x144
 CONFIG_CONSOLE_SCROLL_LINES=5
 CONFIG_GENERATE_ACPI_TABLE=y
 # CONFIG_GZIP is not set
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y

diff --git a/configs/qemu_arm64_defconfig b/configs/qemu_arm64_defconfig
index 94bd96678443b33f676e0e8b5baba24e27c2afb3..ecfeeaeb2b81060ae5a57b3434591a61be45d5f5 100644 (file)
--- a/configs/qemu_arm64_defconfig
+++ b/configs/qemu_arm64_defconfig
@@ -72,3 +72,5 @@ CONFIG_USB=y
 CONFIG_USB_EHCI_HCD=y
 CONFIG_USB_EHCI_PCI=y
 CONFIG_TPM=y
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y