enable support for secure boot on qemu arm64/amd64

Secure boot is now supported upstream in EFI mode. It is disabled
by default, and can be enabled by loading keys from the console:
 https://u-boot.readthedocs.io/en/latest/develop/uefi/uefi.html#configuring-uefi-secure-boot

Gbp-Pq: Topic qemu
Gbp-Pq: Name efi-secure-boot.patch

diff --git a/configs/qemu-x86_64_defconfig b/configs/qemu-x86_64_defconfig
index 8433b5734f62526ac4c5c0858582f896045ef896..2d1f3df35d19a90d48ec485903ec8c0ea8797d22 100644 (file)
--- a/configs/qemu-x86_64_defconfig
+++ b/configs/qemu-x86_64_defconfig
@@ -78,3 +78,5 @@ CONFIG_FRAMEBUFFER_VESA_MODE=0x144
 CONFIG_CONSOLE_SCROLL_LINES=5
 CONFIG_GENERATE_ACPI_TABLE=y
 # CONFIG_GZIP is not set
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y

diff --git a/configs/qemu_arm64_defconfig b/configs/qemu_arm64_defconfig
index 4123338b8dd3ee17416a50b2849dcfac1f682640..b300da384857ef8d5661ba7c0261adaa3777b4ae 100644 (file)
--- a/configs/qemu_arm64_defconfig
+++ b/configs/qemu_arm64_defconfig
@@ -68,3 +68,5 @@ CONFIG_USB=y
 CONFIG_USB_EHCI_HCD=y
 CONFIG_USB_EHCI_PCI=y
 CONFIG_TPM=y
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y