From 4a908056ce4ca4ca4a6308b8cee2a42fc5cd272b Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Fri, 6 Jan 2023 03:38:24 +0000
Subject: [PATCH] enable support for secure boot on qemu arm64/amd64

Secure boot is now supported upstream in EFI mode. It is disabled
by default, and can be enabled by loading keys from the console:
 https://u-boot.readthedocs.io/en/latest/develop/uefi/uefi.html#configuring-uefi-secure-boot

Gbp-Pq: Topic qemu
Gbp-Pq: Name efi-secure-boot.patch
---
 configs/qemu-x86_64_defconfig | 2 ++
 configs/qemu_arm64_defconfig  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/configs/qemu-x86_64_defconfig b/configs/qemu-x86_64_defconfig
index 8433b5734..2d1f3df35 100644
--- a/configs/qemu-x86_64_defconfig
+++ b/configs/qemu-x86_64_defconfig
@@ -78,3 +78,5 @@ CONFIG_FRAMEBUFFER_VESA_MODE=0x144
 CONFIG_CONSOLE_SCROLL_LINES=5
 CONFIG_GENERATE_ACPI_TABLE=y
 # CONFIG_GZIP is not set
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y
diff --git a/configs/qemu_arm64_defconfig b/configs/qemu_arm64_defconfig
index 4123338b8..b300da384 100644
--- a/configs/qemu_arm64_defconfig
+++ b/configs/qemu_arm64_defconfig
@@ -68,3 +68,5 @@ CONFIG_USB=y
 CONFIG_USB_EHCI_HCD=y
 CONFIG_USB_EHCI_PCI=y
 CONFIG_TPM=y
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y
-- 
2.30.2