From 52edf00bc36eb896538d7d6e9b69b6b4cedcdf65 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Tue, 11 Jul 2023 03:54:17 +0100
Subject: [PATCH] enable support for secure boot on qemu arm64/amd64

Secure boot is now supported upstream in EFI mode. It is disabled
by default, and can be enabled by loading keys from the console:
 https://u-boot.readthedocs.io/en/latest/develop/uefi/uefi.html#configuring-uefi-secure-boot

Gbp-Pq: Topic qemu
Gbp-Pq: Name efi-secure-boot.patch
---
 configs/qemu-x86_64_defconfig | 2 ++
 configs/qemu_arm64_defconfig  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/configs/qemu-x86_64_defconfig b/configs/qemu-x86_64_defconfig
index f29a5aa0f..2cdae05f5 100644
--- a/configs/qemu-x86_64_defconfig
+++ b/configs/qemu-x86_64_defconfig
@@ -79,3 +79,5 @@ CONFIG_FRAMEBUFFER_VESA_MODE=0x144
 CONFIG_CONSOLE_SCROLL_LINES=5
 CONFIG_GENERATE_ACPI_TABLE=y
 # CONFIG_GZIP is not set
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y
diff --git a/configs/qemu_arm64_defconfig b/configs/qemu_arm64_defconfig
index 94bd96678..ecfeeaeb2 100644
--- a/configs/qemu_arm64_defconfig
+++ b/configs/qemu_arm64_defconfig
@@ -72,3 +72,5 @@ CONFIG_USB=y
 CONFIG_USB_EHCI_HCD=y
 CONFIG_USB_EHCI_PCI=y
 CONFIG_TPM=y
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y
-- 
2.30.2