1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Author: Luca Boccassi <bluca@debian.org>
Description: enable support for secure boot on qemu arm64/amd64
Secure boot is now supported upstream in EFI mode. It is disabled
by default, and can be enabled by loading keys from the console:
https://u-boot.readthedocs.io/en/latest/develop/uefi/uefi.html#configuring-uefi-secure-boot
Index: u-boot/configs/qemu-x86_64_defconfig
===================================================================
--- u-boot.orig/configs/qemu-x86_64_defconfig
+++ u-boot/configs/qemu-x86_64_defconfig
@@ -89,3 +89,5 @@ CONFIG_SPL_VIDEO=y
# CONFIG_SPL_USE_TINY_PRINTF is not set
CONFIG_GENERATE_ACPI_TABLE=y
# CONFIG_GZIP is not set
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y
Index: u-boot/configs/qemu_arm64_defconfig
===================================================================
--- u-boot.orig/configs/qemu_arm64_defconfig
+++ u-boot/configs/qemu_arm64_defconfig
@@ -16,6 +16,8 @@ CONFIG_PCI=y
CONFIG_DEBUG_UART=y
CONFIG_AHCI=y
CONFIG_EFI_HTTP_BOOT=y
+CONFIG_EFI_SECURE_BOOT=y
+CONFIG_EFI_SIGNATURE_SUPPORT=y
CONFIG_FIT=y
CONFIG_FIT_SIGNATURE=y
CONFIG_FIT_VERBOSE=y
|
