Note: groups.io will be down for maintenance on Wednesday, October 5th, starting at 9AM Pacific Time (4PM Wednesday October 5, 2022 UTC), for approximately one hour.
How to build edk2/ovmf with secure boot enabled as done in Fedora with "*CODE.secboot.fd" and "*VARS.secboot.fd" files?
I'm trying to install windows 10 from .iso installation disk in QEMU 6.0.0 with secure boot enabled in UEFI.
If I pass edk2/ovmf files provided by Fedora, I can find the .secboot.fd versions. Passing those files to qemu with:
-global driver=cfi.pflash01,property=secure,value=on \
-drive if=pflash,format=raw,file=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd,readonly=on \
-drive if=pflash,format=raw,file=./my-writable_OVMF_VARS.secboot.fd \
In this way I can see the option "secure boot" enabled in EUFI.
Ok, but now I want to download edk2/ovmf from sources using the latest stable tag:
git clone https://github.com/tianocore/edk2.git
git checkout edk2-stable202105
git submodule update --init
And finally I want to build it for x64 with secure boot:
I tried to use "./OvmfPkg/build.sh -DSECURE_BOOT_ENABLE" but when I run QEMU, the secure boot option in UEFI is disabled.
Which is the right procedure to build edk2/OVMF with secure boot?