Package: u-boot-qemu Version: 2024.01+dfsg-1 Severity: normal
debian/patches/qemu/efi-secure-boot.patch is not a good approach to enabling secure boot with U-Boot. Variables entered via the command line containing the security database will be stored on file but will not be loaded into U-Boot on the next boot.
If you want a version of U-Boot that supports secure boot properly, use CONFIG_EFI_VARIABLES_PRESEED=y and provide a file with the security database which will be built into U-Boot. tools/efivar.py can be used to build that file.
Separate U-Boot binaries for secure and non-secure would have to be provided.
Existing EDK II packages provide secure boot. Hence I suggest to simply drop patch debian/patches/qemu/efi-secure-boot.patch.
Best regards Heinrich
