From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Tue, 7 Mar 2023 08:38:09 +0000 (+0100)
Subject: debian: sync edk2-vars-generator script with packaging upstream
X-Git-Url: https://git.proxmox.com/?p=pve-edk2-firmware.git;a=commitdiff_plain;h=dd9d3a52da7a048d97d76b0724c8058b7de0cc1f

debian: sync edk2-vars-generator script with packaging upstream

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/debian/edk2-vars-generator.py b/debian/edk2-vars-generator.py
index f9328c1..9af5ff1 100755
--- a/debian/edk2-vars-generator.py
+++ b/debian/edk2-vars-generator.py
@@ -53,6 +53,11 @@ if __name__ == '__main__':
         help='UEFI code image',
         required=True,
     )
+    parser.add_argument(
+        "--no-default",
+        action="store_true",
+        help='Do not enroll the default keys, just the PK/KEK1 certificate',
+    )
     parser.add_argument(
         "-V", "--vars-template",
         help='UEFI vars template',
@@ -122,7 +127,13 @@ if __name__ == '__main__':
     child.expect(['Shell> '])
     child.sendline('FS0:\r')
     child.expect(['FS0:\\\\> '])
-    child.sendline('EnrollDefaultKeys.efi\r')
+    enrollcmd = ['EnrollDefaultKeys.efi']
+    if args.no_default:
+        enrollcmd.append("--no-default")
+    child.sendline(f'{" ".join(enrollcmd)}\r')
+    child.expect(['FS0:\\\\> '])
+    # Clear the BootOrder. See #1015759
+    child.sendline('setvar BootOrder =\r')
     child.expect(['FS0:\\\\> '])
     child.sendline('reset -s\r')
     child.wait()