Provide an OVMF_VARS.snakeoil.fd image and matching private key

-----BEGIN ENCRYPTED PRIVATE KEY-----

MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIPHKKEsMGBRECAggA

MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDMKbs0ZJj1QBIIEyPbHAHgcZAWR

JifpHioOyVPOmPT78ACPoyPe2JEQrWWLxHCF2A1TVP/CNlahDPwd6J42oW833tiL

8gEKBP11yQfivz9RBJSOuD2v3fZX5BKgzfRbfSh1Yecp2942nfU8QsEH+DOe2sma

hqmM6TxmA7mJAhhafMlKXb5FsGBRBOf26zE6Aad/ZzmPdV5eqaPpJTJGWkW2XYCu

dlp47GanAlNADF1AZteQZCWOi01D4A6mTrDU/2xevykX0wLuU1W054qwAjkA1nO8

pN/Y6rFm8yYONJRn8FiKy7j6U8GX40CfeppF7zfKa+P9dqUhXGQoGzBqd7Xi38QK

a8x3PGt9ZN9KJLazMBdYcypQvHuDoZqU26NpNvbYbUjuW1gktPf9qd6JohE3Ovyh

Y3Hn3fC75GlMGDBxkR6tx76RU8bO0gaW+rFvYHPouhCq8iSxiKXd49+zorxWJrRh

5Ad+6w9t6y/R5CGqSdqbaH1pCHq49kSRwA3LCkrHZ51bnUDVR83l7wISl2ZQ63Lo

qFMxNNP8JzREblTpAcLH41Fk02BwWoE5CPF6wrZGCLRCnt99umrR1TUMuSSWE894

vd6C5y1g1HpGym53D0Qyy4UJCt7ynUye8u4jSMnuLSx6y6qmawQTvK8ibDEzfd5M

G5CPbv/qc6ul4GbaWeB0tQC2kr7NsgrReVQw0hNRIdGtq9tH5pHo3afk8XhQF+V/

TQBX09nRquGQOJ0lNKuEvFDrAq6ebI2ORpy9Q27Dss65120jL+dDzyaQtAhboLiM

Gk8DVxqKcdOLWf211MjO4GGxn+HccOAQ9UYLj2Y4nCJ4qoRuCVEqDzjMpsM7Tm7U

FqFHN5mhdPuuIIZ5flPUOkDrugfu2AXBuk2Y8u4EmqccVQi9i59JzAwp6P31ra42

uH4mGjWf0CA3YNdYPBjVOWq5bzzcByq+JPzejWXCJynUQzgUiegob0VgjaLMtr6j

1KQPsjcxC9wguRXRVG8JYxdfRvusL0NxrNLg2A1NGJ9yhjzmvQhMWjukj23em7gh

y0XBoEj0xo1pDPXtG1G5RruKgynpqImOQR+UczsOAl/j9D7w9BjhzFGc0Jx3u1L7

g3WcuDXVSCxbvUDa4tSeKxWW+Vim9MIgU9FRsmNdaOIL8hkdMEv9w0X+sxNhx/nU

VJiuA2bSgKv1DPqUYDshlsBoHYjoboTkPS7NWggIxsblgAlnPhoaoV5PjSdZf7NG

iEm1BEmMP27DOmk4bEoM8ecwlss+8Lv/HmgZjVhj8jGwz8zLFS+LTcgLOVj2FMKg

gqdfAfVB9L4bLZCkdnJBsuNWnCEIbQ/pwLbGckkDzNl2OKP8onw0KlM8+pilqDyM

01eob2DdHXPqfpCeLcmh3U8MkNec0d5FkVzE/gIXMAq+pNIkSYGcYYGZ/5+dvTzB

hUtNhOrs6Tufv36H1ehFU5f4ovuribjmwoJgSKM7WiLNxGxZo/bTtXhonRzyjPQ/

KtXMOxqO6nN9QCkiPw22QPvteVhXXNxEUA+DKdLF9/26nyqXjO12Y60gP+MWw3XV

gliVvp0A65IMjwYM+hOHqKdOAlRXkefeh+wC90fNI0K0OP/sclMak61fUfoWcRGz

oNalGfk7QzVC2DCws9eFYg==

-----END ENCRYPTED PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

MIIDCTCCAfGgAwIBAgIUSbJC1oRCJUbGkwfWHscBeZrRHZcwDQYJKoZIhvcNAQEL

BQAwFDESMBAGA1UECgwJU25ha2UgT2lsMB4XDTE5MTEwMTIyMDI1NVoXDTE5MTIw

MTIyMDI1NVowFDESMBAGA1UECgwJU25ha2UgT2lsMIIBIjANBgkqhkiG9w0BAQEF

AAOCAQ8AMIIBCgKCAQEAzUDpJwDzDpLo2ytVRSgt/QWRYk/Yjae5fbujitq73XYL

uDZ+/Wf5U6zpOfyfzX/l5R0KCV9XYUJF47QEmNCnoWpg3cRdRry+3FIYtdnNK151

AZ2L74OI4sMX1akSE+MfZFgdPFcm+n0uJgQuvRYGyYaR6N1wbhJ/2iOOba+sbKyc

aKiL1fSjip2criHA/05cYSomdUT+rTUZALFdCQuOU+gX8Rqhmfbo8VEE7MpE3nrv

HocQAFphyYgG8jadjggymE7sQEZGrBqOrwMDHitbpoGNlOI2VdFgL5jRKHuB61iC

kqTmSWuS4lbOEJmms6hhQnTnu/yK7O3NEWegAPMrtQIDAQABo1MwUTAdBgNVHQ4E

FgQUFD7OXb2T6sOysRo3hj2f15SX8I8wHwYDVR0jBBgwFoAUFD7OXb2T6sOysRo3

hj2f15SX8I8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANZRB

NFVUVZVehpj3QGbbSjp77m0V6JrEYn6u/XjLRFsUNw5Hh35UCR0HkKZ0cLgrVKb/

8yL6LaYLOY6yDwEFWMtLXiF2S4noO8raEgW6A7DHawb2Y4ZNFRO4oBkyWbtd36Uu

UfSszs2av048wb5J/pNedRSx8I/FiCNWummzpkBHzx023TdLPd8fmkmG7ZBpStN0

Y//EE4DKTfHxAwt5w7WdZF5EY/KHPopnR+WSrdutRIK6zT+/+vKihtHYZbrv+7Ap

K7xOM/zJ6E9vUROmuOhL3YL3MuLn5qHEvhM0eMxEAlCnSJlFkQE4/RXhDpZJYbR7

x+PQllgoo4H6W30Dew==

-----END CERTIFICATE-----

edk2 (0~20190828.37eef910-4) UNRELEASED; urgency=medium

  * Provide an OVMF_VARS.snakeoil.fd image and matching private key for

    development testing. LP: #1850848.

 -- dann frazier <dannf@debian.org>  Fri, 01 Nov 2019 16:21:46 -0600

edk2 (0~20190828.37eef910-3) unstable; urgency=medium

  * Don't require an SMM for the OVMF.fd image. Closes: #939928.

debian/ovmf-install/OVMF_VARS*.fd	/usr/share/OVMF

debian/descriptors/50-edk2-x86_64-secure.json	/usr/share/qemu/firmware

debian/descriptors/60-edk2-x86_64.json		/usr/share/qemu/firmware

debian/PkKek-1-snakeoil.key			/usr/share/ovmf

Index: edk2/qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator

===================================================================

--- edk2.orig/qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator

+++ edk2/qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator

@@ -122,7 +122,8 @@ def enroll_keys(args):

     # change into the first file system device; install the default

     # keys and certificates, and reboot

     p.stdin.write(b'fs0:\r\n')

-    p.stdin.write(b'EnrollDefaultKeys.efi\r\n')

+    p.stdin.write(b'EnrollDefaultKeys.efi%s\r\n' %

+                  (b' --no-defaults' if args.no_defaults else b''))

     p.stdin.write(b'reset -s\r\n')

     p.stdin.flush()

     while True:

@@ -227,6 +228,9 @@ def parse_args():

                               'used for testing, could undermine Secure '

                               'Boot.'),

                         action='store_true')

+    parser.add_argument('--no-defaults',

+                        help=('Don\'t enroll default keys.'),

+                        action='store_true')

     parser.add_argument('--oem-string',

                         help=('Pass the argument to the guest as a string in '

                               'the SMBIOS Type 11 (OEM Strings) table. '