Currently available versions of sys-firmware/edk2-ovmf only install a firmware build without Secure Boot support. A build with Secure Boot support would allow easily experimenting/developing/testing Secure Boot in a VM. Build instructions from Tianocore: https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with-QEMU,-KVM-and-libvirt What Fedora does: https://src.fedoraproject.org/rpms/edk2/blob/master/f/edk2.spec Similar feature request on Arch Linux: https://bugs.archlinux.org/task/59465 I think, the gist of it is to add -D SMM_REQUIRE -D SECURE_BOOT_ENABLE to the build process. Some fiddling with OpenSSL may be required as well. I extracted OVMF_CODE.secboot.fd from Fedora's edk2-ovmf-20190308stable-1.fc31.noarch.rpm and dropped it on my Gentoo system. It works fine with qemu and libvirt.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6137d4c59ea47d77517e925d8bfd46b8b3b1f669 commit 6137d4c59ea47d77517e925d8bfd46b8b3b1f669 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2019-07-28 21:00:39 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2019-07-28 23:17:16 +0000 sys-firmware/edk2-ovmf: version bump to 201905 * switch to new upstream version number * add secure boot support * versions contains security fixes for all vulnerabilities identified in #678906c1 Closes: https://bugs.gentoo.org/680920 Closes: https://bugs.gentoo.org/681936 Closes: https://bugs.gentoo.org/665152 Bug: https://bugs.gentoo.org/678906 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Matthias Maier <tamiko@gentoo.org> sys-firmware/edk2-ovmf/Manifest | 5 +- sys-firmware/edk2-ovmf/edk2-ovmf-201905.ebuild | 153 +++++++++++++++++++++++++ 2 files changed, 156 insertions(+), 2 deletions(-)