Am Fr., 8. Feb. 2019 um 11:02 Uhr schrieb Ivan Ivanov qmastery16@gmail.com:
If you need Secureboot you could use countless of proprietary UEFI boards.
There are users that put Tianocore-as-payload on top of coreboot, and while this probably isn't the most common use case, it's just as valid as any other payload. When using Tianocore it makes sense to implement their SecureBoot system as well.
Back to the original question: Secure Boot requires, for the most part, a non-volatile variable store for UEFI to use. We have one that you need to enable, called smmstore, but it also requires a change to edk2 that you can find at https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/m...
It's not _super_ well tested, but works for some trivial use cases.
With that, you'll have persistent variables. From there, it's mostly telling the edk2 build to add all the secure boot bits and pieces that build on top of that. I'm not aware that anybody has completed that task. As I mentioned earlier, it's not a very common use case. When you implement the whole SecureBoot stack, I'd appreciate patches and/or documentation so everybody needn't reinvent that particular wheel.
Regards, Patrick