From e34d166aaac6dbf97ee68fcb147594a8525f4f8c Mon Sep 17 00:00:00 2001
From: Kroese <kroese@users.noreply.github.com>
Date: Fri, 19 Apr 2024 22:19:01 +0200
Subject: [PATCH] fix: Disable secure boot by default

---
 src/boot.sh | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/boot.sh b/src/boot.sh
index 308b0ca..4e5dd8d 100644
--- a/src/boot.sh
+++ b/src/boot.sh
@@ -5,29 +5,32 @@ set -Eeuo pipefail
 : "${BIOS:=""}"                 # Bios file
 
 BOOT_OPTS=""
+SECURE=",secure=off"
 DIR="/usr/share/qemu"
 
 case "${BOOT_MODE,,}" in
   uefi)
-    ROM="AAVMF_CODE.fd"
+    ROM="AAVMF_CODE.no-secboot.fd"
     VARS="AAVMF_VARS.fd"
     ;;
   secure)
-    ROM="AAVMF_CODE.fd"
+    SECURE=",secure=on"
+    ROM="AAVMF_CODE.secboot.fd"
     VARS="AAVMF_VARS.fd"
     ;;
   windows)
-    ROM="AAVMF_CODE.ms.fd"
-    VARS="AAVMF_VARS.ms.fd"
+    ROM="AAVMF_CODE.no-secboot.fd"
+    VARS="AAVMF_VARS.fd"
     ;;
   windows_secure)
+    SECURE=",secure=on"
     ROM="AAVMF_CODE.ms.fd"
     VARS="AAVMF_VARS.ms.fd"
     ;;
   *)
     info "Unknown boot mode '${BOOT_MODE}', defaulting to 'uefi'"
     BOOT_MODE="uefi"
-    ROM="AAVMF_CODE.fd"
+    ROM="AAVMF_CODE.no-secboot.fd"
     VARS="AAVMF_VARS.fd"
     ;;
 esac