From 315c4fa62cd121b4d6f915160fdfd1bd83d0a95c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= <michal.zygowski@3mdeb.com>
Date: Tue, 24 Oct 2023 14:49:44 +0200
Subject: [PATCH] UefiPayloadPkg/UefiPayloadPkg.dsc: Allow setting default
 Secure Boot state
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
---
 UefiPayloadPkg/UefiPayloadPkg.dsc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 925b391d97..dfb9eb4052 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -91,6 +91,7 @@
   # Security options:
   #
   DEFINE SECURE_BOOT_ENABLE             = FALSE
+  DEFINE SECURE_BOOT_DEFAULT_ENABLE     = TRUE
   DEFINE TPM_ENABLE                     = TRUE
   DEFINE SATA_PASSWORD_ENABLE           = FALSE
   DEFINE OPAL_PASSWORD_ENABLE           = FALSE
@@ -439,6 +440,12 @@
   gUefiPayloadPkgTokenSpaceGuid.PcdLoadOptionRoms|$(LOAD_OPTION_ROMS)
   gEfiMdeModulePkgTokenSpaceGuid.PcdSdMmcGenericTimeoutValue|$(SD_MMC_TIMEOUT)
 
+!if $(SECURE_BOOT_DEFAULT_ENABLE) == TRUE
+  gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|1
+!else
+  gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|0
+!endif
+
 !if $(SOURCE_DEBUG_ENABLE)
   gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
 !endif