OvmfPkg: Integrate default SB keys and SB state

Signed-off-by: Michał Żygowski <[email protected]>

OvmfPkg/OvmfPkgX64.dsc

@@ -584,6 +584,7 @@
   gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowWiFiBtOption|TRUE
   gDasharoSystemFeaturesTokenSpaceGuid.PcdSecurityShowCameraOption|TRUE
 
+  gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultEnable|0
 ################################################################################
 #
 # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform

OvmfPkg/OvmfPkgX64.fdf

@@ -249,6 +249,31 @@ INF  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
   INF  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
   INF  SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
   INF  SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
+
+  # gDefaultKEKFileGuid
+  FILE FREEFORM = 6F64916E-9F7A-4C35-B952-CD041EFB05A3 {
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorKEKCA2011_2011-06-24.crt
+    SECTION UI = "DefaultKekCert"
+  }
+
+  # gDefaultPKFileGuid
+  FILE FREEFORM = 85254EA7-4759-4FC4-82D4-5EED5FB0A4A0 {
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/pk.crt
+    SECTION UI = "DefaultPkCert"
+  }
+
+  # gDefaultdbFileGuid
+  FILE FREEFORM = C491D352-7623-4843-ACCC-2791A7574421 {
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicWinProPCA2011_2011-10-19.crt
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/MicCorUEFCA2011_2011-06-27.crt
+    SECTION UI = "DefaultDbCert"
+  }
+
+  # gDefaultdbxFileGuid
+  FILE FREEFORM = 5740766A-718E-4DC0-9935-C36F7D3F884F {
+    SECTION RAW = UefiPayloadPkg/SecureBootDefaultKeys/DBXUpdate.bin
+    SECTION UI = "DefaultDbxCert"
+  }
 !endif
 
 INF  MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf