From dd9d3a52da7a048d97d76b0724c8058b7de0cc1f Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Tue, 7 Mar 2023 09:38:09 +0100
Subject: [PATCH] debian: sync edk2-vars-generator script with packaging
 upstream

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 debian/edk2-vars-generator.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/debian/edk2-vars-generator.py b/debian/edk2-vars-generator.py
index f9328c1..9af5ff1 100755
--- a/debian/edk2-vars-generator.py
+++ b/debian/edk2-vars-generator.py
@@ -53,6 +53,11 @@ if __name__ == '__main__':
         help='UEFI code image',
         required=True,
     )
+    parser.add_argument(
+        "--no-default",
+        action="store_true",
+        help='Do not enroll the default keys, just the PK/KEK1 certificate',
+    )
     parser.add_argument(
         "-V", "--vars-template",
         help='UEFI vars template',
@@ -122,7 +127,13 @@ if __name__ == '__main__':
     child.expect(['Shell> '])
     child.sendline('FS0:\r')
     child.expect(['FS0:\\\\> '])
-    child.sendline('EnrollDefaultKeys.efi\r')
+    enrollcmd = ['EnrollDefaultKeys.efi']
+    if args.no_default:
+        enrollcmd.append("--no-default")
+    child.sendline(f'{" ".join(enrollcmd)}\r')
+    child.expect(['FS0:\\\\> '])
+    # Clear the BootOrder. See #1015759
+    child.sendline('setvar BootOrder =\r')
     child.expect(['FS0:\\\\> '])
     child.sendline('reset -s\r')
     child.wait()