From fd12adfb32bfee74c137b5af86b20be4c51aa785 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Tue, 5 Oct 2021 20:05:20 +0200
Subject: [PATCH] ui: efi: default to new 4MB format and allow pre-enrolled
 keys

to allow "real" secure boot, at least real enough for Windows 11 ;)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 www/manager6/qemu/HDEfi.js      | 21 ++++++++++++++++++++-
 www/manager6/qemu/SystemEdit.js | 18 +++---------------
 2 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/www/manager6/qemu/HDEfi.js b/www/manager6/qemu/HDEfi.js
index 6a8aaa4a..befdc932 100644
--- a/www/manager6/qemu/HDEfi.js
+++ b/www/manager6/qemu/HDEfi.js
@@ -24,8 +24,14 @@ Ext.define('PVE.qemu.EFIDiskInputPanel', {
 	    me.drive.file = values.hdstorage + ":1";
 	}
 
+	// always default to newer 4m type with secure boot support, if we're
+	// adding a new EFI disk there can't be any old state anyway
+	me.drive.efitype = '4m';
+	me.drive['pre-enrolled-keys'] = values.preEnrolledKeys;
+	delete values.preEnrolledKeys;
+
 	me.drive.format = values.diskformat;
-	var params = {};
+	let params = {};
 	params[confid] = PVE.Parser.printQemuDrive(me.drive);
 	return params;
     },
@@ -39,6 +45,7 @@ Ext.define('PVE.qemu.EFIDiskInputPanel', {
     setDisabled: function(disabled) {
 	let me = this;
 	me.down('pveDiskStorageSelector').setDisabled(disabled);
+	me.down('proxmoxcheckbox[name=preEnrolledKeys]').setDisabled(disabled);
 	me.callParent(arguments);
     },
 
@@ -56,6 +63,18 @@ Ext.define('PVE.qemu.EFIDiskInputPanel', {
 		disabled: me.disabled,
 		hideSize: true,
 	    },
+	    {
+		xtype: 'proxmoxcheckbox',
+		name: 'preEnrolledKeys',
+		checked: true,
+		fieldLabel: gettext("Pre-Enroll keys"),
+		disabled: me.disabled,
+		//boxLabel: '(e.g., Microsoft secure-boot keys')',
+		autoEl: {
+		    tag: 'div',
+		    'data-qtip': gettext('Enroll standard distribution and Microsoft secure boot keys.'),
+		},
+	    },
 	    {
 		xtype: 'label',
 		text: gettext("Warning: The VM currently does not uses 'OVMF (UEFI)' as BIOS."),
diff --git a/www/manager6/qemu/SystemEdit.js b/www/manager6/qemu/SystemEdit.js
index 8ed367fb..f88dfb37 100644
--- a/www/manager6/qemu/SystemEdit.js
+++ b/www/manager6/qemu/SystemEdit.js
@@ -22,24 +22,11 @@ Ext.define('PVE.qemu.SystemInputPanel', {
 	    values['serial' + values.vga.substr(6, 1)] = 'socket';
 	}
 
-	var efidrive = {};
-	if (values.hdimage) {
-	    efidrive.file = values.hdimage;
-	} else if (values.hdstorage) {
-	    efidrive.file = values.hdstorage + ":1";
-	}
-
-	if (values.diskformat) {
-	    efidrive.format = values.diskformat;
-	}
-
 	delete values.hdimage;
 	delete values.hdstorage;
 	delete values.diskformat;
 
-	if (efidrive.file) {
-	    values.efidisk0 = PVE.Parser.printQemuDrive(efidrive);
-	}
+	delete values.preEnrolledKeys; // efidisk
 
 	return values;
     },
@@ -122,7 +109,7 @@ Ext.define('PVE.qemu.SystemInputPanel', {
 	    fieldLabel: gettext('Add EFI Disk'),
 	},
 	{
-	    xtype: 'pveDiskStorageSelector',
+	    xtype: 'pveEFIDiskInputPanel',
 	    name: 'efidisk0',
 	    storageContent: 'images',
 	    bind: {
@@ -134,6 +121,7 @@ Ext.define('PVE.qemu.SystemInputPanel', {
 	    disabled: true,
 	    hidden: true,
 	    hideSize: true,
+	    usesEFI: true,
 	},
     ],