Hello all,

This branch

https://git.linaro.org/people/ard.biesheuvel/uefi-next.git/shortlog/refs/hea...

contains the minimal changes to boot AArch64 FVP with Secure Boot enabled.

Look at the commit logs for some instructions: you need to enable the embedded OpenSSL build and generate some certificates and sign your kernel.

This uses the non-volatile flash to store the certificates, so once the certificates are installed, secure boot remains enabled until you delete your nor.dat file.

Note that this includes the embedded DTB patches, as you won't be able to load a device tree using dtb=