edk2-ovmf (Secure Boot enabled UEFI firmware for Qemu)
edk2-ovmf provides Secure Boot enabled 64- and 32-bit UEFI firmware
that can be used with Qemu, as well as EFI varstores with pre-enrolled
Secure Boot keys. This allows for running virtual machines with
operating systems that require Secure Boot on Qemu, such as Windows 11.
Please note that, according to the TianoCore team, although the firmware
is sufficient to run virtual machines, it does not provide the full
protective capabilities of Secure Boot. See the whitepaper in the doc
directory for details.
Qemu needs to connect to TPM v2 in order to run Windows 11; see swtpm
on SBo.