+#ifdef CONFIG_EFI_SECURE_BOOT
+/**
+ * efi_init_secure_boot - initialize secure boot state
+ *
+ * Return: status code
+ */
+static efi_status_t efi_init_secure_boot(void)
+{
+ efi_guid_t signature_types[] = {
+ EFI_CERT_SHA256_GUID,
+ EFI_CERT_X509_GUID,
+ };
+ efi_status_t ret;
+
+ ret = efi_set_variable_int(L"SignatureSupport",
+ &efi_global_variable_guid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS |
+ EFI_VARIABLE_READ_ONLY,
+ sizeof(signature_types),
+ &signature_types, false);
+ if (ret != EFI_SUCCESS)
+ printf("EFI: cannot initialize SignatureSupport variable\n");
+
+ return ret;
+}
+#else
+static efi_status_t efi_init_secure_boot(void)
+{
+ return EFI_SUCCESS;
+}
+#endif /* CONFIG_EFI_SECURE_BOOT */
+