From 5dfe6c9cf7bc2e60f34d9637ba6b117d7209426d Mon Sep 17 00:00:00 2001
From: Martin Wimpress <martin@wimpress.org>
Date: Sat, 24 Jan 2026 19:49:04 +0000
Subject: [PATCH] fix(quickemu): enable pflash secure property only when
 secureboot on

Signed-off-by: Martin Wimpress <martin@wimpress.org>
---
 quickemu | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/quickemu b/quickemu
index 0d3fec6..8219dce 100755
--- a/quickemu
+++ b/quickemu
@@ -1781,10 +1781,13 @@ function vm_boot() {
             args+=(-blockdev node-name=rom,driver=file,filename="${EFI_CODE}",read-only=true
                 -blockdev node-name=efivars,driver=file,filename="${EFI_VARS}")
         else
-            # x86 uses traditional pflash drives with secure boot support
+            # x86 uses traditional pflash drives
+            # Only enable secure pflash property when SecureBoot is requested
             # shellcheck disable=SC2054
-            args+=(-global driver=cfi.pflash01,property=secure,value=on
-                -drive if=pflash,format="${EFI_CODE_FORMAT}",unit=0,file="${EFI_CODE}",readonly=on
+            if [ "${secureboot}" == "on" ]; then
+              args+=(-global driver=cfi.pflash01,property=secure,value=on)
+            fi
+            args+=(-drive if=pflash,format="${EFI_CODE_FORMAT}",unit=0,file="${EFI_CODE}",readonly=on
                 -drive if=pflash,format="${EFI_VARS_FORMAT}",unit=1,file="${EFI_VARS}")
         fi
     fi