vmspawn: Exclude secure-boot unless requested

Otherwise vmspawn will still pick up firmware with support
for secure boot.

diff --git a/mkosi/vmspawn.py b/mkosi/vmspawn.py
index a5c2fa03d23cb74df8afc1b0d6e7c2412f2b0a64..8a4b364c9bbabaed7cee7fd7fa9e1eee1758f861 100644 (file)
--- a/mkosi/vmspawn.py
+++ b/mkosi/vmspawn.py
@@ -64,6 +64,8 @@ def run_vmspawn(args: Args, config: Config) -> None:
     features: list[str] = []
     if firmware == Firmware.uefi_secure_boot:
         features += ["secure-boot"]
+    elif firmware.is_uefi():
+        features += ["~secure-boot"]
     if config.firmware_variables in (Path("microsoft"), Path("microsoft-mok")):
         features += ["enrolled-keys"]