Debian: config: don't unset CONFIG_EFIVAR_FS

When testing mokutil we found that import/delete functions don't
work fine without efivarfs.
The efivarfs at /sys/firmware/efi/efivars is a new way to access
the efi-variables and it is better supported by efi tools than the
old way /sys/firmware/efi/vars. So here compile the efivarfs as a
module by default. This won't affect the old way.

Test Plan:
 The tests are done with all 3 commits for root/tools/kernel
 repos.
 PASS: build and install the iso image and boot up with secure boot
       enabled, run "sudo mokutil --sb-state", the result is:
       "SecureBoot enabled".
 PASS: run "sudo mokutil --import example.der";
       reboot the target;
       select to enroll the key in MOK manager before grub menu starts;
       check with "sudo mokutil --list-enrolled" to find the right key
       there after system boots up.
 PASS: above tests are done for both std and rt installations.

Depends-On: https://review.opendev.org/c/starlingx/tools/+/869533

Partial-Bug: 2002259

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: I1cc818717cacd9546e3045840398589a84192d7d

kernel-rt/debian/deb_patches/0022-config-don-t-unset-CONFIG_EFIVAR_FS.patch

@@ -0,0 +1,30 @@
+From 499fdf920b9b5523b7e0d47bbefb736ba54f7ece Mon Sep 17 00:00:00 2001
+From: Li Zhou <li.zhou@windriver.com>
+Date: Fri, 13 Jan 2023 19:20:29 +0800
+Subject: [PATCH] config: don't unset CONFIG_EFIVAR_FS
+
+The efivarfs at /sys/firmware/efi/efivars is a new way to access
+the efi-variables and it is better supported by efi tools than the
+old way /sys/firmware/efi/vars. So here compile the efivarfs as a
+module by default.
+
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ debian/config/amd64/none/config | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/debian/config/amd64/none/config b/debian/config/amd64/none/config
+index 06e93c2..22fae05 100644
+--- a/debian/config/amd64/none/config
++++ b/debian/config/amd64/none/config
+@@ -5471,7 +5471,6 @@ CONFIG_HUGETLB_PAGE=y
+ CONFIG_MEMFD_CREATE=y
+ CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
+ CONFIG_CONFIGFS_FS=y
+-# CONFIG_EFIVAR_FS is not set
+ # end of Pseudo filesystems
+ 
+ CONFIG_MISC_FILESYSTEMS=y
+-- 
+2.17.1
+

kernel-rt/debian/deb_patches/series

@@ -19,3 +19,4 @@
 0019-Place-module-signing-keys-in-a-separate-packa.patch
 0020-Upgrade-5.10-kernel-to-5.10.152.patch
 0021-kernel-rt-unset-LOCK_DOWN_IN_EFI_SECURE_BOOT.patch
+0022-config-don-t-unset-CONFIG_EFIVAR_FS.patch

kernel-std/debian/deb_patches/0021-config-don-t-unset-CONFIG_EFIVAR_FS.patch

@@ -0,0 +1,30 @@
+From 499fdf920b9b5523b7e0d47bbefb736ba54f7ece Mon Sep 17 00:00:00 2001
+From: Li Zhou <li.zhou@windriver.com>
+Date: Fri, 13 Jan 2023 19:20:29 +0800
+Subject: [PATCH] config: don't unset CONFIG_EFIVAR_FS
+
+The efivarfs at /sys/firmware/efi/efivars is a new way to access
+the efi-variables and it is better supported by efi tools than the
+old way /sys/firmware/efi/vars. So here compile the efivarfs as a
+module by default.
+
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ debian/config/amd64/none/config | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/debian/config/amd64/none/config b/debian/config/amd64/none/config
+index 06e93c2..22fae05 100644
+--- a/debian/config/amd64/none/config
++++ b/debian/config/amd64/none/config
+@@ -5471,7 +5471,6 @@ CONFIG_HUGETLB_PAGE=y
+ CONFIG_MEMFD_CREATE=y
+ CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
+ CONFIG_CONFIGFS_FS=y
+-# CONFIG_EFIVAR_FS is not set
+ # end of Pseudo filesystems
+ 
+ CONFIG_MISC_FILESYSTEMS=y
+-- 
+2.17.1
+

kernel-std/debian/deb_patches/series

@@ -18,3 +18,4 @@
 0018-Place-module-signing-keys-in-a-separate-packa.patch
 0019-Upgrade-5.10-kernel-to-5.10.152.patch
 0020-kernel-std-unset-LOCK_DOWN_IN_EFI_SECURE_BOOT.patch
+0021-config-don-t-unset-CONFIG_EFIVAR_FS.patch