UEFI SecureCode hangs on MacOs - 8.1.1 / MacOS Ventura

Host environment

Operating system: MacOS ventura 13.6
OS/kernel version: Darwin OM-C02F87Z0ML7H 22.6.0 Darwin Kernel Version 22.6.0: Fri Sep 15 13:39:52 PDT 2023; root:xnu-8796.141.3.700.8~1/RELEASE_X86_64 x86_64
Architecture: x86_64, ARM - problem tested on devices with Intel and Apple silicon
QEMU flavor: qemu-system-x86_64
QEMU version: QEMU emulator version 8.1.1
QEMU command line:

cp -f ${QEMU_ROOT}/share/qemu/edk2-i386-vars.fd ./uefi-vars.fd

qemu-system-x86_64 -machine q35 -smp 2 -m 4G  \
   -device usb-ehci \
   -drive if=pflash,format=raw,unit=0,readonly=on,file=${QEMU_ROOT}/share/qemu/edk2-x86_64-secure-code.fd \
   -drive if=pflash,format=raw,unit=1,file=./uefi-vars.fd \
   -device virtio-gpu-pci

Emulated/Virtualized environment

Operating system: None - hangs during UEFI bios load
OS/kernel version: N/A
Architecture: x86_64

Description of problem

Unable to load edk2 secure boot UEFI code. Non-secure edk2 bios works fine, but secure one hangs during load.

Steps to reproduce

Run mentioned command - it should display OVMF logo - but it hangs

Additional information

edk2-x86_64-code.fd works fine, edk2-x86_64-secure-code.fd not
Tested with swtpm and without - doesn't matter
TPM access has been observed (when swtpm enabled) - sounds like secure-code validation partially works

To enable TPM:

   -chardev socket,id=chrtpm,path=mytpm0/swtpm-sock \
   -tpmdev emulator,id=tpm0,chardev=chrtpm \
   -device tpm-tis,tpmdev=tpm0 \

and run swtpm

swtpm socket --tpm2 --tpmstate dir=mytpm0 --ctrl type=unixio,path=mytpm0/swtpm-sock

Edited Oct 03, 2023 by Jacek S.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information