diff --git a/40-edk2-ovmf-ia32-sb-enrolled.json b/40-edk2-ovmf-ia32-sb-enrolled.json
new file mode 100644
index 0000000..8a907de
--- /dev/null
+++ b/40-edk2-ovmf-ia32-sb-enrolled.json
@@ -0,0 +1,35 @@
+{
+    "description": "OVMF for i386, with SB+SMM, SB enabled, MS certs enrolled",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "i386",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "enrolled-keys",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/40-edk2-ovmf-sb-enrolled.json b/40-edk2-ovmf-sb-enrolled.json
new file mode 100644
index 0000000..6c2225c
--- /dev/null
+++ b/40-edk2-ovmf-sb-enrolled.json
@@ -0,0 +1,36 @@
+{
+    "description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "amd-sev",
+        "enrolled-keys",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/50-edk2-ovmf-ia32-sb.json b/50-edk2-ovmf-ia32-sb.json
new file mode 100644
index 0000000..cb7501d
--- /dev/null
+++ b/50-edk2-ovmf-ia32-sb.json
@@ -0,0 +1,34 @@
+{
+    "description": "OVMF for i386, with SB+SMM, empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "i386",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/50-edk2-ovmf-sb.json b/50-edk2-ovmf-sb.json
new file mode 100644
index 0000000..99345ca
--- /dev/null
+++ b/50-edk2-ovmf-sb.json
@@ -0,0 +1,35 @@
+{
+    "description": "OVMF for x86_64, with SB+SMM, empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "amd-sev",
+        "requires-smm",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/60-edk2-ovmf-ia32.json b/60-edk2-ovmf-ia32.json
new file mode 100644
index 0000000..d2cb1e8
--- /dev/null
+++ b/60-edk2-ovmf-ia32.json
@@ -0,0 +1,33 @@
+{
+    "description": "OVMF for i386, without SB, without SMM, with empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "i386",
+            "machines": [
+                "pc-i440fx-*",
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/60-edk2-ovmf.json b/60-edk2-ovmf.json
new file mode 100644
index 0000000..355691b
--- /dev/null
+++ b/60-edk2-ovmf.json
@@ -0,0 +1,34 @@
+{
+    "description": "OVMF for x86_64, without SB, without SMM, with empty varstore",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-i440fx-*",
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "acpi-s3",
+        "amd-sev",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/70-edk2-aarch64-verbose.json b/70-edk2-aarch64-verbose.json
new file mode 100644
index 0000000..a553dc1
--- /dev/null
+++ b/70-edk2-aarch64-verbose.json
@@ -0,0 +1,31 @@
+{
+    "description": "UEFI firmware for aarch64, verbose logs",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "aarch64",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+        "verbose-static"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/70-edk2-arm-verbose.json b/70-edk2-arm-verbose.json
new file mode 100644
index 0000000..9e2cb0d
--- /dev/null
+++ b/70-edk2-arm-verbose.json
@@ -0,0 +1,31 @@
+{
+    "description": "UEFI firmware for arm, verbose logs",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "executable": {
+            "filename": "/usr/share/edk2/arm/QEMU_EFI-pflash.raw",
+            "format": "raw"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/arm/vars-template-pflash.raw",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "arm",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+        "verbose-static"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/edk2.spec b/edk2.spec
index 3b7ab93..53a57c7 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -76,6 +76,16 @@ Source11:       build-iso.sh
 Source12:       update-tarball.sh
 Source13:       openssl-patch-to-tarball.sh
 
+# Fedora-specific JSON "descriptor files"
+Source14: 	40-edk2-ovmf-sb-enrolled.json
+Source15: 	50-edk2-ovmf-sb.json
+Source16: 	60-edk2-ovmf.json
+Source17: 	40-edk2-ovmf-ia32-sb-enrolled.json
+Source18: 	50-edk2-ovmf-ia32-sb.json
+Source19: 	60-edk2-ovmf-ia32.json
+Source20: 	70-edk2-aarch64-verbose.json
+Source21: 	70-edk2-arm-verbose.json
+
 # non-upstream patches
 Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
 Patch0002: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
@@ -424,9 +434,27 @@ ln -sf ../%{name}/ovmf/OVMF_CODE.secboot.fd        %{buildroot}/usr/share/OVMF
 ln -sf ../%{name}/ovmf/OVMF_VARS.fd                %{buildroot}/usr/share/OVMF
 ln -sf ../%{name}/ovmf/OVMF_VARS.secboot.fd        %{buildroot}/usr/share/OVMF
 ln -sf ../%{name}/ovmf/UefiShell.iso               %{buildroot}/usr/share/OVMF
+
+# For distro-provided firmware packages, the specification
+# (https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json)
+# says the JSON "descriptor files" to be searched in this directory:
+# `/usr/share/firmware/`.  Create it.
+mkdir -p %{buildroot}/%{_datadir}/qemu/firmware
+
+# Install the two variants of the x86_64 firmware descriptor files
+# (50-edk2-x86_64-secure.json and 60-edk2-x86_64.json)
+install -pm 644 %{SOURCE14} %{buildroot}/%{_datadir}/qemu/firmware
+install -pm 644 %{SOURCE15} %{buildroot}/%{_datadir}/qemu/firmware
+install -pm 644 %{SOURCE16} %{buildroot}/%{_datadir}/qemu/firmware
 %endif
 %if 0%{?build_ovmf_ia32:1}
 cp -a ovmf-ia32 %{buildroot}/usr/share/%{name}
+
+# Install the two variants of the ia32 firmware descriptor files
+# (50-edk2-i386-secure.json and 60-edk2-i386.json)
+install -pm 644 %{SOURCE17} %{buildroot}/%{_datadir}/qemu/firmware
+install -pm 644 %{SOURCE18} %{buildroot}/%{_datadir}/qemu/firmware
+install -pm 644 %{SOURCE19} %{buildroot}/%{_datadir}/qemu/firmware
 %endif
 %if 0%{?build_aavmf_aarch64:1}
 cp -a aarch64 %{buildroot}/usr/share/%{name}
@@ -434,10 +462,15 @@ cp -a aarch64 %{buildroot}/usr/share/%{name}
 mkdir %{buildroot}/usr/share/AAVMF
 ln -sf ../%{name}/aarch64/QEMU_EFI-pflash.raw      %{buildroot}/usr/share/AAVMF/AAVMF_CODE.fd
 ln -sf ../%{name}/aarch64/vars-template-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF_VARS.fd
+
+# Install the AArch64 firmware descriptor file (60-edk2-aarch64.json)
+install -pm 644 %{SOURCE20} %{buildroot}/%{_datadir}/qemu/firmware
 %endif
 %if 0%{?build_aavmf_arm:1}
 cp -a arm %{buildroot}/usr/share/%{name}
 ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw          %{buildroot}/usr/share/AAVMF/AAVMF32_CODE.fd
+# Install the ARM firmware descriptor file (60-edk2-arm.json)
+install -pm 644 %{SOURCE21} %{buildroot}/%{_datadir}/qemu/firmware
 %endif
 
 install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_bindir}
@@ -495,9 +528,11 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 %doc ovmf-whitepaper-c770f8c.txt
 %dir /usr/share/%{name}
 %dir /usr/share/%{name}/ovmf
+%dir /usr/share/qemu/firmware
 /usr/share/%{name}/ovmf/OVMF*.fd
 /usr/share/%{name}/ovmf/*.efi
 /usr/share/%{name}/ovmf/*.iso
+/usr/share/qemu/firmware/*.json
 /usr/share/OVMF
 %endif
 
@@ -509,9 +544,11 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 %doc ovmf-whitepaper-c770f8c.txt
 %dir /usr/share/%{name}
 %dir /usr/share/%{name}/ovmf-ia32
+%dir /usr/share/qemu/firmware
 /usr/share/%{name}/ovmf-ia32/OVMF*.fd
 /usr/share/%{name}/ovmf-ia32/*.efi
 /usr/share/%{name}/ovmf-ia32/*.iso
+/usr/share/qemu/firmware/*.json
 %endif
 
 %if 0%{?build_aavmf_aarch64:1}
@@ -520,8 +557,10 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 %license LICENSE.openssl
 %dir /usr/share/%{name}
 %dir /usr/share/%{name}/aarch64
+%dir /usr/share/qemu/firmware
 /usr/share/%{name}/aarch64/QEMU*.fd
 /usr/share/%{name}/aarch64/*.raw
+/usr/share/qemu/firmware/*.json
 /usr/share/AAVMF/AAVMF_*
 %endif
 
@@ -531,8 +570,10 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 %license LICENSE.openssl
 %dir /usr/share/%{name}
 %dir /usr/share/%{name}/arm
+%dir /usr/share/qemu/firmware
 /usr/share/%{name}/arm/QEMU*.fd
 /usr/share/%{name}/arm/*.raw
+/usr/share/qemu/firmware/*.json
 /usr/share/AAVMF/AAVMF32_*
 %endif
 
@@ -542,6 +583,8 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
 - Update to stable-201905
 - Update to openssl-1.1.1b
 - Ship VARS file for ovmf-ia32 (bug 1688596)
+- Ship Fedora-variant JSON "firmware descriptor files"
+- Resolves rhbz#1728652
 
 * Mon Mar 18 2019 Cole Robinson <aintdiscole@gmail.com> - 20190308stable-1
 - Use YYYYMMDD versioning to fix upgrade path