Hi, > So, my judgement is by removing PEI, we can reduce the risk introduce > by PEI Core + PEI Arch PEIM*. Reducing code == Reducing Security Risk.
Yes, PEI Core goes away. No, PEI Arch PEIM (aka OvmfPkg/PlatformPei) wouldn't go away, you would only move the code to SEC or DXE phase, the platform initialization has to happen somewhere. Moving code to DXE has its problems as outlines by James at length. Moving code to SEC has its problems too. SEC is a much more restricted environment. A direct consequence is that you have re-invented multiprocessor job scheduling (using tdx mailbox) instead of using standard mp service for parallel accept. I do not account that as "reducing complexity". And I've not yet seen the other changes you have done for pei-less tdvf ... take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#84081): https://edk2.groups.io/g/devel/message/84081 Mute This Topic: https://groups.io/mt/86739864/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
