On Mon, Dec 14, 2009 at 01:59:47PM -0600, Anthony Liguori wrote: > Michael S. Tsirkin wrote: >> At some level this is wrong. ROM presence is a hardware feature and you >> definitely need to select your hardware when you create a VM. For real >> hardware, cards with PXE are sometimes more expensive than without as >> they need ROM memory. People do select hardware based on this. >> >> Even when PXE is present in hardware, most BIOS >> vendors will let you turn it on/off optionally, >> for security if not for other reasons. >> >> What the default should be depends on whether the >> majority of our users use PXE. I guess not, >> and if I am right default should be off. >> > > The real way to pose this question is, what is the impact to users by > keeping this on to those that don't use it vs. the cost of turning it > off by default for users that do need it. > > So far, it's not clear to me that anyone has demonstrated how this is > harmful for people that don't want pxe booting. Assuming we fix the bug > about rom loading, then there's really no impact to users. > > Regards, > > Anthony Liguori
PXE booting might have security impact. You do not want to do this if you are on a hostile network. -- MST
