On Mon, Nov 06, 2017 at 10:02:05PM +0100, Patrick Ohly wrote: > On Mon, 2017-11-06 at 17:26 +0000, Daniel P. Berrange wrote: > > I can see the argument about it making QEMU easier to use, and those > > who care about security aren't forced to use this new feature. It > > none the less has a cost on maintainers and existance of these > > features does reflect on QEMU's security reputation even if many > > don't use it. > > With Yocto we really don't have much choice: we need a patch like this > because the alternative (introducing support for spawning and stopping > swtpm and then passing the right parameters to QEMU) is way more > complex. So if this patch isn't acceptable to QEMU upstream, then I > will keep it as simple as possible and propose it as a local patch in > Yocto.
I don't really buy this argument. Any distro's core job is the ability to start/stop/manage processes. Saying yocto is unable to manage runing of swtpm is really dubious - it is simply a choice to declare that it is QEMU's job. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
