On Thu, 2018-06-07 at 11:36 +0100, Daniel P. Berrangé wrote: > On Thu, Jun 07, 2018 at 11:32:18AM +0100, Richard W.M. Jones wrote: > > Another problem which Laszlo mentioned is the varstore isn't portable > > between UEFI implementations, or if the UEFI is compiled with > > different options. You can even imagine shipping multiple > > varstores(!) which argues for a tar-like format. > > Could we perhaps imagine shipping the actual UEFI bios, rather > than only the varstore. The bios blob runs in guest context, > so there shouldn't be able security concerns from hosting > vendors with running user provided bios. Mostly its a matter > of confidence that the interface between bios & qemu is stable > which feels easier than assuming varstore vs different bios is > portable.
That sounds sensible, and further reinforces the idea that we need way more than a single string baked into the qcow2 file. -- Andrea Bolognani / Red Hat / Virtualization
