On 09/11/20 17:22, McMillan, Erich wrote: > I agree that fw has become the vendor OS, but at this point there's no > going back. > Utilizing a virtual platform allows us to greatly increase the security > of our code, > could we make this change a Qemu experimental flag, so that fw vendors could > use it at their own risk?
That would make me feel more comfortable, yes. Daniel proposed "firmware-max-size" (I've now taken the liberty to replace "_" with "-"; I believe that's the current rule for property names). If we called it "x-firmware-max-size" and kept the default value unchanged, I'd feel way safer. (Because then any feature request for upstream OVMF that were based on changing "x-firmware-max-size" could be refuted immediately with: "that property name starts with x-, sorry".) Thanks, Laszlo
