On Wed, Feb 23, 2022 at 02:34:23PM +0100, Philippe Mathieu-Daudé wrote: > On 23/2/22 12:07, Daniel P. Berrangé wrote: > > On Tue, Feb 22, 2022 at 06:33:41PM +0100, Philippe Mathieu-Daudé wrote: > > > +Igor/MST for UEFI tests. > > > > > > On 22/2/22 17:38, Daniel P. Berrangé wrote: > > > > On Tue, Feb 22, 2022 at 04:17:23PM +0000, Alex Bennée wrote: > > > > > > > > > > Alex Bennée <alex.ben...@linaro.org> writes: > > > > > > > > > > > Hi, > > > > > > > > > > > > TL;DR: > > > > > > > > > > > > - pc-bios/edk2-aarch64-code.fd should be rebuilt without debug > > > > > > > > > > Laszlo, > > > > > > > > > > Would it be possible to do a less debug enabled version of EDK2 on the > > > > > next update to pc-bios/edk2-*? > > > > > > > > NB, Laszlo is no longer maintaining EDK2 in QEMU, it was handed > > > > over to Philippe. I'm CC'ing Gerd too since he's a reviewer and > > > > an EDK2 contributor taking over from Lazslo in EDK2 community > > > > > > We need the DEBUG profile to ensure the bios-tables-tests work. > > > > Can you elaborate on what bios-tables-tests needs this for, and > > what coverage we would loose by disabling DEBUG. > > Maybe it was only required when the tests were developed... > I'll defer that question to Igor. > > > It may well be a better tradeoff to sacrifice part of bios-tables-tests > > in favour of shipping more broadly usable images without DEBUG. > > Why not, if users are aware/happy to use a unsafe image with various > unfixed CVEs.
Note there's nothing special about EDK2 in regard of CVE fixes (or lack thereof). The same applies to every other firmware we ship, as well as QEMU code itself. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
