On 10/5/23 12:23, Gerd Hoffmann wrote: > Hi, > >>>> An Arm compatible PEIM instance of QemuFwCfgLib will need to be created. >>>> I'm happy to look into it, but I don't want to hang up this patch series on >>>> that addition. Instead, I'll set the protection policy for ArmVirtPkg to >>>> the equivalent of the new GrubCompat profile in this series. >>> >>> Can you base the default policy (i.e., the one that takes effect in the >>> absence of fw_cfg) on a PCD? >> >> That would be nice indeed. > > While being at it: Does it make sense to have *two* defaults, one for > secureboot=on (strict) and one for secureboot=off (compat) ?
I'm not sure, for now we can't enforce truly secure secure boot anyway. Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109354): https://edk2.groups.io/g/devel/message/109354 Mute This Topic: https://groups.io/mt/101469960/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-