18.12.2023 10:59, Heinrich Schuchardt:
On 12/18/23 07:41, Michael Tokarev wrote:
<snip />
Yes, we can do that. I don't see much benefit here though.
For one, I dislike dangling symlinks in package, and don't
want to add yet another directory to firmware search directories.
OpenSBI is security critical as it runs in the highest privilege mode at Linux runtime. There have been potentially security relevant code errors
detected in the past like buffer overruns.
Sure.
I am concerned that security errors fixed in the OpenSBI package might not be fixed in qemu-system-data at the same time. For the security team it
would be much more evident what to fix if there were only one package building OpenSBI.
I dunno where we have more chances to have a fix faster - in qemu than in
opensbi.
Maybe Vagrant can answer this one.
If we're to go this route, will ask opensbi maintainer(s) to create symlinks to
opensbi firmware in /usr/share/qemu/ directory. This will involve Break/Replace
of the old qemu-system-data package.
/mjt
