Hi,
> > After looking at https://ipxe.org/cfg/crosscert I'm not convinced this
> > is a good idea though. This would likely put quite some load to
> > ca.ipxe.org. Also that machine becomes a single point of failure for
> > worldwide ipxe https boot, and looking through the mailing list I've
>
On Fri, Jul 24, 2020 at 05:19:38PM +0100, Michael Brown wrote:
> On 22/07/2020 15:13, Daniel P. Berrangé wrote:
> > We could easily define etc/ipxe/https/{ciphers,cacerts} paths in a
> > different format if better suited for iPXE. Libvirt can set the right
> > path depending on whether its booting
On 22/07/2020 15:13, Daniel P. Berrangé wrote:
We could easily define etc/ipxe/https/{ciphers,cacerts} paths in a
different format if better suited for iPXE. Libvirt can set the right
path depending on whether its booting a VM with EDK2 vs legacy BIOS
The most useful for iPXE would probably be
On 22/07/2020 14:21, Michael Brown wrote:
After looking at https://ipxe.org/cfg/crosscert I'm not convinced this
is a good idea though. This would likely put quite some load to
ca.ipxe.org. Also that machine becomes a single point of failure for
worldwide ipxe https boot, and looking through th
On 22/07/2020 13:08, Gerd Hoffmann wrote:
With the world moving to use https by default people start to ask for
https being enabled by default for the qemu boot roms.
We could simply flip the DOWNLOAD_PROTO_HTTPS switch in
src/config/qemu/general.h (ipxe git repo). Note that this would only
aff
