Arthur Heymans has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/63763 )
Change subject: device/Kconfig: Change ON_DEVICE_ROM_LOAD default ......................................................................
device/Kconfig: Change ON_DEVICE_ROM_LOAD default
Defaulting to 'y' to load optional blobs from PCI cards is not a good idea in an open source project. On top of that PCI option roms are a security issue.
This would affect desktop use cases that expect graphic output in the payload on an external GPU.
Change-Id: I70b4ca6bf83f2d2fa591e30967e481d67e1b9f87 Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/device/Kconfig 1 file changed, 1 insertion(+), 4 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/63/63763/1
diff --git a/src/device/Kconfig b/src/device/Kconfig index 388972c..1899a95 100644 --- a/src/device/Kconfig +++ b/src/device/Kconfig @@ -171,8 +171,7 @@
config ON_DEVICE_ROM_LOAD bool "Load Option ROMs on PCI devices" - default n if PAYLOAD_SEABIOS - default y if !PAYLOAD_SEABIOS + default n depends on VGA_ROM_RUN help Load Option ROMs stored on PCI/PCIe/AGP VGA devices in coreboot. @@ -186,8 +185,6 @@ more complete BIOS interrupt services available than coreboot, which some option ROMs require in order to function correctly.
- If unsure, say N when using SeaBIOS as payload, Y otherwise. - choice prompt "Option ROM execution type" default PCI_OPTION_ROM_RUN_YABEL if !ARCH_X86