Re: [libvirt] [qemu RFC v2] qapi: add "firmware.json"
> Other question: Do we want allow to specify which certs/keys
are
> enrolled? Which would probably mean to drop "enrolled-keys" from
> features and make it an optional string instead,
Not an enum? "Microsoft" below should be an enum constant, shouldn't it?
I don't think so. If we want allow other certificate providers (not
sure it makes sense as all physical hardware actually runs with the
microsoft certificates), then we don't want a fixed list here. So any
CA can be listed, be it microsoft, redhat, canonical, verisign or
kraxel.org ;)
cheers,
Gerd