On Tue, Aug 10, 2021 at 12:19:22PM -0700, Dave Hansen wrote:

On 8/10/21 12:08 PM, Kirill A. Shutemov wrote:

quoted

quoted

quoted

+config UNACCEPTED_MEMORY
+	bool
+	depends on EFI_STUB
+	help
+	   Some Virtual Machine platforms, such as Intel TDX, introduce
+	   the concept of memory acceptance, requiring memory to be accepted
+	   before it can be used by the guest. This protects against a class of
+	   attacks by the virtual machine platform.
+
+	   This option adds support for unaccepted memory and makes such memory
+	   usable by kernel.

Do we really need a full-blown user-visible option here?  If we, for
instance, just did:

config UNACCEPTED_MEMORY
	bool
	depends on EFI_STUB

it could be 'select'ed from the TDX Kconfig and no users would ever be
bothered with it.  Would a user *ever* turn this on if they don't have
TDX (or equivalent)?

But it's already not user selectable. Note that there's no prompt next to
the "bool". The "help" section is just for documentation. I think it can
be useful.

Ahh, gotcha.  I misread it.  Seems like an odd thing to do, but it's
also fairly widespread in the tree.

Can you even reach that help text from any of the configuration tools?
If you're doing an 'oldconfig', you won't get a prompt to do the "?".
Even in the 'meunconfig' search results, it doesn't display "help" text,
only the "prompt".

I don't know how get a tool show the text, but my vim sees just fine :P

BTW, should this text call out that this is for parsing an actual UEFI
feature along with the spec version?  It's not obvious from the text
that "unaccepted memory" really is a UEFI thing as opposed to being some
kernel-only concept.

Okay.

-- 
 Kirill A. Shutemov