Thread (49 messages) 49 messages, 6 authors, 2021-08-19

Re: [PATCH 2/5] efi/x86: Implement support for unaccepted memory

From: Kirill A. Shutemov <hidden>
Date: 2021-08-10 19:08:59
Also in: linux-coco, lkml 

On Tue, Aug 10, 2021 at 11:30:42AM -0700, Dave Hansen wrote:
On 8/9/21 11:26 PM, Kirill A. Shutemov wrote:
quoted
+config UNACCEPTED_MEMORY
+	bool
+	depends on EFI_STUB
+	help
+	   Some Virtual Machine platforms, such as Intel TDX, introduce
+	   the concept of memory acceptance, requiring memory to be accepted
+	   before it can be used by the guest. This protects against a class of
+	   attacks by the virtual machine platform.
+
+	   This option adds support for unaccepted memory and makes such memory
+	   usable by kernel.
Do we really need a full-blown user-visible option here?  If we, for
instance, just did:

config UNACCEPTED_MEMORY
	bool
	depends on EFI_STUB

it could be 'select'ed from the TDX Kconfig and no users would ever be
bothered with it.  Would a user *ever* turn this on if they don't have
TDX (or equivalent)?
But it's already not user selectable. Note that there's no prompt next to
the "bool". The "help" section is just for documentation. I think it can
be useful.

-- 
 Kirill A. Shutemov
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help