Re: [PATCH 00/15] Enable TDX Module Extensions and DICE-based TDX Quoting

Next message: Liem: "[PATCH] i2c: imx: Switch to new reg_target/unreg_target callbacks"
Previous message: Biju Das: "RE: [PATCH 5/5] arm64: dts: renesas: r9a08g046l48-smarc: Enable audio"
In reply to: Xu Yilun: "Re: [PATCH 00/15] Enable TDX Module Extensions and DICE-based TDX Quoting"
Next in thread: Xu Yilun: "Re: [PATCH 00/15] Enable TDX Module Extensions and DICE-based TDX Quoting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sohil Mehta

Date: Wed May 27 2026 - 13:10:20 EST

On 5/27/2026 3:38 AM, Xu Yilun wrote:
>
> Because for security purpose, these add-on features are always needed,
> even if not all of them, so Extensions will most likely be enabled.
>

A cover letter is a good place to explain such nuances, alternate
approaches, and tradeoffs.

> And even if someone switched them off all and saved the memory, compared
> to the memory of a typical TDX capable system (lets say 1TB), the saving
> is still little (0.001%).
>

In this case percentages make it harder to understand. Does it need a
fixed amount of memory (~50MB) irrespective of the feature or the number
of features? If so, it would be good to mention that.

>> In addition, could you briefly describe the complexity we are trading off?
>
> If we delay the Extensions initialization to the first Extension
> SEAMCALL, we need to maintain additional TDX state machine for
> lifecycle, and we need mechanisms to synchronize parallel Extension
> enabling request from multiple callers.

This would be good to include in the cover as well.