Re: [PATCH 00/15] Enable TDX Module Extensions and DICE-based TDX Quoting

Next message: Suravee Suthikulpanit: "[PATCH v2 01/26] iommu/amd: Make amd_iommu_completion_wait() non-static"
Previous message: Svyatoslav Ryhel: "Re: [PATCH v7 0/7] mfd: Add support for Asus Transformer embedded controller"
In reply to: Sohil Mehta: "Re: [PATCH 00/15] Enable TDX Module Extensions and DICE-based TDX Quoting"
Next in thread: Sohil Mehta: "Re: [PATCH 00/15] Enable TDX Module Extensions and DICE-based TDX Quoting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xu Yilun

Date: Thu May 28 2026 - 01:16:38 EST

On Wed, May 27, 2026 at 10:09:41AM -0700, Sohil Mehta wrote:
> On 5/27/2026 3:38 AM, Xu Yilun wrote:
> >
> > Because for security purpose, these add-on features are always needed,
> > even if not all of them, so Extensions will most likely be enabled.
> >
>
> A cover letter is a good place to explain such nuances, alternate
> approaches, and tradeoffs.
>
> > And even if someone switched them off all and saved the memory, compared
> > to the memory of a typical TDX capable system (lets say 1TB), the saving
> > is still little (0.001%).
> >
>
> In this case percentages make it harder to understand. Does it need a
> fixed amount of memory (~50MB) irrespective of the feature or the number
> of features? If so, it would be good to mention that.

No the memory needed varies depends on the feature or the number of
features. But currently I see the total requirement is ~50MB.

Yes I can drop the percentage, just state the amount in MB.

>
>
> >> In addition, could you briefly describe the complexity we are trading off?
> >
> > If we delay the Extensions initialization to the first Extension
> > SEAMCALL, we need to maintain additional TDX state machine for
> > lifecycle, and we need mechanisms to synchronize parallel Extension
> > enabling request from multiple callers.
>
> This would be good to include in the cover as well.

Yes.