Re: [PATCH 2/5] efi/x86: Implement support for unaccepted memory

From: Kirill A. Shutemov
Date: Thu Aug 12 2021 - 17:17:25 EST


On Tue, Aug 10, 2021 at 12:19:22PM -0700, Dave Hansen wrote:
> On 8/10/21 12:08 PM, Kirill A. Shutemov wrote:
> >>> +config UNACCEPTED_MEMORY
> >>> + bool
> >>> + depends on EFI_STUB
> >>> + help
> >>> + Some Virtual Machine platforms, such as Intel TDX, introduce
> >>> + the concept of memory acceptance, requiring memory to be accepted
> >>> + before it can be used by the guest. This protects against a class of
> >>> + attacks by the virtual machine platform.
> >>> +
> >>> + This option adds support for unaccepted memory and makes such memory
> >>> + usable by kernel.
> >> Do we really need a full-blown user-visible option here? If we, for
> >> instance, just did:
> >>
> >> config UNACCEPTED_MEMORY
> >> bool
> >> depends on EFI_STUB
> >>
> >> it could be 'select'ed from the TDX Kconfig and no users would ever be
> >> bothered with it. Would a user *ever* turn this on if they don't have
> >> TDX (or equivalent)?
> > But it's already not user selectable. Note that there's no prompt next to
> > the "bool". The "help" section is just for documentation. I think it can
> > be useful.
>
> Ahh, gotcha. I misread it. Seems like an odd thing to do, but it's
> also fairly widespread in the tree.
>
> Can you even reach that help text from any of the configuration tools?
> If you're doing an 'oldconfig', you won't get a prompt to do the "?".
> Even in the 'meunconfig' search results, it doesn't display "help" text,
> only the "prompt".

I don't know how get a tool show the text, but my vim sees just fine :P

> BTW, should this text call out that this is for parsing an actual UEFI
> feature along with the spec version? It's not obvious from the text
> that "unaccepted memory" really is a UEFI thing as opposed to being some
> kernel-only concept.

Okay.

--
Kirill A. Shutemov