Re: [PATCH v1 2/2] x86/sev: Add SNP-specific unaccepted memory support

From: Dionna Amalie Glaze
Date: Tue Aug 23 2022 - 19:28:26 EST


> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1553,6 +1553,7 @@ config AMD_MEM_ENCRYPT
> select INSTRUCTION_DECODER
> select ARCH_HAS_CC_PLATFORM
> select X86_MEM_ENCRYPT
> + select UNACCEPTED_MEMORY
> help
> Say yes to enable support for the encryption of system memory.
> This requires an AMD processor that supports Secure Memory

At the risk of starting another centithread like on Kirill's patches
for unaccepted memory, I think this needs to be brought up.

By making unaccepted_memory on option rather than a dependency, we get
into an inescapable situation of always needing to know whether or not
the guest OS will support unaccepted memory, from within the firmware.
I think that makes a UEFI specification change necessary.
If we don't make this configurable, and indeed make it a dependency,
then we can say SEV-SNP implies that the firmware should create
unaccepted memory. We can work around the short gap of support between
kernel versions.

What are your thoughts on dependency versus UEFI spec change to allow
this configuration to be negotiated with the firmware?

--
-Dionna Glaze, PhD (she/her)