On Tue, Jan 17, 2023 at 02:17:11AM +0300, Kirill A. Shutemov wrote:
> On Mon, Jan 16, 2023 at 11:43:15AM -0800, Dionna Amalie Glaze wrote:
> > > > I still don't understand why we need to support every imaginable
> > > > combination of firmware, bootloader and OS. Unaccepted memory only
> > > > exists on a special kind of virtual machine, which provides very
> > > > little added value unless you opt into the security and attestation
> > > > features, which are all heavily based on firmware protocols. So why
> > > > should care about a EFI-aware bootloader calling ExitBootServices()
> > > > and subsequently doing a legacy boot of Linux on such systems?
> > >
> > > Why break what works? Some users want it.
> > >
> >
> > The users that want legacy boot features will not be broken,
>
> Why do you call boot with a bootloader a legacy feature?
Linux efi kernels can be booted in two ways:
(1) old/legacy: boot loader calls ExitBootServices and jumps to the
kernel entry point.
(2) new/efi stub: boot loader does *not* call ExitBootServices, but
loads the linux kernel as efi binary instead. The linux kernel
efi stub calls ExitBootServices then.
All kernel version relevant here (new enough to support SEV-SNP / TDX)
have efi stub support, so (1) does not really matter in practice.
the efi stub was added *exactly* to handle cases like this one: the
kernel can do efi calls needed on its own without depending on the
boot loader doing it on behalf of the kernel.
> > This means that users of a distro that has not enabled unaccepted
> > memory support cannot simply start a VM with the usual command, but
> > instead have to know a baroque extra flag to get access to all the
> > memory that they configured the machine (and for a CSP customer, paid
> > for). That's not a good experience.
>
> New features require enabling. It is not something new.
Asking user to manually configure something which can be handled
automatically just fine is a bad design.
take care,
Gerd
