On 8/9/21 11:26 PM, Kirill A. Shutemov wrote: > +config UNACCEPTED_MEMORY > + bool > + depends on EFI_STUB > + help > + Some Virtual Machine platforms, such as Intel TDX, introduce > + the concept of memory acceptance, requiring memory to be accepted > + before it can be used by the guest. This protects against a class of > + attacks by the virtual machine platform. > + > + This option adds support for unaccepted memory and makes such memory > + usable by kernel. Do we really need a full-blown user-visible option here? If we, for instance, just did: config UNACCEPTED_MEMORY bool depends on EFI_STUB it could be 'select'ed from the TDX Kconfig and no users would ever be bothered with it. Would a user *ever* turn this on if they don't have TDX (or equivalent)?
