On Tue, Aug 10, 2021 at 11:30:42AM -0700, Dave Hansen wrote: > On 8/9/21 11:26 PM, Kirill A. Shutemov wrote: > > +config UNACCEPTED_MEMORY > > + bool > > + depends on EFI_STUB > > + help > > + Some Virtual Machine platforms, such as Intel TDX, introduce > > + the concept of memory acceptance, requiring memory to be accepted > > + before it can be used by the guest. This protects against a class of > > + attacks by the virtual machine platform. > > + > > + This option adds support for unaccepted memory and makes such memory > > + usable by kernel. > > Do we really need a full-blown user-visible option here? If we, for > instance, just did: > > config UNACCEPTED_MEMORY > bool > depends on EFI_STUB > > it could be 'select'ed from the TDX Kconfig and no users would ever be > bothered with it. Would a user *ever* turn this on if they don't have > TDX (or equivalent)? But it's already not user selectable. Note that there's no prompt next to the "bool". The "help" section is just for documentation. I think it can be useful. -- Kirill A. Shutemov
