On 6/16/23 02:02, Nikolay Borisov wrote: >> >> +TDX reports a list of "Convertible Memory Region" (CMR) to tell the > > nit: It might be worth mentioning that those CMRs ultimately come from > the BIOS. Because it's never mentioned here and in the "Physical Memory > Hotplug" it's directly mentioned that bios shouldn't support hot-removal > of memory. So the bios is a central component in a sense. The BIOS is weird on TDX systems. It's central, sure, but it's also untrusted. The TDX module generally has a kind of "trust but verify" approach to the BIOS. I guess the BIOS is the one poking at the memory controllers and getting the DIMMs fired up. But I _do_ think it's OK to say that CMRs come from the TDX module. The important thing is that they're trusted.
