lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2021 12:19:22 -0700 From: Dave Hansen <dave.hansen@...el.com> To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com> Cc: "Kirill A. Shutemov" <kirill@...temov.name>, Borislav Petkov <bp@...en8.de>, Andy Lutomirski <luto@...nel.org>, Sean Christopherson <seanjc@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Joerg Roedel <jroedel@...e.de>, Andi Kleen <ak@...ux.intel.com>, Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>, David Rientjes <rientjes@...gle.com>, Vlastimil Babka <vbabka@...e.cz>, Tom Lendacky <thomas.lendacky@....com>, Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra <peterz@...radead.org>, Paolo Bonzini <pbonzini@...hat.com>, Ingo Molnar <mingo@...hat.com>, Varad Gautam <varad.gautam@...e.com>, Dario Faggioli <dfaggioli@...e.com>, x86@...nel.org, linux-mm@...ck.org, linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/5] efi/x86: Implement support for unaccepted memory On 8/10/21 12:08 PM, Kirill A. Shutemov wrote: >>> +config UNACCEPTED_MEMORY >>> + bool >>> + depends on EFI_STUB >>> + help >>> + Some Virtual Machine platforms, such as Intel TDX, introduce >>> + the concept of memory acceptance, requiring memory to be accepted >>> + before it can be used by the guest. This protects against a class of >>> + attacks by the virtual machine platform. >>> + >>> + This option adds support for unaccepted memory and makes such memory >>> + usable by kernel. >> Do we really need a full-blown user-visible option here? If we, for >> instance, just did: >> >> config UNACCEPTED_MEMORY >> bool >> depends on EFI_STUB >> >> it could be 'select'ed from the TDX Kconfig and no users would ever be >> bothered with it. Would a user *ever* turn this on if they don't have >> TDX (or equivalent)? > But it's already not user selectable. Note that there's no prompt next to > the "bool". The "help" section is just for documentation. I think it can > be useful. Ahh, gotcha. I misread it. Seems like an odd thing to do, but it's also fairly widespread in the tree. Can you even reach that help text from any of the configuration tools? If you're doing an 'oldconfig', you won't get a prompt to do the "?". Even in the 'meunconfig' search results, it doesn't display "help" text, only the "prompt". BTW, should this text call out that this is for parsing an actual UEFI feature along with the spec version? It's not obvious from the text that "unaccepted memory" really is a UEFI thing as opposed to being some kernel-only concept.
Powered by blists - more mailing lists