Re: [PATCH v2] x86/efi: Safely enable unaccepted memory in UEFI

[Ard Biesheuvel]

On Wed, 18 Jan 2023 at 16:41, Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
>
> On 1/18/23 07:09, Ard Biesheuvel wrote:
> > However, I guess we're at a point where SEV and TDX really want
> > different solutions, so I think divergence might be the way to
> > proceed.
>
> I don't think they want different things really.
>
> TDX doesn't need this protocol.  It sounds like SEV does need it,
> though.  That doesn't mean they really diverge.  They're *both* going to
> have to poke at this protocol knob to get the firmware to not accept the
> memory.
>

No, on TDX, the firmware would never accept all memory. On SEV, it
would only do so if the protocol has not been called prior to the call
to ExitBootServices().

> This does slightly change the motivation for doing explicit unaccepted
> memory support in the kernel.
>

Not on TDX.

> I also don't know _quite_ how this will look to a guest.  For instance,
> will they see different memory maps based on which protocol they are
> using?  I assume so, but didn't see any of that explicitly mentioned in
> this patch.

The EFI memory map will not contain ranges of type
EFI_UNACCEPTED_MEMORY if the memory was accepted on behalf of the OS
by the firmware. That is the point, really, as non-enlightened OSes
will ignore those.