Intel's Unaccepted Memory Support Updated For Substantially Faster Booting Of TDX VMs
1 min read
Jan 21, 2022
Way back in August Intel posted a set of Linux kernel patches for supporting "unaccepted memory" by the Linux kernel in preparation for next-generation Xeon processors and speeding up the boot time for guest virtual machines making use of Intel's Trust Domain Extensions (TDX) security feature. Unaccepted memory support hasn't yet made it to the mainline kernel but now a second iteration of the patches have been posted.
UEFI 2.9 introduces the concept of memory acceptance and unaccepted memory. This makes it so guests need to "accept" memory before it can be allocated/used within the guest's environment while the actual acceptance handling is depending upon the VM hypervisor. This memory acceptance is important for Intel TDX and AMD SEV-SNP to avoid the expensive memory acceptance at boot time for new VMs and to instead make it on-demand / as-needed. It's also possible to be a security benefit in its own right by keeping the memory unaccepted until it's actually going to be used.
The link for this article located at Phoronix is no longer available.
Related Articles
1 - 0 min read
Tsurugi Linux: A Game-Changing DFIR Analysis Tool
1 - 0 min read
Red Hat adds four years of extended support for RHEL 7
1 - 0 min read
Supershell – Open-Source Botnet That Obtain SSH Shell Access
1 - 0 min read
New Patches Aim To Tackle Linux x86_64 PIE Support
1 - 0 min read
SELinux In Linux 6.4 Removes Run-Time Disabling Support
