Intel's Unaccepted Memory Support Updated For Substantially Faster ...

Advisories

Discover Security Projects News

Intel's Unaccepted Memory Support Updated For Substantially Faster Booting Of TDX VMs

20.Lock AbstractDigital Circular

Way back in August Intel posted a set of Linux kernel patches for supporting "unaccepted memory" by the Linux kernel in preparation for next-generation Xeon processors and speeding up the boot time for guest virtual machines making use of Intel's Trust Domain Extensions (TDX) security feature. Unaccepted memory support hasn't yet made it to the mainline kernel but now a second iteration of the patches have been posted.

UEFI 2.9 introduces the concept of memory acceptance and unaccepted memory. This makes it so guests need to "accept" memory before it can be allocated/used within the guest's environment while the actual acceptance handling is depending upon the VM hypervisor. This memory acceptance is important for Intel TDX and AMD SEV-SNP to avoid the expensive memory acceptance at boot time for new VMs and to instead make it on-demand / as-needed. It's also possible to be a security benefit in its own right by keeping the memory unaccepted until it's actually going to be used.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.