[edk2-devel] [RFC] Design review for Lazy Page Accept in TDVF

[jiaqi.gao@intel.com]

[-- Attachment #1: Type: text/plain, Size: 1876 bytes --]

Motivation:
Intel TDX provides memory encryption and integrity multi-tenancy for hardware protection. A TD-guest uses TDCALL to accept shared memory as private. However, accept whole system memory may take a long time which will have an adverse impact on the boot time performance. We introduce Lazy Page Accept method which means only part of the memory is accepted by TDVF and rest of it is left to OS to be accepted.

Issue:
Memory size that need to be accepted by TDVF cannot be determined at the beginning in some cases. For example, kernel/initrd size can be large and may exceed the memory that has been accepted. Because of this, we have to provide a method to accept memory dynamically.

We propose three options to address this issue:

  1.  Modifying the memory allocation (MdeModulePkg/Core/Dxe/Mem) logic to accept memory when OUT_OF_RESOURCE occurs.
  2.  Changing the process flow of QEMU direct boot and GRUB to accept memory when loading the image fails and returns OUT_OF_RESOURCE.
  3.  Adding AcceptMemory() as a boot service interface to simplify the implementation of option 2.
Underlying implementation of accepting memory is provided by a protocol which can be installed by architecture-specific drivers such as TdxDxe.

The details are in the design slides: https://edk2.groups.io/g/devel/files/Designs/2021/0830/TDVF%20Lazy%20Page%20Accept%28v0.7%29.pptx



I am seeking your feedback on this proposal. Thank you!



References:

[1] tdx-virtual-firmware-design-guide-rev-1.pdf. https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf

[2] A POC of Lazy Page Accept in TDVF. https://github.com/mxu9/edk2/pull/9/commits

[3] Add new unaccepted memory type in mu_basecore. https://github.com/microsoft/mu_basecore/pull/66





Best Regards,

Gao Jiaqi



[-- Attachment #2: Type: text/html, Size: 7322 bytes --]