Intel's Unaccepted Memory Support Updated For Substantially Faster Booting Of TDX VMs
Written by Michael Larabel in Intel on 20 January 2022 at 06:42 AM EST. Add A Comment
INTEL --
Way back in August Intel posted a set of Linux kernel patches for supporting "unaccepted memory" by the Linux kernel in preparation for next-generation Xeon processors and speeding up the boot time for guest virtual machines making use of Intel's Trust Domain Extensions (TDX) security feature. Unaccepted memory support hasn't yet made it to the mainline kernel but now a second iteration of the patches have been posted.

UEFI 2.9 introduces the concept of memory acceptance and unaccepted memory. This makes it so guests need to "accept" memory before it can be allocated/used within the guest's environment while the actual acceptance handling is depending upon the VM hypervisor. This memory acceptance is important for Intel TDX and AMD SEV-SNP to avoid the expensive memory acceptance at boot time for new VMs and to instead make it on-demand / as-needed. It's also possible to be a security benefit in its own right by keeping the memory unaccepted until it's actually going to be used.

AMD with their SEV-SNP patches to date have relied on pre-validating the memory at boot time just as Intel is for the moment, but this forthcoming patch series is at least changing that on the Intel side. Some of this work by Intel can also be re-used by AMD developers for benefiting on their side as well.


Quite the win...


The benefit of EFI Unaccepted Memory to postponing its acceptance until later on is substantial: booting a VM with 4GB of TDX-protected memory is 2.5x faster with this patch series while a VM with 64GB of RAM and using TDX was 4x faster at booting.

The v2 unaccepted memory patches are undergoing review on the kernel mailing list. Due to the ongoing v5.17 merge window, the earliest we will now see this work land would be v5.18 that could be paired with more of their TDX work.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week