On Wed, May 01, 2024 at 02:03:37PM GMT, Michael Roth wrote: > For the most part, OVMF will clear the encryption bit for MMIO regions, > but there is currently one known exception during SEC when the APIC > base address is accessed via MMIO with the encryption bit set for > SEV-ES/SEV-SNP guests. In the case of SEV-SNP, this requires special > handling on the hypervisor side which may not be available in the > future[1], so make the necessary changes in the SEC-configured page > table to clear the encryption bit for 4K region containing the APIC > base address. > > Since CpuPageTableLib is used to handle the splitting, some additional > care must be taken to clear the C-bit in all non-leaf PTEs since the > library expects that to be the case. Add handling for that when setting > up the SEC page table. > > While here, drop special handling for the APIC base address in the > SEV-ES/SNP #VC handler.
Series: Reviewed-by: Gerd Hoffmann <kra...@redhat.com> take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118502): https://edk2.groups.io/g/devel/message/118502 Mute This Topic: https://groups.io/mt/105849106/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
