From: Ashish Kalra <ashish.ka...@amd.com>
Currently OVMF clears the C-bit and marks NonExistent memory space
as decrypted in the page encryption bitmap. By marking the
NonExistent memory space as decrypted it gurantees any future MMIO adds
will work correctly, but this marks flash0 device space as decrypted.
At reset the SEV core will be in forced encrypted state, so this
decrypted marking of flash0 device space will cause VCPU reset to fail
as flash0 device pages will be migrated incorrectly.
Signed-off-by: Ashish Kalra <ashish.ka...@amd.com>
---
migration/ram.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/migration/ram.c b/migration/ram.c
index 1cb8d57a89..4eca90cceb 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2074,6 +2074,14 @@ static bool encrypted_test_list(RAMState *rs, RAMBlock
*block,
return false;
}
+ if (!strcmp(memory_region_name(block->mr), "system.flash0")) {
+ return true;
+ }
+
+ if (!strcmp(memory_region_name(block->mr), "system.flash1")) {
+ return false;
+ }
+
/*
* Translate page in ram_addr_t address space to GPA address
* space using memory region.
--
2.17.1
