On Thu, 2 May 2024 at 11:06, Gerd Hoffmann <kra...@redhat.com> wrote: > > On Wed, May 01, 2024 at 02:03:37PM GMT, Michael Roth wrote: > > For the most part, OVMF will clear the encryption bit for MMIO regions, > > but there is currently one known exception during SEC when the APIC > > base address is accessed via MMIO with the encryption bit set for > > SEV-ES/SEV-SNP guests. In the case of SEV-SNP, this requires special > > handling on the hypervisor side which may not be available in the > > future[1], so make the necessary changes in the SEC-configured page > > table to clear the encryption bit for 4K region containing the APIC > > base address. > > > > Since CpuPageTableLib is used to handle the splitting, some additional > > care must be taken to clear the C-bit in all non-leaf PTEs since the > > library expects that to be the case. Add handling for that when setting > > up the SEC page table. > > > > While here, drop special handling for the APIC base address in the > > SEV-ES/SNP #VC handler. > > Series: > Reviewed-by: Gerd Hoffmann <kra...@redhat.com> >
Thanks, I've picked these up now. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118507): https://edk2.groups.io/g/devel/message/118507 Mute This Topic: https://groups.io/mt/105849106/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-