During system boot, rom_reset copies bios binary from internal PC.BIOS ROM to guest RAM (PC.RAM).
If memory encryption is enabled then we need to ensure that encryption context is created before we start the copy process. When encryption is enabled any data copy from PC.BIOS ROM to guest RAM will go through the encryption routines which will encrypt the data as it copies into guest memory. Similarly after we are done with copying destory the encryption context. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- hw/core/loader.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hw/core/loader.c b/hw/core/loader.c index 53e0e41..6e0be34 100644 --- a/hw/core/loader.c +++ b/hw/core/loader.c @@ -55,6 +55,7 @@ #include "exec/address-spaces.h" #include "hw/boards.h" #include "qemu/cutils.h" +#include "sysemu/kvm.h" #include <zlib.h> @@ -997,6 +998,13 @@ static void rom_reset(void *unused) { Rom *rom; + /* create the memory encryption context before we copy any data + * from internal ROM to guest RAM. + */ + if (kvm_memory_encryption_enabled()) { + kvm_memory_encryption_start(); + } + QTAILQ_FOREACH(rom, &roms, next) { if (rom->fw_file) { continue; @@ -1024,6 +1032,11 @@ static void rom_reset(void *unused) */ cpu_flush_icache_range(rom->addr, rom->datasize); } + + /* delete the memory encryption context after we are done with copying */ + if (kvm_memory_encryption_enabled()) { + kvm_memory_encryption_finish(); + } } int rom_check_and_register_reset(void)