During system boot, rom_reset copies bios binary from internal PC.BIOS
ROM to guest RAM (PC.RAM).
If memory encryption is enabled then we need to ensure that encryption
context is created before we start the copy process. When encryption is
enabled any data copy from PC.BIOS ROM to guest RAM will go through the
encryption routines which will encrypt the data as it copies into guest
memory. Similarly after we are done with copying destory the encryption
context.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
hw/core/loader.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 53e0e41..6e0be34 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -55,6 +55,7 @@
#include "exec/address-spaces.h"
#include "hw/boards.h"
#include "qemu/cutils.h"
+#include "sysemu/kvm.h"
#include <zlib.h>
@@ -997,6 +998,13 @@ static void rom_reset(void *unused)
{
Rom *rom;
+ /* create the memory encryption context before we copy any data
+ * from internal ROM to guest RAM.
+ */
+ if (kvm_memory_encryption_enabled()) {
+ kvm_memory_encryption_start();
+ }
+
QTAILQ_FOREACH(rom, &roms, next) {
if (rom->fw_file) {
continue;
@@ -1024,6 +1032,11 @@ static void rom_reset(void *unused)
*/
cpu_flush_icache_range(rom->addr, rom->datasize);
}
+
+ /* delete the memory encryption context after we are done with copying */
+ if (kvm_memory_encryption_enabled()) {
+ kvm_memory_encryption_finish();
+ }
}
int rom_check_and_register_reset(void)
