On Thu, 16 Jun, at 09:38:31AM, Tom Lendacky wrote:
>
> Ok, I think this was happening before the commit to build our own
> EFI page table structures:
>
> commit 67a9108ed ("x86/efi: Build our own page table structures")
>
> Before this commit the boot services ended up mapped into the kernel
> page table entries as un-encrypted during efi_map_regions() and I needed
> to change those entries back to encrypted. With your change above,
> this appears to no longer be needed.
Great news! Things are as they should be ;)
