subject:"\[PATCH v7 71\/72\] x86\/efi\: Add GHCB mappings when SEV\-ES is active"

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

2020-09-10 Thread Ard Biesheuvel

On Wed, 9 Sep 2020 at 16:49, Tom Lendacky wrote: > > On 9/9/20 7:44 AM, Laszlo Ersek wrote: > > On 09/09/20 10:27, Ard Biesheuvel wrote: > >> (adding Laszlo and Brijesh) > >> > >> On Tue, 8 Sep 2020 at 20:46, Borislav Petkov wrote: > >>> > >>> + Ard so that he can ack the efi bits. > >>> > >>>

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

2020-09-09 Thread Laszlo Ersek

On 09/09/20 14:44, Laszlo Ersek wrote: > To summarize: for QemuFlashFvbServicesRuntimeDxe to allocate UEFI > Runtime Services Data type memory, for its own runtime GHCB, two > permissions are necessary (together), at OS runtime: > > - QemuFlashFvbServicesRuntimeDxe must be allowed to swap

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

2020-09-09 Thread Tom Lendacky

On 9/9/20 7:44 AM, Laszlo Ersek wrote: On 09/09/20 10:27, Ard Biesheuvel wrote: (adding Laszlo and Brijesh) On Tue, 8 Sep 2020 at 20:46, Borislav Petkov wrote: + Ard so that he can ack the efi bits. On Mon, Sep 07, 2020 at 03:16:12PM +0200, Joerg Roedel wrote: From: Tom Lendacky Calling

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

2020-09-09 Thread Laszlo Ersek

On 09/09/20 10:27, Ard Biesheuvel wrote: > (adding Laszlo and Brijesh) > > On Tue, 8 Sep 2020 at 20:46, Borislav Petkov wrote: >> >> + Ard so that he can ack the efi bits. >> >> On Mon, Sep 07, 2020 at 03:16:12PM +0200, Joerg Roedel wrote: >>> From: Tom Lendacky >>> >>> Calling down to EFI

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

2020-09-09 Thread Ard Biesheuvel

(adding Laszlo and Brijesh) On Tue, 8 Sep 2020 at 20:46, Borislav Petkov wrote: > > + Ard so that he can ack the efi bits. > > On Mon, Sep 07, 2020 at 03:16:12PM +0200, Joerg Roedel wrote: > > From: Tom Lendacky > > > > Calling down to EFI runtime services can result in the firmware performing

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

2020-09-08 Thread Borislav Petkov

+ Ard so that he can ack the efi bits. On Mon, Sep 07, 2020 at 03:16:12PM +0200, Joerg Roedel wrote: > From: Tom Lendacky > > Calling down to EFI runtime services can result in the firmware performing > VMGEXIT calls. The firmware is likely to use the GHCB of the OS (e.g., for > setting EFI

[PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

2020-09-07 Thread Joerg Roedel

From: Tom Lendacky Calling down to EFI runtime services can result in the firmware performing VMGEXIT calls. The firmware is likely to use the GHCB of the OS (e.g., for setting EFI variables), so each GHCB in the system needs to be identity mapped in the EFI page tables, as unencrypted, to avoid

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

Re: [PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

[PATCH v7 71/72] x86/efi: Add GHCB mappings when SEV-ES is active

7 matches

Site Navigation

Mail list logo

Footer information