Re: [RFC PATCH v2 11/20] mm: Access BOOT related data in the clear
From: Tom Lendacky
Date: Wed Sep 14 2016 - 10:21:12 EST
On 09/12/2016 11:55 AM, Andy Lutomirski wrote:
> On Aug 22, 2016 6:53 PM, "Tom Lendacky" <thomas.lendacky@xxxxxxx> wrote:
>>
>> BOOT data (such as EFI related data) is not encyrpted when the system is
>> booted and needs to be accessed as non-encrypted. Add support to the
>> early_memremap API to identify the type of data being accessed so that
>> the proper encryption attribute can be applied. Currently, two types
>> of data are defined, KERNEL_DATA and BOOT_DATA.
>
> What happens when you memremap boot services data outside of early
> boot? Matt just added code that does this.
>
> IMO this API is not so great. It scatters a specialized consideration
> all over the place. Could early_memremap not look up the PA to figure
> out what to do?
Yes, I could see if the PA falls outside of the kernel usable area and,
if so, remove the memory encryption attribute from the mapping (for both
early_memremap and memremap).
Let me look into that, I would prefer something along that line over
this change.
Thanks,
Tom
>
> --Andy
>