Re: [PATCH v2] x86/kexec: Add EFI config table identity mapping for kexec kernel

[Tom Lendacky]

On 7/7/23 03:22, Joerg Roedel wrote:
> On Fri, Jul 07, 2023 at 12:23:59PM +0800, Baoquan He wrote:
> > I am wondering why we don't detect the cpu type and return early inside
> > sev_enable() if it's Intel cpu.
> >
> > We can't rely on CONFIG_AMD_MEM_ENCRYPT to decide if the code need be
> > executed or not because we usually enable them all in distros.
>
> Looking at the code in head_64.S, by the time sev_enable() runs the SEV
> bit should already be set in sev_status. Maybe use that to detect
> whether SEV is enabled and bail out early?

I think that is only if you enter on the 32-bit path. If invoked from EFI 
in 64-bit, efi64_stub_entry(), then I don't believe that sev_status will 
be set yet.

Before it can be determined if it is a non-AMD platform, the EFI config 
table has to be searched in order to find the CC blob table. Once that is 
found (or not found), then the checks for the platform are performed and 
sev_enable() will exit if not on an AMD platform.

I think it was an oversight to not add support for identity mapping the 
EFI config tables for kexec. Any features in the future that need to 
search for an EFI config table early like this will need the same.

Thanks,
Tom

> Regards,