Re: [PATCH v2] x86/kexec: Add EFI config table identity mapping for kexec kernel

From: Ard Biesheuvel
Date: Wed Aug 02 2023 - 10:55:46 EST


On Wed, 2 Aug 2023 at 15:59, Borislav Petkov <bp@xxxxxxxxx> wrote:
>
> On Wed, Aug 02, 2023 at 08:40:36AM -0500, Tom Lendacky wrote:
> > Short of figuring out how to map page accesses earlier through the
> > boot_page_fault IDT routine
>
> And you want to do that because?
>

... because now, entering via startup_32 is broken, given that it only
maps the kernel image itself and relies on the #PF handling for
everything else it accesses, including firmware tables.

AFAICT this also means that entering via startup_32 is broken entirely
for any configuration that enables the cc blob config table check,
regardless of the platform.