SEV-ES/SNP guest uses GHCB page to communicate with the host. Such a page should remain unencrypted (its C-bit should be unset in the guest page table). Therefore, call setup_ghcb_pte() in the path of setup_vm() to ensure C-bit of GHCB's pte is unset for a new page table that will be setup as a part of page allocation for UEFI-based SEV-ES/SNP tests later on. It is important to note that setup_ghcb_pte() is also called from setup_page_table() in lib/x86/setup.c. However, page allocation callers return a null address (0x0) for UEFI based tests with the initial page table setup via this path. Hence, a new page table is setup via setup_vm() to allocate valid pages. Signed-off-by: Pavan Kumar Paluri <papaluri@xxxxxxx> --- lib/x86/vm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/x86/vm.c b/lib/x86/vm.c index 90f73fbb2dfd..ce2063aee75d 100644 --- a/lib/x86/vm.c +++ b/lib/x86/vm.c @@ -3,6 +3,7 @@ #include "vmalloc.h" #include "alloc_page.h" #include "smp.h" +#include "amd_sev.h" static pteval_t pte_opt_mask; @@ -197,6 +198,11 @@ void *setup_mmu(phys_addr_t end_of_memory, void *opt_mask) init_alloc_vpage((void*)(3ul << 30)); #endif +#ifdef CONFIG_EFI + if (amd_sev_es_enabled()) + setup_ghcb_pte(cr3); +#endif + write_cr3(virt_to_phys(cr3)); #ifndef __x86_64__ write_cr4(X86_CR4_PSE); -- 2.34.1