On Fri, Sep 23, 2016 at 09:33:00PM +1200, Kai Huang wrote: > How is this even possible? The spec clearly says under SEV only in long mode > or PAE mode guest can control whether memory is encrypted via c-bit, and in > other modes guest will be always in encrypted mode. I was suggesting the hypervisor supplies the EFI ranges unencrypted. But that is not a good idea because firmware data is exposed then, see same thread from yesterday. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html