From: Tom Lendacky <thomas.lendacky@xxxxxxx> When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data) is encrypted and needs to be access as such. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data. Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> --- arch/x86/mm/ioremap.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index e3bdc5a..2ea6deb 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -429,10 +429,11 @@ pgprot_t __init early_memremap_pgprot_adjust(resource_size_t phys_addr, pgprot_t prot) { /* - * If memory encryption is enabled and BOOT_DATA is being mapped - * then remove the encryption bit. + * If memory encryption is enabled, we are not running with + * SEV active and BOOT_DATA is being mapped then remove the + * encryption bit */ - if (_PAGE_ENC && (owner == BOOT_DATA)) + if (_PAGE_ENC && !sev_active && (owner == BOOT_DATA)) prot = __pgprot(pgprot_val(prot) & ~_PAGE_ENC); return prot; -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html