On Mon, Aug 22, 2016 at 05:37:57PM -0500, Tom Lendacky wrote: > When Secure Memory Encryption is enabled, the trampoline area must not > be encrypted. A cpu running in real mode will not be able to decrypt s/cpu/CPU/... always :-) > memory that has been encrypted because it will not be able to use addresses > with the memory encryption mask. > > Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > --- > arch/x86/realmode/init.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c > index 5db706f1..f74925f 100644 > --- a/arch/x86/realmode/init.c > +++ b/arch/x86/realmode/init.c > @@ -6,6 +6,7 @@ > #include <asm/pgtable.h> > #include <asm/realmode.h> > #include <asm/tlbflush.h> > +#include <asm/mem_encrypt.h> > > struct real_mode_header *real_mode_header; > u32 *trampoline_cr4_features; > @@ -130,6 +131,14 @@ static void __init set_real_mode_permissions(void) > unsigned long text_start = > (unsigned long) __va(real_mode_header->text_start); > > + /* > + * If memory encryption is active, the trampoline area will need to > + * be in non-encrypted memory in order to bring up other processors Let's stick with either "unencrypted" - I'd prefer that one - or "non-encrypted" nomenclature so that there's no distraction. I see both versions in the patchset. -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html