On 3 July 2018 at 15:32, Brijesh Singh <brijesh.singh@xxxxxxx> wrote: > SEV guest fails to update the UEFI runtime variables stored in the > flash. commit 1379edd59673 ("x86/efi: Access EFI data as encrypted > when SEV is active") unconditionally maps all the UEFI runtime data > as 'encrypted' (C=1). When SEV is active the UEFI runtime data marked > as EFI_MEMORY_MAPPED_IO should be mapped as 'unencrypted' so that both > guest and hypervisor can access the data. > > Fixes: 1379edd59673 (x86/efi: Access EFI data as encrypted ...) > Cc: Tom Lendacky <thomas.lendacky@xxxxxxx> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Cc: Borislav Petkov <bp@xxxxxxx> > Cc: linux-efi@xxxxxxxxxxxxxxx > Cc: kvm@xxxxxxxxxxxxxxx > Cc: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> > Cc: Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx> > Cc: Andy Lutomirski <luto@xxxxxxxxxx> > Cc: <stable@xxxxxxxxxxxxxxx> # 4.15.x > Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx> > --- > arch/x86/platform/efi/efi_64.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c > index 77873ce..5f2eb32 100644 > --- a/arch/x86/platform/efi/efi_64.c > +++ b/arch/x86/platform/efi/efi_64.c > @@ -417,7 +417,7 @@ static void __init __map_region(efi_memory_desc_t *md, u64 va) > if (!(md->attribute & EFI_MEMORY_WB)) > flags |= _PAGE_PCD; > > - if (sev_active()) > + if (sev_active() && md->type != EFI_MEMORY_MAPPED_IO) > flags |= _PAGE_ENC; > > pfn = md->phys_addr >> PAGE_SHIFT; Is it safe to only update this occurrence and not the one in efi_runtime_update_mappings() ? -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html