On Fri, Feb 12, 2021 at 03:17:57PM +0100, Peter Zijlstra wrote: > On Fri, Feb 12, 2021 at 02:19:07PM +0100, Joerg Roedel wrote: > > - Then we can pass this information up the boot process by > > extending struct boot_params. The bootloader can pass which > > E820 usable memory it validated, same for the kernel > > decompressor. The text+data (but not bss) of the running > > kernel image is per definition validated by the decompressor > > and does not need to be added explicitly to boot_params. > > Even if all text+data is prevalidated, we'll probably still need some > prevalidated bss and certainly some prevalidated percpu data (like the > various stacks, but also crud like the percpu variable we store the DR7 > shadow in etc..). The kernel sets up early exception handling in head_64.S, right after setting MSR_GS_BASE. So per-cpu data can probably be be on-demand. For bss you might be right. There is a special .bss.decrypted section for SEV which is shared with the HV. That section also contains the boot_ghcb used for booting and AP bringup. That one needs to be set up at this point. So maybe bss should be prevalidated too by the decompressor and when the kernel starts it makes the bss.decrypted section shared again. Regards, Joerg
