[PATCHv2 2/2] x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default
Kirill A. Shutemov
kirill.shutemov at linux.intel.com
Tue Nov 19 00:21:05 PST 2024
On Mon, Nov 18, 2024 at 05:46:16PM +0100, Borislav Petkov wrote:
> On Mon, Oct 21, 2024 at 01:57:23PM +0300, Kirill A. Shutemov wrote:
> > It fixes crash on kexec in TDX guests if CONFIG_EISA is enabled.
>
> Do TDX guests even need EISA?
>
> "The EISA bus saw limited use between 1988 and 1995 when it was made obsolete
> by the PCI bus."
>
> Sounds like no to me.
>
> We usually simply stop coco guests from touching such legacy ranges:
>
> f30470c190c2 ("x86/boot: Skip video memory access in the decompressor for SEV-ES/SNP")
>
> so can you do that too?
Sure, we can workaround every place that touches such ranges. Or we can
address problem at the root and make creating decrypted/shared mappings
explicit.
Such mappings have both functional (as we see here) and security
implications (VMM can manipulate the guest memory range). We should not
create decrypted mappings by default on legacy interfaces.
--
Kiryl Shutsemau / Kirill A. Shutemov
More information about the linux-riscv
mailing list