Add a function to iterate over the EFI Memory Map and mark the regions tagged with EFI_MEMORY_CPU_CRYPTO in the e820_table; and call it from efi_init if add_efi_memmap is disabled.
Also modify do_add_efi_memmap to mark the regions there.
If add_efi_memmap is false, also check that the e820_table has enough size to (possibly) store also the EFI memmap.
Signed-off-by: Martin Fernandez martin.fernandez@eclypsium.com --- arch/x86/platform/efi/efi.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+)
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index 1591d67e0bcd..397d5e54d65e 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -187,6 +187,8 @@ static void __init do_add_efi_memmap(void) }
e820__range_add(start, size, e820_type); + if (md->attribute & EFI_MEMORY_CPU_CRYPTO) + e820__range_set_crypto_capable(start, size); } e820__update_table(e820_table); } @@ -444,6 +446,34 @@ static int __init efi_config_init(const efi_config_table_type_t *arch_tables) return ret; }
+static void __init efi_mark_e820_regions_as_crypto_capable(void) +{ + efi_memory_desc_t *md; + + /* + * Calling e820__range_set_crypto_capable several times + * creates a bunch of entries in the E820 table. They probably + * will get merged when calling update_table but we need the + * space there anyway + */ + if (efi.memmap.nr_map + e820_table->nr_entries >= E820_MAX_ENTRIES) { + pr_err_once("E820 table is not large enough to fit EFI memmap; not marking entries as crypto capable\n"); + return; + } + + for_each_efi_memory_desc(md) { + if (md->attribute & EFI_MEMORY_CPU_CRYPTO) + e820__range_set_crypto_capable(md->phys_addr, + md->num_pages << EFI_PAGE_SHIFT); + } + + /* + * We added and modified regions so it's good to update the + * table to merge/sort + */ + e820__update_table(e820_table); +} + void __init efi_init(void) { if (IS_ENABLED(CONFIG_X86_32) && @@ -497,6 +527,13 @@ void __init efi_init(void) set_bit(EFI_RUNTIME_SERVICES, &efi.flags); efi_clean_memmap();
+ /* + * If add_efi_memmap then there is no need to mark the regions + * again + */ + if (!add_efi_memmap) + efi_mark_e820_regions_as_crypto_capable(); + if (efi_enabled(EFI_DBG)) efi_print_memmap(); }