From fecf55a66a1cf908c2f906bedb79fe2e8362d50f Mon Sep 17 00:00:00 2001 From: Michael Roth Date: Thu, 2 May 2024 13:49:29 +0200 Subject: [PATCH] OvmfPkg/CcExitLib: Drop special handling for Encrypted MMIO to APIC The current #VC handler guards against MMIO to addresses that are mapped with the encryption bit set, but has an special exception for MMIO accesses to the APIC base address so allow for early access during SEC. Now that the SEC page table has the encryption bit cleared for the APIC base address range, there is no longer any need for this special handling. Go ahead and remove it. Cc: Ard Biesheuvel Cc: Gerd Hoffmann Cc: Erdem Aktas Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Signed-off-by: Michael Roth Reviewed-by: Gerd Hoffmann --- OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c index 549375dfed..da8f1e5db9 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c +++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c @@ -98,7 +98,7 @@ UnsupportedExit ( Validate that the MMIO memory access is not to encrypted memory. Examine the pagetable entry for the memory specified. MMIO should not be - performed against encrypted memory. MMIO to the APIC page is always allowed. + performed against encrypted memory. @param[in] Ghcb Pointer to the Guest-Hypervisor Communication Block @param[in] MemoryAddress Memory address to validate @@ -118,16 +118,6 @@ ValidateMmioMemory ( { MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE State; GHCB_EVENT_INJECTION GpEvent; - UINTN Address; - - // - // Allow APIC accesses (which will have the encryption bit set during - // SEC and PEI phases). - // - Address = MemoryAddress & ~(SIZE_4KB - 1); - if (Address == GetLocalApicBaseAddress ()) { - return 0; - } State = MemEncryptSevGetAddressRangeState ( 0,