Confidential compute firmware may provide secret data via reserved memory regions
(e.g., ACPI CCEL, EFI Coco secret area). These must be ioremap'ed() as encrypted.
As of now, realm only maps "trusted devices" (RIPAS = RSI_RIPAS_DEV) as encrypted.
This series adds support for mapping areas that are protected
(i.e., RIPAS = RSI_RIPAS_RAM) as encrypted. Also, extrapolating that, we can map
anything that is not RIPAS_EMPTY as protected, as it is guaranteed to be "protected".
With this in place, we can naturally map any firmware provided area based on the
RIPAS value. If the firmware provides a shared region (not trusted), it must have
set the RIPAS accordingly, before placing the data, as the transition is always
destructive.
Confidential Compute Event Log is exposed as EFI_ACPI_MEMORY_NVS, which is
reserved for firmware use even after the firmware exits the boot services [0].
Thus map the region as READ only in the kernel.
[0] https://uefi.org/specs/UEFI/2.10/07_Services_Boot_Services.html#memory-type-usage-before-exitbootservices
Changes since v2:
https://lkml.kernel.org/r/20250908223519.1759020-1-suzuki.poulose@arm.com/
- Collect Review (Gavin) and Tested (Sami) tags for Patch 3
- Merge the case with other PAGE_KERNEL_RO cases for ACPI_MEMORY_NVS in Patch 3
Changes since v1:
https://lkml.kernel.org/r/20250613111153.1548928-1-suzuki.poulose@arm.com/
- Collect tags
- Map EFI_MEMORY_ACPI_NVS as READ-ONLY, update comment and commit description
Suzuki K Poulose (3):
arm64: realm: ioremap: Allow mapping memory as encrypted
arm64: Enable EFI secret area Securityfs support
arm64: acpi: Enable ACPI CCEL support
arch/arm64/include/asm/io.h | 6 +++++-
arch/arm64/include/asm/rsi.h | 2 +-
arch/arm64/kernel/acpi.c | 10 ++++++++++
arch/arm64/kernel/rsi.c | 26 ++++++++++++++++++++++----
drivers/virt/coco/efi_secret/Kconfig | 2 +-
5 files changed, 39 insertions(+), 7 deletions(-)
--
2.43.0