From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.34.53; helo=nam01-by2-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0053.outbound.protection.outlook.com [104.47.34.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3944921A02937 for ; Wed, 27 Jun 2018 10:49:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8VBu6EzRlhgHoIrpkiqPFV6913eQ4308xJo6Er+7ZKc=; b=J2t0rYUH97SDiMu49BztesHzLo6tBNND3tw4ChN4xhnmqgtGdVKMHszWpvvzND/XeyoSVHGi3qn3Y7HEJsbOWSggKYSmTKI+wJDnuwc9u4Qu06gqrQaNwIX1auj/bNqiTNcmd+Tflw5/k9ZG9mkNmxqcJxNLiUzS/dYL3DRNlcY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from [10.236.136.62] (165.204.77.1) by SN1PR12MB2464.namprd12.prod.outlook.com (2603:10b6:802:29::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.906.23; Wed, 27 Jun 2018 17:49:34 +0000 Cc: brijesh.singh@amd.com, Tom Lendacky , Star Zeng , Eric Dong , "Jordan Justen (Intel address)" To: Laszlo Ersek , edk2-devel@lists.01.org References: <1530042365-9979-1-git-send-email-brijesh.singh@amd.com> <272c4a0f-fcc1-2899-e31d-a3207feb51ed@redhat.com> From: Brijesh Singh Message-ID: <2a662245-bb03-e742-1403-4d0a47bffda7@amd.com> Date: Wed, 27 Jun 2018 12:49:30 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <272c4a0f-fcc1-2899-e31d-a3207feb51ed@redhat.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR03CA0051.namprd03.prod.outlook.com (2603:10b6:404:4c::13) To SN1PR12MB2464.namprd12.prod.outlook.com (2603:10b6:802:29::14) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2af33d81-8eff-43a3-9ca3-08d5dc565868 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600026)(711020)(48565401081)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB2464; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2464; 3:DOvuXu5wwrAlL9oCl9jmOEtFJPgnShCChHUBGHm1c1qVC11tXHYizGyt1YQYBIditUOJkbQAVossR2ssTz90YT+oVj+Zw0G1O2uwO3BDQMzunULWWw6N8ocWYZWEp9iLW8Hkgjf6BA3SR3OaVJXMjLKhWhcREBFuRQTGRoth+zfgmTaFLcUcZWFLxOT1C/d2FVPJSWvZjQ7PNVDFWXHhL5uySD+C+pRx9pQ1MKkfxBJD4TiOZLCH6iorRBvIMTGI; 25:2QaoaU8XK4OrCjkrkjkJTUplDLpUSOvuV2E+hK5z/VaZ+4x5nqI9oWYlPecSSbF0ZhDYc2tszYG5mg0QXsCGtV17PUJmCaUpttpr/NvoD/OuDtYO5qWmatd3u+IcGGF+Oz/QS4fjo1VORIffePI6KxlMTQaQwaWjpIscfkZW3bP2+W1FWaKRKTXQ8GEkeMZev2kUIFeCB9muNUNtjYjAuUuh+KBZ4XAfh9HR14UgPlucDjjnhZf3XiMCaBweoXb3mLDIKuv/2Jrg6EBCTAn/LNvJ0x/H76g/l3xIfvO9KVKzr49JL/Qx5Z66qCNcmMwjmaC9BLOwNCvM8V6Tyf9e7Q==; 31:wN0DCzxKT3K40TWZZIVzaPlOMYfWHz+F+Gba0VYZ5TDdpGX/rrbyVK61Ggvaz7otmSkGC8IUEEW2z/sl9dAQ/fupvaRd+Zs+RJOjA1wfP3IXSTISNp6j4DPW+u/QUdOAzP2w/gNRspqPTCkEPlpcEFnq4YtIpS9Na6ghxJTtVfgV3Q443vHGTyjG0s7GUZx8gakVdyl1myVumYAc/EWLXqsdaG6nFzwslShZReAYPCg= X-MS-TrafficTypeDiagnostic: SN1PR12MB2464: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2464; 20:k6Qc4srS+0OzKcFTebfpdsvsrkhupHQfYrN4aGVPpVfOCs2DzwbDU0iyOK7dLGM4rVkDx4I21Kctcixyc8gO/fCqhyMSX5ZCiZIJ8aCXyyOF0lpoMJh0qHpvndJl+0Rg1nQuxhj/SUKvOzV3jsz/m+19xEG7rsgzqpubfPbPRWIQtz+J+nzZ0LJiDto7+rkImdo0NMQxzjyj3spQ0JuNPYsDjIwEvqbe6ixJ0NqHONcI1z0w7hctefskvLXTdQ8dgssDAhA0QTXltzezZlSPcoRZYBKWkxRwrkASFZdFbVLM/+gyBG6meUDjIXtuDWE721br4ifduuH4G1XFz/aGW86EqfxDPGa76i1OwcQgf1je8BixZr1kPyrGvc0h/+u2WfU2hiphZBuccrvTDd03lpZFj+/L/oMnwuvBUbtaBtKcfUuDLQuPSoQS3M9GaF7GRIgZsWbHL0ukyIjMJlUlnhpJPzUgCz9uk0p6OoHJjerqeVOdaMlsqPV2BuLaWVjC; 4:J64GC2Juoz512EP/Xot5U2QEDdr4wxibz0MsB6FlS8gP79+IZ+wxEVLqYAIeRMEZ3yBUpVGzT99TS70vKLBn0f0DFwHotFG1eN0UdoiuCMVLZAbB7pDmQdnruZz6S2MQE4PJPJLiFKV4r0yTg7XXL2gSRBQhusagHMJraI0VDEDlkQYYDVYCDxs3NOi506gCBD/XjfcF0tBZojSK1R/xSBMRkpWyjMjuq4oC3mKd15t93ZmC6sxaLXc8TolQLOcvBYYXYvD+3Xsqngu/WsG27Q== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3231254)(944501410)(52105095)(3002001)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:SN1PR12MB2464; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB2464; X-Forefront-PRVS: 0716E70AB6 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(136003)(396003)(346002)(376002)(39860400002)(366004)(52314003)(199004)(189003)(81166006)(8676002)(81156014)(7736002)(86362001)(36756003)(8936002)(305945005)(50466002)(105586002)(31696002)(106356001)(54906003)(31686004)(3846002)(16576012)(316002)(58126008)(6116002)(97736004)(4326008)(25786009)(44832011)(478600001)(476003)(11346002)(93886005)(956004)(2616005)(486006)(52146003)(23676004)(76176011)(2486003)(52116002)(16526019)(26005)(77096007)(386003)(53546011)(446003)(186003)(47776003)(65956001)(65806001)(53936002)(229853002)(67846002)(66066001)(6486002)(2906002)(6246003)(68736007)(2870700001)(6666003)(5660300001)(64126003)(65826007)(14444005)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB2464; H:[10.236.136.62]; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIyNDY0OzIzOjd2NG53ZkIzQlRpbW1nWEFrUE9rMlErQnNy?= =?utf-8?B?bDA3NmswMFFVT1F4aVhmNFhFRjh0NW52cGlZQklxeG85MlZDQlJxRVVMenZB?= =?utf-8?B?NUNvaCswb0E1TW9yenZMQ3Rtc2RNbDFQdHN2eDNKRWlhdG5UWGdMaU14WHZn?= =?utf-8?B?VHFXKzl4L3FpTGJ3RVoyYkduQk5DazFod2xKTFhBcVBnc0xEKzM2anB4YzZj?= =?utf-8?B?dG9JV0ovb0dMTzl0T2V6SXNOMUY2aFdlaEVVVk9BWWZKSXRROWpuMS9FM3hm?= =?utf-8?B?aThBUlNkOWE0bm1hUnowRFAwZDJ5N0tPR2ZJMGQ0UFowdlc4clVSSWJwa2x2?= =?utf-8?B?c3dpTjM5R1RtUU5GNTZsamNmWTh3YnFoWVBHOFZTNHpVRTZnZTg2YWF0K3NH?= =?utf-8?B?S3oveXZ4QlpMRFJtVFNlejNjRURVYU1teXV3SlBDU05Ydk9VcmxXQ1FiTzMr?= =?utf-8?B?ZWNXRlN3L2cwRVVaV1dwNXRPN05wRHFjOUNxZXJ5OWI5UnltRjhBQkxzZXVT?= =?utf-8?B?QVlBcUc5bEhSZGp0OUM3enlydGQwNWlsYWZ2VU9SZCtydVZoN2hiRjljdHA0?= =?utf-8?B?NEJrV0RXckhVMmFRcDkwYWdDMDV5UzR1YzhuU29mYlQvK05BMWRjc05sV3FD?= =?utf-8?B?bG5qWkFsQmFST2Q5QnBVRDczczhSZFNjbktvMURnbnpNb2xqeWNzZ2dxbU1I?= =?utf-8?B?ekVwaEJmbjhqbXZsZXZoWUVDVCswUzFlaER1YlBnWVFCNE8yem9NSm5OeG95?= =?utf-8?B?Mmtuc3pXL2Z1UjJKbHNrazJocjlLUWlFUmxmZ0drQzEySHlpL2YyT1RnaUNZ?= =?utf-8?B?aEt3a21PdnBrN29uNzJWcWNmNWN0TTU1ZTJJK2xBalBhNkVDM1psSzN4dEpD?= =?utf-8?B?Qi9mSm93WlpYUW1Xcmk3SzhMaFZJVWNiclJ2d3FCTXg2ZW5OUlIxVlp5dFNC?= =?utf-8?B?aWxhMXgwTzBPK1pKRjhnMmNpOUxoNmxiZEhXdkQ1UDhBY0c0MXJKdlpRakcy?= =?utf-8?B?V1pOdmQ5dm0veExRMktOTkxOdDhiNitoT2ZTVThSQTg5cjQxNEtidjh2T2dV?= =?utf-8?B?U0puSEYzZHNncHRXeVJvLzFEN3Jta1RGYSttZDFqZ1dPVTlFZllYOHMrUEUz?= =?utf-8?B?ajU4UFFGOEJaNnRKZmVLOXR1cG5GRzZVVnFYTW5MN3B5eHE3U0p6eUR1Mmdt?= =?utf-8?B?QzVua3ZISC9BVTc3dnpySEt3dlZ4Vmc1aGhwZjB1aTZ1UEhWRUdVSTJ0UzZP?= =?utf-8?B?ZkxtbXBlbXpYTnFzTFZPZ2NSOTRUcVp5clJDYy9yYjlGbWliclVFRm9ER1Fx?= =?utf-8?B?QWFpTTdnaE1nd0xwSHFHZUJXS25IUlBSRHF1N3BuZXZXVU95RlBBdnBOR3Ar?= =?utf-8?B?ZW5ZTEFjVzNQaXQzUVdqZlFOclBkc2lPV0lKVDgzQjZGekRBdzg4b1FMSTFv?= =?utf-8?B?Zk1KQW1qS2VsQXJNeXNER0tCTnpSRDUyTmJSdGtCVUFjOFZjYnpDVE5PZ3I4?= =?utf-8?B?MURTTGorNlY3TFlWYTI4cmswTWRkcjV2WnB0RzB3SFI3TEM4U3phNnNNWW4w?= =?utf-8?B?SkYycnpBaW5XV1dqZXFFakI0M1BiK25zbGpxNXpRQkFJdGoxU1l6N2hRTE0r?= =?utf-8?B?em1kYmtMVEYwR1pDV29ZVENQcXp3eEJVZzM0ZXdxa0JLWHMzb25kQytBbmU3?= =?utf-8?B?Tm5RWTVHbW03T1dvODZqcHp2cHoxYXJGWFpJZFNHWnZ2SVROMGMxcnVuQ09x?= =?utf-8?B?VXJ0UkFCZlVrSEN0cFY0aWJ4cmpRaUtLbE9wOGNROXVPQkZJZ2FHZ25YaTFN?= =?utf-8?B?c3RpUkVDMGtIOWwvTVdmdlJWR08yZ3VlTGRHV0wwRGZCVUVPUkNCM1JVRUZw?= =?utf-8?B?VzFacVptejBWZzQvQXBYVTFsN0ZYM0pqdVpidHM2Z3hZaGdTRVdUM3RFZEVC?= =?utf-8?B?WGkyOXZnYXNOelpNNEo4YmpPRFZYdXAvZjBRR2dMVmtTMzhyc1pVaWxWMUtC?= =?utf-8?B?STB3ejZ1ckxzSkRmdE8vaS9QR0VTdWpvanQ1aVgyR2NQL3doVGNWTDJOTFpD?= =?utf-8?Q?UD8BjIYw+++YsMQuLaqqq1OWP?= X-Microsoft-Antispam-Message-Info: zlxKeKsvI1X5RolEoMTz9wvRRps3uSCuBf1gBVupbHzh3drRQq76etHNZYh2bVhCzcfYPb2ULWjtMZi4+nKGI3QgNW8BTuhQPtjwg1WscCI4E6ktAq5BI7DqdvVPuD9NAHekKapLO0qfYCl5kAd1wx0CR2ZjKxDryoof/Dal6l4XgpRTDPm9bLQErHmXviHD8oi1dnkzXdFUiKusktYsgh/1xkl5zBv+sZRBZ5G2jllFBu8bTEPasA8TebEspAYSSb+gGBs9OPM4RNvc7G0YJb8ezgf7VhEOZlccArvoOJDX4w4gZxBoBKlSi4o4b2vo9G3hlDRZLs/LLOL0fGYveCHwKNt4FBR/t4Aep9XmRkI= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2464; 6:aPFsXzvjhPEwPqIL22QB1eebwvs+wO4farwes1+AhPCXGS7KjAevU16FGYlSyuT9VfSAZu8ZfFcg9xP9V3qBbn4CkQ/S+EB3TxLdTfwOTzfqFSpTJYM/sg/IQWD4kCv2T/W3VrjiBdR09KB3JP0AOxISVe9KINllb0HE1ZJQ0BQ8/+A8gsuiDAf0hh8SkB9I9rd9SM4KF05R6m+cw4flhH23hp8lNScGNgECFEf4G4wAg/H8nj/ew7xCe80M+YiQ1h4PxrW1nH1gO0aIWFvniarXv+6xgmMuCZHwTo88hy0i5mFU7AFT0IZHbttozC4SC3dvAxxcVjTXPfdy7D3x0n6JDcFQCrP6dzxGF3zyiS3LrbaIhJ2CQjjM5ISQ0/AkQ8DDhqOI6N1OdSZ0BRkiYTanc7EOk1XiHsQ5M8DmZn6xNrE28ioDoBwYsjWZC62z8CqSo37m3c8N2C8jax18xw==; 5:XpYSyg2bUuGrvzHGOrbfmAG0MfH6SlOb4T9nqr7VPppQ/dLYmS1HDUiv4WA9WEOQjehwl9przlGhrcQBqVBpYRAb7FbJQe20ZZ58kkYyaUUlqpTDqduDjOfrbm7ckRr4fpl4EBH594tdwi/CtYgE77/8h+batcJvUBZY9nR6AMU=; 24:5761lkTC+yBFJLohdagHYHL1t5m6o25kiCl1Sa3E8H3fptuwk0m2mp7dXLr9oKmPjIMVyxIK2KIUv/Cm2vekjnbITressb+US0ovO9T2eWE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2464; 7:C2pr9ASfcp0OEnFUnFc07agKygYevp/w8GRiib+DeFdmgu5Ckz9xU7my91dsO4zcuTr1rwVcnbkSwmrmzASwB9jVk6AI/uusuj7fRn4DQPn1QsAvSrR667DyXgO5A4r0FyJm9mBGQdwMG/LQofQcQA4lrFm/ioJzyYHQ35eCD2qghwEGvif9FPa+VVh/wsNeoeppLHLu3DHIgBRubQGyODgdMSzmbbcI1LkLnZ1vTmMe1DcRq3NGZj1oK5+nGaT4; 20:dOWOoR4mTx/38RbB+2TnUJVZswq+ToYveroCgWlrYCRPrhjWvgmLzpcWN47GeBdwdgVMzMXuTzKMRIkcpCBb4Ndjb0gWmugb63G+okkzCEHxCwi+5iDa+xwMjpGMLMuB+3+/UdUAvImdoYApOP4ehDehroYxAUdRTBwL4dSVrdn6KD9lIcIpLR3KMeyGl0hr13ljuPvsDCbagTvINvhykcu5Kx+j7kaMFWI0gTi3bDk1BqpK4bDXUuNf96N2h9ma X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jun 2018 17:49:34.4657 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2af33d81-8eff-43a3-9ca3-08d5dc565868 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2464 Subject: Re: [RFC PATCH 1/1] OvmfPkg/QemuFlash: Fix Runtime variable access when SEV is enabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2018 17:49:38 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit On 06/27/2018 11:59 AM, Laszlo Ersek wrote: > On 06/27/18 18:34, Brijesh Singh wrote: >> On 06/27/2018 07:54 AM, Laszlo Ersek wrote: >>> On 06/26/18 21:46, Brijesh Singh wrote: > >>>> After that, any access >>>> to the flash will end up going through the encryption engine. I did try >>>> hacking EDK2 to restore the C-bit >>> >>> (I continue to be annoyed that the memory encryption bit is not exposed >>> in the GCD memory space attributes explicitly.) >>> >>>> but that was not sufficient because UEFI >>>> runtime services are mapped as "encrypted" in OS page table >>> >>> What do you mean here? Runtime services *code* or runtime services >>> *data*? Code must obviously be remain encrypted (otherwise we cannot >>> execute it in SEV). Runtime Services Data should also be mapped as >>> encrypted (it is normal RAM that is not used for guest<->hypervisor >>> exchange). >> >> Sorry, I was meaning to say both the "code" and "data" are mapped as >> encrypted by the OS. >> >>>> hence we end up accessing the flash as encrypted when OS requests to >>>> update the variables. >>> >>> I don't understand the "hence" here; I don't see how the implication >>> follows. runtime services code and data should be encrypted. Runtime >>> MMIO should be un-encrypted. >>> >>> Ohh, wait, in MarkMemoryRangeForRuntimeAccess(), we use >>> "EfiGcdMemoryTypeSystemMemory". I don't have a clue why that is a good >>> idea. That should have been EfiGcdMemoryTypeMemoryMappedIo. >> >> Right, the memory is marked as 'system ram' and not 'mmio'. >> Just to experiment, I did try changing it to 'mmio' to see if OS will >> map thisĀ  region as "unencrypted" but ovmf fails with below error >> message after changing it from systemRAM->mmio >> >> ConvertPages: failed to find range FFC00000 - FFFFFFFF >> ASSERT_EFI_ERROR (Status = Not Found) >> ASSERT [FvbServicesRuntimeDxe] >> /home/amd/workdir/upstream/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServie.c(864): >> !EFI_ERROR (Status) > > This error occurs because (I think) you modified only the AddMemorySpace > call. If you change the GCD type on that, then please update the > subsequent AllocatePages as well, from EfiRuntimeServicesData to > EfiMemoryMappedIO. > Here is what I have. --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c @@ -847,7 +847,7 @@ MarkMemoryRangeForRuntimeAccess ( ); Status = gDS->AddMemorySpace ( - EfiGcdMemoryTypeSystemMemory, + EfiGcdMemoryTypeMemoryMappedIo, BaseAddress, Length, EFI_MEMORY_UC | EFI_MEMORY_RUNTIME @@ -856,7 +856,7 @@ MarkMemoryRangeForRuntimeAccess ( Status = gBS->AllocatePages ( AllocateAddress, - EfiRuntimeServicesData, + EfiMemoryMappedIO, EFI_SIZE_TO_PAGES (Length), &BaseAddress ); I am still getting the error assertion failure. I can debug to see what is going on. > The spec says about the latter enum constant, "Used by system firmware > to request that a memory-mapped IO region be mapped by the OS to a > virtual address so it can be accessed by EFI runtime services." It seems > appropriate (and I'm a bit confused why we haven't used the MMIO GCD and > UEFI enum values for the memory type, all this time.) > >> Since this efi runtime data is mapped as C=1 by the OS, hence when OS >> asks efi to update the runtime variable we end up accessing the memory >> region with C=1 (runtime services are executed using OS pagetable). > > Indeed. > > (And, this is only a problem when SMM is not used, i.e. when the full > variable driver stack is non-SMM, just DXE. In the SMM case, the SMM > page tables are used, and the OS cannot interfere with that.) > Good point, I will try it and let you know. As you say since SMM uses UEFI page table hence after fixing FtwNotificationEvent(..) we should be good. > Anyway, in the pure DXE / runtime driver case, do you think a guest > kernel patch will be necessary too? Perhaps if you change the UEFI > memmap entry type (see AllocatePages above) to MMIO, then the guest > kernel could technically honor that. > Theoretically speaking, if we are able to make this memory region as mmio then OS should be able to map it with C=0. -Brijesh