In the current upstream Linux ioremap implementation, one has to explicitly request ioremap area to remain in a private CoCo guest memory via a "encrypted" flag (making a default call to ioremap returning a shared memory region). The only ioremap interface that sets this encrypted flag is "ioremap_encrypted".
This leaves the rest of ioremap users in kernel (exception for memory having IORES_MAP_ENCRYPTED flag) sharing memory with the host. This not only include all the drivers (biggest ioremap user by far), but also other callers, including some BIOS regions.
Ideally we have discussed that we would need to have a clean separation in Linux between the ioremap mappings done by drivers (which are expected to be shared with the host for functionality) and the rest of mappings. Given this clean separation, we can only share the minimal set.
Problem
In the current upstream Linux ioremap implementation, one has to explicitly request ioremap area to remain in a private CoCo guest memory via a "encrypted" flag (making a default call to ioremap returning a shared memory region). The only ioremap interface that sets this encrypted flag is "ioremap_encrypted".
This leaves the rest of ioremap users in kernel (exception for memory having IORES_MAP_ENCRYPTED flag) sharing memory with the host. This not only include all the drivers (biggest ioremap user by far), but also other callers, including some BIOS regions.
Solutions
The original solution we used in past was to flip the encrypted flag around and only share the regions that are explicitly been asked to be mapped as shared: https://github.com/intel/tdx/commit/62b016a4e320f82dfe638f8891862a42dc802770 https://github.com/intel/tdx/commit/486fb7fa64f8ba7634fd9ec101b4b66ccdf8347b
This requires asking for a shared region for enabled drivers' mappings, MSI mailboxes, ACPI operating regions:
https://github.com/intel/tdx/commit/fd15426cf0c120e48b637c83d2449e95bc5daa7e https://github.com/intel/tdx/commit/b70345c4fd084203ed8b6f93ca756a087e02caf0 https://github.com/intel/tdx/commit/063e05d02f4584f7e26b36291bf2093026f667c0 https://github.com/intel/tdx/commit/33c1b6e80d0ac63ef0e7f18c6441f69adf79514e
Ideally we have discussed that we would need to have a clean separation in Linux between the ioremap mappings done by drivers (which are expected to be shared with the host for functionality) and the rest of mappings. Given this clean separation, we can only share the minimal set.