[Hardening aspect] Ensure minimal set of ioremaped areas are shared with the host/VMM

[ereshetova]

Problem

In the current upstream Linux ioremap implementation, one has to explicitly request ioremap area to remain in a private CoCo guest memory via a "encrypted" flag (making a default call to ioremap returning a shared memory region). The only ioremap interface that sets this encrypted flag is "ioremap_encrypted".

This leaves the rest of ioremap users in kernel (exception for memory having IORES_MAP_ENCRYPTED flag) sharing memory with the host. This not only include all the drivers (biggest ioremap user by far), but also other callers, including some BIOS regions.

Solutions

The original solution we used in past was to flip the encrypted flag around and only share the regions that are explicitly been asked to be mapped as shared:
intel-staging/tdx@62b016a
intel-staging/tdx@486fb7f

This requires asking for a shared region for enabled drivers' mappings, MSI mailboxes, ACPI operating regions:

intel-staging/tdx@fd15426
intel-staging/tdx@b70345c
intel-staging/tdx@063e05d
intel-staging/tdx@33c1b6e

Ideally we have discussed that we would need to have a clean separation in Linux between the ioremap mappings done by drivers (which are expected to be shared with the host for functionality) and the rest of mappings. Given this clean separation, we can only share the minimal set.