I'm still working on this but it's really slow going rn, got very little time.

I think i've wrapped my head around dmap & friends... it makes things more complicated.
Will have to demote dmap mappings. If i try to encrypt user-mode pages first, i'll need to demote the dmap pages down from 1gb into 4k and set the c-bit for the small pages.
Same for trying to encrypt all pages. Will still have to demote dmap pages because of dma and the existing kernel text and preloaded module pages.

hi kib, thanks for taking a look!
i'll try to figure out the dmap bits, thanks for the pointer.

more context