misc: Do not enable E2H at entry on aarch64

common/efi_thunk.asm_uefi_aarch64

@@ -7,23 +7,6 @@ efi_main:
     mov x30, xzr
     mov x29, xzr
 
-    // If at EL2 and VHE is supported, enable it early so that
-    // VHE register redirection is active throughout the bootloader.
-    mrs x8, currentel
-    and x8, x8, #0b1100
-    cmp x8, #0b1000            // EL2?
-    b.ne 1f
-
-    mrs x8, id_aa64mmfr1_el1
-    ubfx x8, x8, #8, #4       // VH field, bits [11:8]
-    cbz x8, 1f
-
-    mrs x8, hcr_el2
-    orr x8, x8, #(1 << 34)    // E2H
-    msr hcr_el2, x8
-    isb
-
-1:
     b uefi_entry
 
 .section .note.GNU-stack,"",%progbits

common/lib/spinup.asm_aarch64

@@ -117,13 +117,19 @@ enter_in_el1:
 // noreturn void enter_in_el2(uint64_t entry, uint64_t sp, uint64_t sctlr,
 //                            uint64_t mair, uint64_t tcr, uint64_t ttbr0,
 //                            uint64_t ttbr1, uint64_t direct_map_offset)
-// Enter kernel at EL2 with VHE. Must be called at EL2 with E2H already enabled.
+// Enter kernel at EL2 with VHE. Must be called at EL2.
 
 .global enter_in_el2
 enter_in_el2:
     msr spsel, #0
     mov sp, x1
 
+    // Enable E2H if not already set
+    mrs x8, hcr_el2
+    orr x8, x8, #(1 << 34)
+    msr hcr_el2, x8
+    isb
+
     // Switch page tables using VHE-redirected register names.
     // Under VHE, *_el1 writes go to the EL2 register bank.