Christophe de Dinechin <cdupontd@xxxxxxxxxx> writes: > Is there even a theoretical way to restore an encrypted page e.g. from (host) > swap without breaking the integrity check? Or will that only be possible with > assistance from within the encrypted enclave? Only the later. You would need balloning. It's in principle possible, but currently not implemented. In general host swap without balloning is usually a bad idea anyways because it often just swaps a lot of cache data that could easily be thrown away instead. -andi
