On Tue, Aug 02, 2022 at 03:47:25PM +0800, Xiaoyao Li wrote: > Bit 28, named SEPT_VE_DISABLE, disables EPT violation conversion to #VE > on guest TD access of PENDING pages when set to 1. Some guest OS (e.g., > Linux TD guest) may require this bit set as 1. Otherwise refuse to boot. --verbose please. That somehow doesn't make sense to me. A guest is either TDX-aware (which should be the case for linux 5.19+), or it is not. My expectation would be that guests which are not TDX-aware will be disturbed by any #VE exception, not only the ones triggered by EPT violations. So I'm wondering what this config bit actually is useful for ... take care, Gerd
