I have been reading kvm related code and what I found was that pages don't zero out immediately when the vm closes but rather marks it as free for other processes to use and override. While that is great, memory can be zeroed out by utilizing the free threads unallocated by the vm and using memset upon vm exit and depending on how much mem is in need to be zeroed out it can takes milliseconds to a few seconds which mainly comes with a memory bandwidth cost which isn't a huge deal unless the machine is doing memory intensive tasks which can be solved by adding a flag to disable automatic zeroing mem? And using something like intel tdx might not be viable since they are mainly for datacenter cpus and most likely not available in consumer cpus
