> On 4/26/22 12:23, Jue Wang wrote: > > On Tue, Apr 26, 2022 at 11:18 AM Dave Hansen <dave.hansen@xxxxxxxxx> wrote: > I shouldn't speak for Intel as a whole, but I'll give you my personal > perspective. > > Right now, hosts can't scan TDX private memory, period. If you wanted > to do scanning, the guest has to do it or you have to kill the guest and > make the memory non-private. Actually, afaiu, the host can read tdx private memory. This should NOT generate #MC due to integrity/TD ownership but return a fixed value of "0"s. I do not know if this will also trigger #MCs due to memory errors. > > Going forward, guest memory scanning could be accomplished by allowing > the VMM to migrate guest pages. Let's say you want to scan page "A", > you could move A->B and B->A. That would certainly touch the page. > This would need to be implemented in the TDX module. TDH.MEM.PAGE.RELOCATE should be able to migrate guest pages but I am not sure if this would be feasible depending on how often we keep relocating pages.
