Re: [RFCv1 7/7] KVM: unmap guest memory using poisoned pages

[Andi Kleen]

Christophe de Dinechin <cdupontd@xxxxxxxxxx> writes:

> Is there even a theoretical way to restore an encrypted page e.g. from (host)
> swap without breaking the integrity check? Or will that only be possible with
> assistance from within the encrypted enclave?

Only the later.

You would need balloning. It's in principle possible, but currently
not implemented.

In general host swap without balloning is usually a bad idea anyways
because it often just swaps a lot of cache data that could easily be
thrown away instead.

-andi