On 8/25/20 10:59 AM, Andrew Cooper wrote: > If I've read the TDX spec/whitepaper properly, the main hypervisor can > write to all the encrypted pages. This will destroy data, break the > MAC, and yields #PF inside the SEAM hypervisor, or the TD when the cache > line is next referenced.
I think you're talking about: > Attempting to access a private KeyID by software outside the SEAM > mode would cause a page-fault exception (#PF). I don't think that ever results in a TD guest #PF. "A MAC-verification failure would be fatal to the TD and lead to its termination." In this context, I think that means that the TD stops running and can not be reentered.
