On Fri, Apr 03, 2026, Ackerley Tng wrote: > Currently, in TDX's populate flow, KVM doesn't do any copying, it only > instructs TDX to do the copying.
I disagree with this statement. For all intents and purposes, the TDX-Module is firmware. If Intel had elected to implement TDX via XuCode, and presented it to software as ISA (see SGX), then under the hood "firmware" would still be doing the actual copy, but KVM would be execute some form of "copy" instruction. Saying "KVM doesn't do any copying" is (very loosely) analogous to saying that KVM doesn't copy anything when it does REP MOVSQ. It wasn't me your honor, Intel's string engine did it! I don't think it changes anything in practice, but I don't want to treat TDX SEAMCALLs (or SNP PSP commands) as something completely different than what we usually think of as "hardware".
