On Tue, Jul 01, 2025, Vishal Annapurve wrote: > I would be curious to understand if we need zeroing on conversion for > Confidential VMs. If not, then the simple rule of zeroing on > allocation only will work for all usecases. Unless I'm misunderstanding what your asking, pKVM very specific does NOT want zeroing on conversion, because one of its use cases is in-place conversion, e.g. to fill a shared buffer and then convert it to private so that the buffer can be processed in the TEE. Some architectures, e.g. SNP and TDX, may effectively require zeroing on conversion, but that's essentially a property of the architecture, i.e. an arch/vendor specific detail.
