Re: [RFC] Skip boot memory scrub on platforms with full-memory encryption

["Samuel.Montgomery61" <Samuel.Montgomery61@xxxxxxxxxxxxxx>]

On XX.05.2026 XX:XX, Andrew Cooper wrote:
> One part of it says "make sure after a crash
> we don't have old guest data around in memory", and encryption is
> specifically irrelevant for this case; the ephemeral key doesn't change
> on warm reset.
 
Could you clarify this? My understanding is that firmware re-runs on a
warm reset and re-initializes TME with a new key. The key would only
persist across kexec, where the CPU is never reset and firmware doesn't
re-run. Am I wrong about that?
 
> Something relevant to QubeOS is that for DRTM (Anti Evil Maid), it is
> required (by the TXT spec at least) that Xen scrub memory between
> receiving a shutdown request and actioning it.
 
Agreed, but that's shutdown scrubbing, not boot scrubbing. A separate
problem.
 
> Another aspect is to populate Xen's free memory pool with ready-to-go
> memory.
 
I don't think "ready-to-go" requires zeroed pages. bootscrub=off
already hands out unscrubbed pages, and the debug build specifically
poisons pages with a non-zero pattern to catch code that relies on
them being zeroed. So the functional requirement is that pages are
safe to hand out, which encryption satisfies, right?
 
Sam