Secure paging with page change detection

What is claimed is: 1 . A method comprising: computing a hash value of a page of memory of a computer system; comparing the hash value with a previously computed hash value of the page; using a per-encryption value per page in encrypting the page based on determining that the hash value matches the previously computed hash value; and using a modified value of the per-encryption value per page in encrypting the page based on determining that the hash value mismatches the previously computed hash value. 2 . The method of claim 1 , wherein the encrypting is performed by a secure control interface responsive to a request of a host to convert the page from a secure page to a non-secure page. 3 . The method of claim 2 , further comprising: providing the non-secure page as encrypted to the host for storage. 4 . The method of claim 3 , further comprising: storing the hash value in a secure table of the secure control interface. 5 . The method of claim 4 , further comprising: converting the non-secure page to the secure page; decrypting, by the secure interface control, the secure page based on the per-encryption value associated with the page to produce a decrypted page; computing a hash value of the decrypted page; comparing the hash value of the decrypted page with the hash value of the page as stored in the secure table; and validating the decrypted page based on determining that the hash value of the decrypted page matches the hash value stored in the secure table. 6 . The method of claim 2 , wherein the secure interface control comprises firmware, hardware, or a combination of firmware and hardware; the secure page is assigned to a secure container or a secure virtual machine managed by the host; and the host is a hypervisor or an operating system. 7 . The method of claim 1 , wherein encrypting the page incorporates a combination of an address value associated with the page, one or more random values, and the per-encryption value with a cryptographically-secure hash function. 8 . The method of claim 1 , wherein an initial value of the per-encryption value is established before the per-encryption value is used. 9 . A system comprising: a memory; a processing unit; and a secure interface control interfaced with the processing unit and the memory, the secure interface control configured to perform operations comprising: computing a hash value of a page of the memory; comparing the hash value with a previously computed hash value of the page; using a per-encryption value per page in encrypting the page based on determining that the hash value matches the previously computed hash value; and using a modified value of the per-encryption value per page in encrypting the page based on determining that the hash value mismatches the previously computed hash value. 10 . The system of claim 9 , wherein the encrypting is performed by the secure control interface responsive to a request of a host to convert the page from a secure page to a non-secure page. 11 . The system of claim 10 , wherein the operations further comprise providing the non-secure page as encrypted to the host for storage. 12 . The system of claim 11 , wherein the operations further comprise storing the hash value in a secure table of the secure control interface. 13 . The system of claim 12 , wherein the operations further comprise: converting the non-secure page to the secure page; decrypting, by the secure interface control, the secure page based on the per-encryption value associated with the page to produce a decrypted page; computing a hash value of the decrypted page; comparing the hash value of the decrypted page with the hash value of the page as stored in the secure table; and validating the decrypted page based on determining that the hash value of the decrypted page matches the hash value stored in the secure table. 14 . The system of claim 10 , wherein the secure interface control comprises firmware, hardware, or a combination of firmware and hardware; the secure page is assigned to a secure container or a secure virtual machine managed by the host; and the host is a hypervisor or an operating system. 15 . The system of claim 9 , wherein encrypting the page incorporates a combination of an address value associated with the page, one or more random values, and the per-encryption value with a cryptographically-secure hash function. 16 . The system of claim 9 , wherein an initial value of the per-encryption value is established before the per-encryption value is used. 17 . A computer program product comprising a computer readable storage medium, the computer readable storage medium comprising computer executable instructions, which when executed perform a method comprising: computing a hash value of a page of memory of a computer system; comparing the hash value with a previously computed hash value of the page; using a per-encryption value per page in encrypting the page based on determining that the hash value matches the previously computed hash value; and using a modified value of the per-encryption value per page in encrypting the page based on determining that the hash value mismatches the previously computed hash value. 18 . The computer program product of claim 17 , wherein the encrypting is performed by a secure control interface responsive to a request of a host to convert the page from a secure page to a non-secure page. 19 . The computer program product of claim 18 , wherein the executable instructions when executed further perform the method comprising: providing the non-secure page as encrypted to the host for storage. 20 . The computer program product of claim 19 , wherein the executable instructions when executed further perform the method comprising: storing the hash value in a secure table of the secure control interface. 21 . The computer program product of claim 20 , wherein the executable instructions when executed further perform the method comprising: converting the non-secure page to the secure page; decrypting, by the secure interface control, the secure page based on the per-encryption value associated with the page to produce a decrypted page; computing a hash value of the decrypted page; comparing the hash value of the decrypted page with the hash value of the page as stored in the secure table; and validating the decrypted page based on determining that the hash value of the decrypted page matches the hash value stored in the secure table. 22 . The computer program product of claim 18 , wherein the secure page is assigned to a secure container or a secure virtual machine managed by the host, and the host is a hypervisor or an operating system. 23 . The computer program product of claim 17 , wherein encrypting the page incorporates a combination of an address value associated with the page, one or more random values, and the per-encryption value with a cryptographically-secure hash function. 24 . The computer program product of claim 17 , wherein an initial value of the per-encryption value is established before the per-encryption value is used.