Systems and methods for memory management for virtual machines. An example method may include creating, by a hypervisor running on a host computer system, a virtual device associated with a virtual machine managed by the hypervisor. The virtual device may include a virtual input/output memory management unit (IOMMU). The method may further include appending, by a driver of the virtual device, a plurality of page table entries to a page table of the virtual IOMMU, wherein each page table entry of the plurality of page table entries references unencrypted memory pages used by the virtual machine. Responsive to receiving a memory access request with respect to a memory page, the hypervisor may determine, using the page table of the virtual IOMMU, whether the memory page is encrypted.