Compatibility of KSM with SEV and SME Enabled on Host

[Petros]

Hello Proxmox Community,

I hope you're all doing well. I'm currently exploring the functionalities of Kernel Same-page Merging (KSM) in conjunction with AMD's Secure Encrypted Virtualization (SEV) and Secure Memory Encryption (SME) features. Specifically, I'm keen to understand the interplay between these technologies when enabled on a Proxmox host.

My primary question is: If I have both SEV and SME enabled on my Proxmox host, will KSM still operate as expected and efficiently merge identical memory pages? Are there any known issues, limitations, or best practices to be aware of when using these features together?

Any insights or experiences from the community would be greatly appreciated. Thank you in advance for your assistance!

Best regards,
Petros.

 

[MarkusF]

Hello,

I do not think ksm will work as expected, since the host cannot see the memory of the guest.
There are many other problems with sev right now, for example any action that involves memory like snapshots & live-migration do not work right now or is attackable.

 

[Petros]

So do you suggest to disable SEV temporarily? I have proxmox 8 tho. Thank you.

 

[MarkusF]

There is no need to disable it.

As long as you do not add something like this

-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1
-machine memory-encryption=sev0

to your qemu command you are not using SEV anyway.

 

[Petros]

Thank you for the useful info.