On 07/19/2018 12:32 AM, Kirill A. Shutemov wrote: > On Wed, Jul 18, 2018 at 10:38:27AM -0700, Dave Hansen wrote: >> On 07/17/2018 04:20 AM, Kirill A. Shutemov wrote: >>> Pages encrypted with different encryption keys are not allowed to be >>> merged by KSM. Otherwise it would cross security boundary. >> Let's say I'm using plain AES (not AES-XTS). I use the same key in two >> keyid slots. I map a page with the first keyid and another with the >> other keyid. >> >> Won't they have the same cipertext? Why shouldn't we KSM them? > We compare plain text, not ciphertext. And for good reason. What's the reason? Probably good to talk about it for those playing along at home. > Comparing ciphertext would only make KSM successful for AES-ECB that > doesn't dependent on physical address of the page. > > MKTME only supports AES-XTS (no plans to support AES-ECB). It effectively > disables KSM if we go with comparing ciphertext. But what's the security boundary that is violated? You are talking about some practical concerns (KSM scanning inefficiency) which is a far cry from being any kind of security issue.
