Announcement

Collapse
No announcement yet.

AMD Secure Memory Encryption "SME" Performance With 4th Gen EPYC Genoa

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AMD Secure Memory Encryption "SME" Performance With 4th Gen EPYC Genoa

    Phoronix: AMD Secure Memory Encryption "SME" Performance With 4th Gen EPYC Genoa

    One of the security improvements made by AMD with their 4th Gen EPYC "Genoa" processors is upping their Secure Memory Encryption (SME) support from 128-bit to now 256-bit AES-XTS. AMD Secure Memory Encryption can be used for helping thwart attacks on the main system memory, but at what performance cost? In this article is an initial look at the AMD EPYC Genoa performance with AMD SME enabled/disabled.

    https://www.phoronix.com/review/amd-sme-genoa

  • #2
    What about SNP-SEV?

    Comment


    • #3
      Originally posted by milkylainen View Post
      What about SNP-SEV?
      Will get to SEV-SNP benchmarks eventually, but other more interesting tests on the priority with only having one Genoa server at the moment... And not all of SEV-SNP is upstreamed yet as added de-motivation.
      Michael Larabel
      https://www.michaellarabel.com/

      Comment


      • #4
        Michael , what about power? Presumably it uses more?

        Could any of the performance deficit possibly be due to reduced clock speeds (from reaching power limits, quicker)?

        Comment


        • #5
          Originally posted by coder View Post
          Michael , what about power? Presumably it uses more?

          Could any of the performance deficit possibly be due to reduced clock speeds (from reaching power limits, quicker)?
          From the RAPL interfaces for measuring the SoC power there was no difference at least for the 9654s.... Possibly on the lower-end it may be a bit more noticeable but for these 360 Watt parts there was no concrete difference.
          Michael Larabel
          https://www.michaellarabel.com/

          Comment


          • #6
            I was working on getting SME enabled on my 2700X just the other day in order to get a better level on GNOME's new privacy page I have a BIOS option for TSME, but nothing for SME specifically; it apparently just-works with mem_encrypt=on.

            I may have glanced passed any mention of it, but was testing done with TSME on?

            Comment


            • #7
              This is a cool security feature! Is it available on the ZEN 4 consumer processors or will we have to wait till ZEN 5 or later for that?

              Comment


              • #8
                That's a lot lower of a performance hit than i expected for such a feature.

                Comment


                • #9
                  Ubuntu mainline PPA kernel builds have been broken long time. I hope Ubuntu manages to fix them. I'm just too lazy to build them manually every week.

                  Comment


                  • #10
                    PIE/PIC is good for security but it's no match for encrypted memory. It's nice to see basically no overhead to encrypt the memory

                    Comment

                    Working...
                    X