Linux To No Longer Enable AMD SME Usage By Default Due To Problems With Some Hardware

Written by Michael Larabel in AMD on 17 October 2021 at 07:00 AM EDT. 28 Comments
AMD
Being sent in as a fix for the Linux 5.15 kernel this morning and to be back-ported to existing stable series is a behavior change that the Linux kernel will no longer use AMD Secure Memory Encryption (SME) by default on supported hardware but rather making it now opt-in due to shortcomings of some platforms.

Since the introduction of AMD SME support to the Linux kernel, Secure Memory Encryption has been activated by default when the SME support (AMD_MEM_ENCRYPT) is built into the kernel. That defaulting of "AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT" allowed for Secure Memory Encryption to be used out-of-the-box without needing to specify any extra kernel parameters or the like. Unfortunately, that's led to boot failures on some platforms particularly around IOMMU along with other headaches to work out as well, like some graphics driver issues with not expecting the memory to be encrypted.

The change to not use AMD SME by default stems from this latest mailing list thread over platform problems (in this case, but not limited only to, Raven Ridge) and boot failures possible from trying SME by default. Unfortunately with SME needing to be enabled at an early stage in the kernel boot process, there isn't the possibility at least for now of having enhanced logic for figuring out in a more robust manner when it's possible to enable/disable SME without user interaction.

The patch making the change sums up the current situation:


So with today's x86/urgent pull request going into Linux 5.15 and then back-ported to prior kernels, AMD memory encryption will not default to enabled. Assuming your kernel is built though with the AMD memory encryption code included, it is possible to enjoy Secure Memory Encryption by setting the "mem_encrypt=on" option to have what was previously the default behavior.
28 Comments
Related News
New AMD Linux Patch Acknowledges More Zen 5 CPU Models
AMD Prepping Fixes & Enhancements For P-State CPUFreq Driver
AMD SEV-SNP Hypervisor Support Nears The Mainline Linux Kernel
AMD Announces Versal Gen 2 Adaptive SoCs - AI Focused & Newer Arm Cores
SolidRun Launches Bedrock R8000 As First Industrial PCs With Ryzen Embedded 8000 Series
AMD Announces Ryzen Embedded 8000 Series With Focus On Industrial AI
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Fedora Linux 40 Available For Download As A Wonderful Upgrade
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"