AMD Secure Memory Encryption: Security feature prevents the boot process under Linux


The activation of the security feature AMD Secure Memory Encryption, which was introduced in February 2017 with the Ryzen processors of the first generation and is intended to provide more security by encrypting the main memory, can be done under Linux Problems during the boot process and increased crashes lead to.

Raven Ridge cannot deal with SME under Linux

As the Neowin website now reports, the problem in the dedicated security processor, which all the following Zen processors have had since the introduction of the AMD Ryzen 1000 series (test) alias Summit Ridge, was discovered by Linux engineer Paul Menzel on October 5th. In particular, on computer systems with processors or APUs of the Raven Ridge type, boot problems and crashes occur more frequently when the SME feature is activated.

Image 1 of 2

AMD Secure Processor

After Paul Menzel was able to reproduce the problem with an AMD Ryzen 3 2200G (test) on a mainboard with a B350 chipset, he reported the matter to the responsible maintainer, who then deactivated the feature by default.

Dear Tom, dear Linux folks,

Selecting the symbol `AMD_MEM_ENCRYPT` – as done in Debian 5.13.9-1 ~ exp1 [1] – also selects `AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT`, as it defaults to yes, causing boot failures on AMD Raven systems.

On the MSI B350M MORTAR with AMD Ryzen 3 2200G , Linux logs and the AMDGPU graphics driver, despite being loaded, does not work, and the framebuffer driver is used instead.

It even causes black screens on other systems as reported to the Debian bug tracking system * Black screen on AMD Ryzen based systems (AMDGPU related when AMD Secure Memory Encryption not disabled – mem_encrypt = off) * [2].

The complete facts and the correspondence of the Linux engineer with the responsible kernel maintainer, with whom the inventor and publisher of the Linux kernel Linus Torvalds is also in the distribution, was made accordingly documented.

No problems under Windows and for private users

Under Windows the corresponding problems have not yet been identified and the error does not represent too great a hurdle, especially for private users, since the security feature is usually only used in the enterprise environment in order to save sensitive data in the main memory keys.