2 Replies Latest reply on Apr 9, 2018 10:25 AM by abucodonosor

    EPYC SME

    glenntu

      Is there a way to demonstrate SME is in effect for my processor (EPYC 7000)  What if the Linux kernel is not supporting it?  How would I know?

        • Re: EPYC SME
          jesse_amd

          Hello glenntu,

           

          I moved your question to AMD Server Gurus so we can help you.

           

          Secure Memory Encryption (SME) requires Linux mainline kernel version 4.14 or that it is enabled directly in your BIOS. If you are using BIOS encryption, SME will be invisible to the OS. I would also recommend that you contact your OS vendor and ask them for a timeline of when their SME support is enabled.

            • Re: EPYC SME
              abucodonosor

              @jesse_amd

               

              I have SME and SVE enabled in BIOS and ofc an kernel with SME support and booted with SME enabled will show you that.

               

              $ sudo journalctl -b  | grep -i '(SME)'

              Apr 04 18:29:41 localhost kernel: AMD Secure Memory Encryption (SME) active
              ...

               

              glenntu

               

              Like jesse pointed out you need an kernel >= 4.14.x.

              First check whatever your Distribution enabled that support:

               

              zgrep CONFIG_AMD_MEM_ENCRYPT /proc/config.gz
              CONFIG_AMD_MEM_ENCRYPT=y <-- support enabled
              # CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT is not set <-- most will look like this so no worrie

               

              If your kernel supports that next step is to enable it. For that simple append to your bootloader:

               

              mem_encrypt=on

              Once booted you can just run "  dmesg | grep -i '(SME)' " to see it is enabled or not.

               

              Regards

              2 of 2 people found this helpful