Is there a way to demonstrate SME is in effect for my processor (EPYC 7000) What if the Linux kernel is not supporting it? How would I know?
I moved your question to AMD Server Gurus so we can help you.
Secure Memory Encryption (SME) requires Linux mainline kernel version 4.14 or that it is enabled directly in your BIOS. If you are using BIOS encryption, SME will be invisible to the OS. I would also recommend that you contact your OS vendor and ask them for a timeline of when their SME support is enabled.
I have SME and SVE enabled in BIOS and ofc an kernel with SME support and booted with SME enabled will show you that.
$ sudo journalctl -b | grep -i '(SME)'
Apr 04 18:29:41 localhost kernel: AMD Secure Memory Encryption (SME) active...
Like jesse pointed out you need an kernel >= 4.14.x.
First check whatever your Distribution enabled that support:
zgrep CONFIG_AMD_MEM_ENCRYPT /proc/config.gz CONFIG_AMD_MEM_ENCRYPT=y <-- support enabled# CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT is not set <-- most will look like this so no worrie
If your kernel supports that next step is to enable it. For that simple append to your bootloader:
Once booted you can just run " dmesg | grep -i '(SME)' " to see it is enabled or not.
Retrieving data ...