ASRock.com Homepage
Forum Home Forum Home > Technical Support > AMD Motherboards
  New Posts New Posts RSS Feed - ASRock B550 Phantom Gaming and AMD SME
  FAQ FAQ  Forum Search Search  Events   Register Register  Login Login

ASRock B550 Phantom Gaming and AMD SME
 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
smeyes View Drop Down
Newbie
Newbie


Joined: 24 Oct 2021
Status: Offline
Points: 35 		Post Options Post Options   Thanks (0) Thanks(0)   Quote smeyes Quote  Post ReplyReply Direct Link To This Post Topic: ASRock B550 Phantom Gaming and AMD SME
    Posted: 24 Oct 2021 at 5:03am
Using
ASRock B550 Phantom Gaming-ITX/ax, BIOS P2.20 08/05/2021
with AMD Ryzen 7 PRO 5750GE with Radeon Graphics (100-000000257)
which have support for AMD Secure Encryption feature called "SME".

To use "SME" at OS level is must be enabled before OS start, hence it cannot be enabled in BIOS yet.

Verification of my statement:

1) CPU in question support "SME" at hardware level

# cpuid -1 -l 0x8000001f1f
CPU:
   AMD Secure Encryption (0x8000001f):
      SME: secure memory encryption support    = true
      SEV: secure encrypted virtualize support = true
      VM page flush MSR support                = true
      SEV-ES: SEV encrypted state support      = true
      SEV-SNP: SEV secure nested paging        = false
      VMPL: VM permission levels               = false
      hardware cache coher across enc domains  = false
      SEV guest exec only from 64-bit host     = true
      restricted injection                     = true
      alternate injection                      = true
      full debug state swap for SEV-ES guests  = true
      disallowing IBS use by host              = false
      encryption bit position in PTE           = 0x0 (0)
      physical address space width reduction   = 0x0 (0)
      number of VM permission levels           = 0x0 (0)
      number of SEV-enabled guests supported   = 0x0 (0)
      minimum SEV guest ASID                   = 0x1 (1)


2) but "SME" support is not enabled sadly
verified by bit 23 (MSR_AMD64_SYSCFG_MEM_ENCRYPT) of MSR 0xC0010010 (MSR_AMD64_SYSCFG)

# rdmsr -f 23:23 -x 0xC0010010
0

double check value

# rdmsr -x 0xC0010010
740000
# printf '%032.0f\n' $(bc <<<"obase=2;ibase=16;740000")
00000000011101000000000000000000
        ^ zero

It should be value 0xf40000

# printf '%032.0f\n' $(bc <<<"obase=2;ibase=16;F40000")
00000000111101000000000000000000
        ^

Also toggling Transparent Secure Memory Encryption (TSME) Feature at BIOS>Advanced tab>AMD CBS>UMC Common Options (DDR4 Common Options)>Security
does not help.

Please provide a BIOS option for enabling SME Feature or enlight me how to enable SME feature flag by current BIOS menu.
Back to Top
ASRock_TSD View Drop Down
ASRock_Official
ASRock_Official


Joined: 20 Mar 2015
Status: Offline
Points: 8532 		Post Options Post Options   Thanks (0) Thanks(0)   Quote ASRock_TSD Quote  Post ReplyReply Direct Link To This Post Posted: 26 Oct 2021 at 10:04am
Dear smeyes,
Thank you for the posting.

If you are using Linux OS, this behavior may be normal.
Recently, the Linux 5.15 kernel disabled the SME for fixing some problem.
You can refer to the article from following link for further information.

AMD Secure Memory Encryption Has a Flaw, Now Disabled by Default in Linux Kernel: https://www.tomshardware.com/news/amd-memory-encryption-disabled-in-linux

Thank you,

Best wishes,
ASRock TSD
Back to Top
smeyes View Drop Down
Newbie
Newbie


Joined: 24 Oct 2021
Status: Offline
Points: 35 		Post Options Post Options   Thanks (0) Thanks(0)   Quote smeyes Quote  Post ReplyReply Direct Link To This Post Posted: 09 Jun 2022 at 9:10pm
Hi,
any news?

We are still unable to enable AMD SME at BIOS to get it activate at Linux kernel.

However, if BIOS does not enable SME, then Linux will not be able to activate memory encryption,...
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.191 seconds.