ASRock B550 Phantom Gaming and AMD SME
Printed From: ASRock.com
Category: Technical Support
Forum Name: AMD Motherboards
Forum Description: Question about ASRock AMD motherboards
URL: https://forum.asrock.com/forum_posts.asp?TID=19743
Printed Date: 06 May 2024 at 11:55am Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com
Topic: ASRock B550 Phantom Gaming and AMD SME
Posted By: smeyes
Subject: ASRock B550 Phantom Gaming and AMD SME
Date Posted: 24 Oct 2021 at 5:03am
Using ASRock B550 Phantom Gaming-ITX/ax, BIOS P2.20 08/05/2021 with AMD Ryzen 7 PRO 5750GE with Radeon Graphics (100-000000257) which have support for AMD Secure Encryption feature called "SME".
To use "SME" at OS level is must be enabled before OS start, hence it cannot be enabled in BIOS yet.
Verification of my statement:
1) CPU in question support "SME" at hardware level
# cpuid -1 -l 0x8000001f1f CPU: AMD Secure Encryption (0x8000001f): SME: secure memory encryption support = true SEV: secure encrypted virtualize support = true VM page flush MSR support = true SEV-ES: SEV encrypted state support = true SEV-SNP: SEV secure nested paging = false VMPL: VM permission levels = false hardware cache coher across enc domains = false SEV guest exec only from 64-bit host = true restricted injection = true alternate injection = true full debug state swap for SEV-ES guests = true disallowing IBS use by host = false encryption bit position in PTE = 0x0 (0) physical address space width reduction = 0x0 (0) number of VM permission levels = 0x0 (0) number of SEV-enabled guests supported = 0x0 (0) minimum SEV guest ASID = 0x1 (1)
|
2) but "SME" support is not enabled sadly verified by bit 23 (MSR_AMD64_SYSCFG_MEM_ENCRYPT) of MSR 0xC0010010 (MSR_AMD64_SYSCFG)
# rdmsr -f 23:23 -x 0xC0010010 0
|
double check value
# rdmsr -x 0xC0010010 740000 # printf '%032.0f\n' $(bc <<<"obase=2;ibase=16;740000") 00000000011101000000000000000000 ^ zero
|
It should be value 0xf40000
# printf '%032.0f\n' $(bc <<<"obase=2;ibase=16;F40000") 00000000111101000000000000000000 ^
|
Also toggling Transparent Secure Memory Encryption (TSME) Feature at BIOS>Advanced tab>AMD CBS>UMC Common Options (DDR4 Common Options)>Security does not help.
Please provide a BIOS option for enabling SME Feature or enlight me how to enable SME feature flag by current BIOS menu.
|
Replies:
Posted By: ASRock_TSD
Date Posted: 26 Oct 2021 at 10:04am
Dear smeyes, Thank you for the posting.
If you are using Linux OS, this behavior may be normal. Recently, the Linux 5.15 kernel disabled the SME for fixing some problem. You can refer to the article from following link for further information.
AMD Secure Memory Encryption Has a Flaw, Now Disabled by Default in Linux Kernel: https://www.tomshardware.com/news/amd-memory-encryption-disabled-in-linux" rel="nofollow - https://www.tomshardware.com/news/amd-memory-encryption-disabled-in-linux
Thank you,
Best wishes, ASRock TSD
|
Posted By: smeyes
Date Posted: 09 Jun 2022 at 9:10pm
Hi, any news?
We are still unable to enable AMD SME at BIOS to get it activate at Linux kernel.
https://www.kernel.org/doc/html/latest/x86/amd-memory-encryption.html" rel="nofollow - However, if BIOS does not enable SME, then Linux will not be able to activate memory encryption,...
|
|