ASRock B550 Phantom Gaming and AMD SME
Printed From: ASRock.com
Category: Technical Support
Forum Name: AMD Motherboards
Forum Description: Question about ASRock AMD motherboards
URL: https://forum.asrock.com/forum_posts.asp?TID=19743
Printed Date: 06 May 2024 at 11:55am
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com
Topic: ASRock B550 Phantom Gaming and AMD SME
Posted By: smeyes
Subject: ASRock B550 Phantom Gaming and AMD SME
Date Posted: 24 Oct 2021 at 5:03am
Using
ASRock B550 Phantom Gaming-ITX/ax, BIOS P2.20 08/05/2021
with AMD Ryzen 7 PRO 5750GE with Radeon Graphics (100-000000257)
which have support for AMD Secure Encryption feature called "SME".
To use "SME" at OS level is must be enabled before OS start, hence it cannot be enabled in BIOS yet.
Verification of my statement:
1) CPU in question support "SME" at hardware level
# cpuid -1 -l 0x8000001f1f
CPU:
AMD Secure Encryption (0x8000001f):
SME: secure memory encryption support = true
SEV: secure encrypted virtualize support = true
VM page flush MSR support = true
SEV-ES: SEV encrypted state support = true
SEV-SNP: SEV secure nested paging = false
VMPL: VM permission levels = false
hardware cache coher across enc domains = false
SEV guest exec only from 64-bit host = true
restricted injection = true
alternate injection = true
full debug state swap for SEV-ES guests = true
disallowing IBS use by host = false
encryption bit position in PTE = 0x0 (0)
physical address space width reduction = 0x0 (0)
number of VM permission levels = 0x0 (0)
number of SEV-enabled guests supported = 0x0 (0)
minimum SEV guest ASID = 0x1 (1)
|
2) but "SME" support is not enabled sadly
verified by bit 23 (MSR_AMD64_SYSCFG_MEM_ENCRYPT) of MSR 0xC0010010 (MSR_AMD64_SYSCFG)
# rdmsr -f 23:23 -x 0xC0010010
0
|
double check value
# rdmsr -x 0xC0010010
740000
# printf '%032.0f\n' $(bc <<<"obase=2;ibase=16;740000")
00000000011101000000000000000000
^ zero
|
It should be value 0xf40000
# printf '%032.0f\n' $(bc <<<"obase=2;ibase=16;F40000")
00000000111101000000000000000000
^
|
Also toggling Transparent Secure Memory Encryption (TSME) Feature at BIOS>Advanced tab>AMD CBS>UMC Common Options (DDR4 Common Options)>Security
does not help.
Please provide a BIOS option for enabling SME Feature or enlight me how to enable SME feature flag by current BIOS menu.
|
Replies:
Posted By: ASRock_TSD
Date Posted: 26 Oct 2021 at 10:04am
Dear smeyes,
Thank you for the posting.
If you are using Linux OS, this behavior may be normal.
Recently, the Linux 5.15 kernel disabled the SME for fixing some problem.
You can refer to the article from following link for further information.
AMD Secure Memory Encryption Has a Flaw, Now Disabled by Default in Linux Kernel: https://www.tomshardware.com/news/amd-memory-encryption-disabled-in-linux" rel="nofollow - https://www.tomshardware.com/news/amd-memory-encryption-disabled-in-linux
Thank you,
Best wishes,
ASRock TSD
|
Posted By: smeyes
Date Posted: 09 Jun 2022 at 9:10pm
Hi,
any news?
We are still unable to enable AMD SME at BIOS to get it activate at Linux kernel.
https://www.kernel.org/doc/html/latest/x86/amd-memory-encryption.html" rel="nofollow - However, if BIOS does not enable SME, then Linux will not be able to activate memory encryption,...
|
|