Linux kernel 5.15 disables Secure Memory Encryption for some AMD CPUs by default. The feature is pre-enabled by default on supported CPUs, but it may cause boot issues on Linux systems.
According to Phoronix SME is enabled by default since feature support was added to the Linux kernel. However, Linux users have noticed bugs, with the feature causing boot issues in some cases. This may happen, for example, due to interaction problems between SMEs and I/O memory management unit. Also, SME can lead to problems with some GPU drivers, which sometimes have problems if the PC memory is encrypted.
Linux users have reported the possibility of problems with AMD Raven Ridge APUs like the Ryzen 3 2200G, for example. However, boot issues can also occur with other processors. Users who still want to use SME on Linux systems with kernel version 5.15 can enable the feature manually by
mem_encrypt=on to the bootloader options.
from Secure Memory Extended Encryption Allows supported CPUs to encrypt system memory. On AMD’s EPYC server processors and Ryzen Pro and Threadripper Pro CPUs, the feature is also known as Memory Guard.
“Lifelong zombie fanatic. Hardcore web practitioner. Thinker. Music expert. Unapologetic pop culture scholar.”