AMD Secure Memory Encryption Has a Flaw, Now Disabled by Default in Linux Kernel

According to a report from Phoronix, the Linux 5.15 kernel is receiving a new fix that involves disabling AMD's Secure Memory Encryption, or SME. This feature is normally enabled by default, but due to unexpected boot failures on some AMD machines, SME will now be disabled by default. Devs will update the Linux 5.15 kernel first, but the change will also move to prior kernels.

AMD Secure Memory Encryption is a feature exposed to AMD's EPYC and Ryzen Pro processors that allows the CPUs to encrypt the memory at a hardware level. AMD says the feature offers no significant impact on system performance and works with any OS and application because it's hardware-accelerated and doesn't rely upon software.

Phoronix notes this bug happens mostly on Raven Ridge APUs, but it can also happen with other Ryzen chips as well. For now, the Linux kernel maintainers will disable SME temporarily until a solution comes about that can intelligently determine when to enable and disable SME. The issue does not impact Windows users. 

Aaron Klotz
Contributing Writer

Aaron Klotz is a contributing writer for Tom’s Hardware, covering news related to computer hardware such as CPUs, and graphics cards.