On Tue, Oct 5, 2021 at 10:29 AM Paul Menzel <pmenzel@xxxxxxxxxxxxx> wrote: > > Dear Tom, dear Linux folks, > > > Selecting the symbol `AMD_MEM_ENCRYPT` – as done in Debian 5.13.9-1~exp1 > [1] – also selects `AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT`, as it defaults > to yes, causing boot failures on AMD Raven systems. On the MSI B350M > MORTAR with AMD Ryzen 3 2200G, Linux logs and the AMDGPU graphics > driver, despite being loaded, does not work, and the framebuffer driver > is used instead. > > [ 19.679824] amdgpu 0000:26:00.0: amdgpu: SME is not compatible > with RAVEN > > It even causes black screens on other systems as reported to the Debian > bug tracking system *Black screen on AMD Ryzen based systems (AMDGPU > related when AMD Secure Memory Encryption not disabled -- > mem_encrypt=off)* [2]. It's not incompatible per se, but SEM requires the IOMMU be enabled because the C bit used for encryption is beyond the dma_mask of most devices. If the C bit is not set, the en/decryption for DMA doesn't occur. So you need IOMMU to be enabled in remapping mode to use SME with most devices. Raven has further requirements in that it requires IOMMUv2 functionality to support some features which currently uses a direct mapping in the IOMMU and hence the C bit is not properly handled. Alex > > Should the default be changed? > > > Kind regards, > > Paul > > > [1]: > https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/changelog#L1138 > [2]: https://bugs.debian.org/994453