Secure Memory Encryption feature is now supported on AMD platform

AMD's SME (Secure Memory Encryption) feature was first enabled in Red Hat Enterprise Linux 7.5. This technology uses a single key to encrypt system memory which is generated by the AMD Secure Processor at boot.

SME requires enablement in either the system BIOS or operating system. When enabled in the BIOS, memory encryption is transparent and can be run with any operating system. However, this feature is turned off by default on all systems booting the Red Hat Enterprise Linux kernel and must be turned on with a kernel boot parameter.

Red Hat is committed to resolve SME related unknown issues by working with our AMD, DELL, and HPE partners to resolve them at the earliest. If you experience SME related issues on your AMD Epyc systems you are encouraged to report them in the Red Hat Customer Portal so Red Hat Engineering and Quality Engineering Teams can work with our OEM partners to resolve them as quickly as possible.