Version 5.15 of the Linux kernel disables the Secure Memory Encryption feature of certain AMD CPUs by default. The feature was previously enabled by default on supported CPUs, but would cause boot issues on Linux systems.
According to Phoronix, SME has been enabled by default since support for the feature was added to the Linux kernel. However, Linux users have noticed bugs, with the feature leading to boot problems in some cases. This would occur, for example, due to interaction problems between SME and the input-output memory management unit. SME can also lead to problems with certain gpu drivers, which sometimes run into problems if a PC’s memory is encrypted.
Linux users are reporting that the issues can occur on AMD Raven Ridge APUs such as the Ryzen 3 2200G, for example. However, the boot problems can also occur with other processors. Users who still want to use SME on Linux systems with kernel version 5.15 can manually enable the feature by adding mem_encrypt=on to the bootloader options.
The Secure Memory Encryption extension allows supported CPUs to hardware-encrypt system memory. On AMD’s EPYC server processors and Ryzen Pro and Threadripper Pro CPUs, the feature is also known as Memory Guard.