AMD CPU part:
mem_encrypt= [X86-64] AMD Secure Memory Encryption (SME) control Valid arguments: on, off Default (depends on kernel configuration option): on (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y) off (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=n) mem_encrypt=on: Activate SME mem_encrypt=off: Do not activate SME Refer to Documentation/virt/kvm/amd-memory-encryption.rst for details on when memory encryption can be activated.
Should we enable this by default in package
What would be the Intel equivalent? Intel MKTME? But that doesn’t seem ready at time of writing?
Does this help to defeat cold boot attacks?