Add AMD SME/SEV enabling boot parameters

As further hardening for professional and server CPUs, we should recommend enabling hardware-based encryption of physical memory. Note SME was enabled by default prior to kernel 5.15 but was disabled due to what appears to be a legacy and isolated issue concerning DMA masks.

I am proposing to add the following command line options:
```
mem_encrypt=on
kvm_amd.sev=1
vm_amd.sev_es=1
vm_amd.sev_snp=1
```

Please see https://github.com/Kicksecure/security-misc/pull/338, https://github.com/Kicksecure/security-misc/pull/341, and https://github.com/Kicksecure/security-misc/pull/352 for some additional details.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add AMD SME/SEV enabling boot parameters #19

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add AMD SME/SEV enabling boot parameters #19

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions