AMD mem_encrypt boot problem

[EvoXCX]

Impossible to boot on AMD GPU without mem_encrypt=off as kernel parameters.

[tsautereau-anssi]

Thank you for notifying us of that issue, but we're gonna need more information in order to be able to make progress on that.

First of all, are you sure it only happens with the linux-hardened patch set and not with a vanilla kernel? If so, with what version? Since when? Are you seeing any logs during boot (maybe leveraging earlyprintk)?

[EvoXCX]

Here can see problems resolve but need intervention (I'm not the only one to have this error with a CPU and AMD GPU) : https://bugs.archlinux.org/task/59463

Its not happen on vanilla kernel Since I need to use this kernel about 6 to 8 month I do not have any error or logs because the kernel remains stuck at init step See only "Load initial ramdisk" and block it's only things I can tell you

Thanks for support

[tsautereau-anssi]

Alright, thanks for the additional information.

I don't have the hardware to try to reproduce and without any logs it's going to be difficult to help you. If that's something you can do, could you begin a bisection on linux-hardened commits? I don't know much about AMD memory encryption, but from what I understand I don't really see what in linux-hardened could cause any issue. You may try to run linux-hardened with PAGE_SANITIZE_VERIFY disabled (or even with init_on_free=0 on your kernel command line), and then maybe with this commit reverted.

[anthraxx]

the issue happens when using amdgpu driver in combination with mem_encrypt (which is enabled per default via AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT. This happens with a vanilla kernel as well and is not hardened related. When AMD memory encryption is active the amdgpu driver refuses to load which results in the screen going blank on boot.

Doesn't look like there is some active work in progress to get this fixed anytime soon. Related references: https://lkml.org/lkml/2018/6/6/451 https://bugs.freedesktop.org/show_bug.cgi?id=104437

PS @EvoXCX: doesn't happen with vanilla != doesn't happen with the vanilla configuration provided by the Arch Linux binary package

[Bernhard40]

You may consider disable that option in linux-hardened for Arch.

[anthraxx]

There have been multiple different problems with mem_encrypt including some use-after-free kind of issues that manifest with init on free plus verify. This feature set in the vanilla kernel and ecosystem from amdgpu is incomplete at best, therefor I gonna disable this in Arch.

[Hello71]

FYI, mem_encrypt=on works for me with vanilla 5.7 and RX 480. It's broken again on torvalds master, but I'm trying to get that fixed.

[anthraxx]

Potential fix in v5.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7cad554887f1c5fd77e57e6bf4be38370c2160cb

[dm17]

Will this be toggleable on the vanilla kernel in the future without needing to recompile?

[Hello71]

fwiw it is again working for me (fixed at some point between 5.7+ and 5.13).

[EvoXCX]

Is this issue still ongoing ?

[dm17]

Can't test it because as soon as mem_encrypt started working in some kernel version, then it got enabled and my Ryzen Pro's iGPU stopped working because "amdgpu: SME is not compatible with RAVEN". So I give up... Always need newer gear to get features that are several generations old to work.