What is an Encryption controller ( in an AMD CPU)?

Following is from lspci output on my debian 10 (proxmox kernel 5.4.78-2-pve, with an AMD Ryzen 5 PRO 4650G apu on an Asrock B450 Pro R2.0 motherboard:

0b:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor
Subsystem: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor
Flags: bus master, fast devsel, latency 0, IRQ 10
Memory at fc700000 (32-bit, non-prefetchable) [size=1M]
Memory at fc88c000 (32-bit, non-prefetchable) [size=8K]
Capabilities: [48] Vendor Specific Information: Len=08 <?>
Capabilities: [50] Power Management version 3
Capabilities: [64] Express Endpoint, MSI 00
Capabilities: [a0] MSI: Enable- Count=1/2 Maskable- 64bit+
Capabilities: [c0] MSI-X: Enable- Count=2 Masked-
Capabilities: [100] Vendor Specific Information: ID=0001 Rev=1 Len=010 <?>

My questions are:

1- what exactly is an “Encryption controller”? Do I have it because my CPU is ‘pro’? I am assuming some sort of hardware offloading, but more information would be good.

2- why doesn’t it have a kernel driver or a kernel module? do I need to install something?

Thanks,

It’s not because it’s a Pro CPU, I have it on a 2700X:

0c:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 00h-0fh) Platform Security Processor

My guess is it either implements encryption functions in hardware, or it accelerates them in some way, would probably have to ask AMD for that :stuck_out_tongue:

As for your second point, it does (use lspci -k):

0c:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 00h-0fh) Platform Security Processor
        Subsystem: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 00h-0fh) Platform Security Processor
        Kernel driver in use: ccp
        Kernel modules: ccp

Which is obviously the Chinese Communist Party living in your CPU :wink:

1 Like

Hey, thanks for the reply.

You are right I have it in my other Ryzen CPUs as well. I also have the ccp kernel module in fedora (32 kernel 5.10.12) , but I didn’t have it in debian 10. It probably have something to do with the kernel version and not a missing package. debian 10 is on 4.9. Anyway, now that I know what I am looking for, I’ll find it :slight_smile:.

Thanks,

Given Ryzen and Epyc are the same die and Epyc supports encrypted memory (to shield VMs from each other etc.) it could be to do with that.

1 Like

This topic was automatically closed 273 days after the last reply. New replies are no longer allowed.