Following the success of the Ryzen series and on the heels of the Epyc launch AMD readies yet another series of processors: the Ryzen Pro series. The difference this time is that this is directly targeting the corporate/enterprise environment workstations and seems to be focusing on security:
hese new CPUs will offer Windows 10 Enterprise Security support, AES 128-bit memory encryption and a 36-month warranty.AMD’s Ryzen Pro series CPUs will come with similar designs to their existing Ryzen desktop series CPUs, with comparable clock speeds and additional enterprise-grade features.
Personally it’s a shame that promoting this encryption features seems to be not nearly enough these days with so many vulnerabilities, ones that were known to government agencies, pop out everyday but AMD evidently thinks this is still an important feature to target the enterprise consumer. At this point it is not clear if they have the higher end SKU of the 1800 or 1800x with the offerings topping at the 1700x instead but since clockspeeds aren’t necessarily the central focus it seems to be a reasonable way to proceed forward
Here’s a few charts with the SKUs and how they plan to match them vs intel offerings:
Also on the Anantech article we can find a bit more info on the security features:
To explain what TSME is, it makes sense to refer to AMD’s Zen memory encryption technologies in general. The Zen microarchitecture features two important technologies: Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) that protect data in DRAM using a dedicated AES-128 engine.
When data is stored on storage devices, it is usually encrypted, but when it is being processed on a CPU or temporarily stored in RAM, it is almost never is, leaving open the possibility of snooping these unprotected areas. As the name suggests, Secure Memory Encryption encrypts content of DRAM in a bid to eliminate data snooping by unauthorized programs or administrators (this is more likely to happen in a server/datacenter environment, but still). This feature will be particularly important for NVDIMMs going forward as they store data even after unplugged from their hosts.
The SME encrypts data when it is written to DRAM and decrypts it when it is read. The AES-128 key is generated by a NIST SP 800-90-compliant hardware RNG and then managed by the AMD-SP hardware (thus, in a secure environment only). Although a dedicated engine performs the encryption/decryption, the process still takes time and thus adds latency to memory accesses. AMD claims that the actual performance impact is not significant, but we will have to test it ourselves before making any conclusions of our own. AMD’s Zen microarchitecture supports full and partial memory encryption for cases when performance is a concern. The one downside to this is that both partial and full encryption modes will require OSes and software to be modified in order to work properly.
More practical for daily workstation use is AMD’s Transparent SME mode. As the name impies, Transparent mode is transpartent to OSes and programs, and thus be used with legacy software. Transparent SME mode stil encrypts DRAM completely, and this mode can be enabled from BIOS. At this point Transparent SME is the only type of SME supported by the Ryzen Pro, but AMD’s EPYC processors support all of them.