AMD restores memory encryption to consumer CPUs after user backlash

AMD reverses silent removal of memory encryption

Consumer AMD Ryzen processors will regain memory encryption protection in July after the company faced user backlash for removing the feature without warning. TSME (Transparent Secure Memory Encryption) encrypts all physical memory contents, defending against cold boot attacks and similar intrusions that require physical access to a machine.

AMD quietly stripped TSME from lower-end Ryzen 9000-series chips in a recent firmware update. The removal was impossible to detect on Windows and required Linux technical work to discover. Unlike hardware changes, this move required only software intervention, since the silicon itself remained capable of the encryption.

After Ars Technica reported the removal last week, social media filled with complaints from users. Critics noted AMD had supported TSME on consumer Ryzen processors for roughly a decade, making the deletion feel like a bait-and-switch. Over the weekend, AMD confirmed it will restore the BIOS option in a July firmware release. The company said in an email: "Based on valuable community feedback, we will reinstate this option in an upcoming BIOS release in July."

AMD has not explained the original removal. Possible explanations include performance concerns (memory encryption adds latency that affects gaming workloads), cost reduction, or an attempt to push users toward pricier Pro-series chips that retained the feature.

Firmware-only changes leave customers blind

This incident exposes how companies can alter security posture through software updates without user visibility or control. TSME required no silicon redesign; AMD simply disabled it via firmware. Consumer machines running older BIOS versions would have no way to know the protection had disappeared unless they specifically checked system logs or used Linux tools to audit memory encryption status.

For most consumer users, physical attacks are genuinely unlikely. Gamers and office workers do not typically face adversaries with hands-on hardware access. Some game developers explicitly advise users to disable TSME for performance reasons. However, the issue is not technical necessity but precedent and transparency. AMD had left the decision to enable or disable TSME to users for years. Removing the option silently violated that implicit contract.

The company's refusal to explain the change compounds the problem. Corporations once acknowledged product shifts to ensure customers could plan accordingly and adapt. Now, silence is the default. AMD did not respond to questions from Ars Technica about the rationale. Only when public pressure mounted did the company act.

What to do before the July patch lands

Document TSME status across your AMD Ryzen 9000 fleet now. On Linux, check dmesg output for memory encryption messages. On Windows, the feature is harder to audit visually, so assume affected systems are running without TSME until you verify otherwise.

Once AMD publishes the July firmware update, schedule deployment on a controlled cadence to avoid unplanned downtime. TSME re-enablement may require system restart but poses no compatibility risk. Test in a lab environment first to confirm performance impact on your workloads, since encryption does add latency proportional to memory bandwidth usage.

If you are evaluating AMD versus competing CPUs with always-on memory encryption, factor in AMD's willingness to toggle the feature silently. Verify whether your chip supplier's firmware update schedule includes security re-enablement as a formal step or an ad-hoc response to complaints.