AMD stripped memory encryption from consumer CPUs without notice

AMD quietly disabled TSME on consumer Ryzen chips

In April, a privacy-focused Linux user named Ben Kilpatrick discovered that TSME (Transparent Secure Memory Encryption) no longer functioned on his Ryzen 7 9700X consumer CPU, even though he had the feature enabled in BIOS. The Host Security ID auditing tool showed "encrypted RAM: not supported," contradicting earlier HSI runs on the same machine that had confirmed TSME was active.

Kilpatrick's investigation revealed the cause: AMD's AGESA firmware version 1.2.7.0 introduced a flag called DfIsTsmeEnabled that forces TSME to FALSE on consumer SKUs while keeping it TRUE on Pro and EPYC processors. Testing by MSI engineers across multiple motherboards and chipsets confirmed the pattern. Pro-tier Ryzen CPUs retained TSME support across all AGESA versions; consumer models lost it in the newer firmware.

TSME encrypts all system RAM at the firmware level, protecting against physical attacks including cold boot exploits, DRAM snooping, and memory module theft. The feature is invisible to the operating system and works silently when enabled. It is distinct from SME (Secure Memory Encryption), which is OS-managed and requires application-level involvement.

AMD has not published an official announcement of the change. When contacted by Ars Technica, the company stated only that TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies." This marks the first time AMD has publicly restricted TSME to the Pro tier, despite years of evidence that consumer CPUs shipped with the feature functional.

The silence, not the decision, is the breach of trust

Two AMD engineers directly engaged with Kilpatrick's GitHub bug report. Tom Lendacky, an AMD fellow software engineer, suggested toggling BIOS settings. Mario Limonciello, AMD's senior principal software engineer, offered the same troubleshooting advice. When Kilpatrick later reported MSI's technical findings showing the firmware deliberately blocks TSME on consumer chips, Limonciello replied: "My apologies; but I don't have any more information to share on this topic."

This matters because AMD engineers had explicitly endorsed TSME on consumer CPUs as recently as 2025. In a public forum thread, Lendacky wrote that the Ryzen 3700X "should support TSME" and recommended users enable it via BIOS. No public statement warned users that this support would be revoked in a firmware update.

Joe Fitzgerald, a silicon-level security expert interviewed by Ars, noted the ambiguity cuts both ways. "They could have not realized they did it leading to their cagey responses, or they could have done it intentionally and tried to get away with it, leading to the same cagey responses. But I really feel like an explanation should be in order, even if it was 'TSME was never supposed to be supported.'"

On Windows machines, the removal is nearly undetectable. On Linux, discovery requires running HSI and understanding the output well enough to recognize the change. For users who built threat models around TSME availability, the silent removal bypassed informed consent.

Document your current security posture before the next BIOS update

If you deploy or own Ryzen consumer CPUs in security-sensitive roles, log the current HSI output (or equivalent firmware audit data) before accepting any motherboard BIOS updates. Capture TSME status, AGESA version, and CPU SKU in a table you can reference if a future update changes behavior.

Report any unexpected changes to your motherboard vendor's support team immediately, with HSI output attached. If AMD's intent was deliberate policy, early reports may pressure a public statement. If it was a regression, documenting the pattern helps vendor engineers prioritize a fix.

For teams standardizing on Ryzen CPUs for confidential computing, treat TSME as enterprise-only in future procurement decisions unless AMD clarifies the consumer path in writing.