AMD Strips Memory Encryption From Consumer Ryzen CPUs

7 min read Original article ↗

AMD has quietly removed a security feature from its consumer Ryzen processors, and it never told customers. The protection, called Transparent Secure Memory Encryption (TSME), scrambles everything held in system memory so an attacker with physical access reads only noise. For years it worked on low-cost Ryzen chips. Then it stopped — silently, with no notice, and in a way Windows users had no simple way to catch. When asked, AMD confirmed only that TSME now belongs to its PRO line.

AMD AI microchip. Image credit: AMD
AMD AI microchip. Image credit: AMD

Key Takeaways

  • TSME, which encrypts all of system memory against physical attacks, no longer switches on for consumer Ryzen chips even when the BIOS enables it.
  • AMD made the change through firmware (AGESA 1.2.7.0) with no announcement, and confirms only that the feature is now reserved for PRO processors.
  • Engineers traced an internal flag, DfIsTsmeEnabled, reading FALSE on consumer parts and TRUE on PRO and EPYC parts, but AMD declined to say whether the limit is silicon or policy.

A Routine Security Check Started It

In April, Ben Kilpatrick, who calls himself a privacy-conscious Linux hobbyist, installed a fresh operating system on a machine running a Ryzen 7 9700X built on AMD’s Zen 5 architecture. He ran Host Security ID (HSI), a tool that audits firmware and hardware security settings, to confirm his protections were active.

One line stopped him. Encrypted RAM showed as not supported. The same tool’s log showed that TSME had previously read as encrypted. Kilpatrick had kept the option switched on in his BIOS the entire time.

MSI Tests Confirm the Pattern

Kilpatrick spent months chasing an answer. He pressed engineers at MSI, the maker of his motherboard, until they agreed to run tests.

They found that consumer Ryzen chips on MSI and Gigabyte boards kept TSME working under an older firmware delivered through AGESA, AMD’s firmware framework. Swap to a newer release, version 1.2.7.0, and TSME reported as not supported. PRO Ryzen chips kept the feature across both boards and both firmware versions.

MSI went further. On an Asus X870E board, the team set a consumer Ryzen 9800X3D against a PRO Ryzen 9945. Kilpatrick relayed the result: “They [MSI support personnel] also conducted controlled testing on an Asus X870E motherboard with a Ryzen 9800X3D (consumer) and a Ryzen 9945 (PRO), finding tsme_status = 1 on the PRO processor and tsme_status = 0 on the consumer processor with the same board and BIOS.” A 1 meant the protection was on. A 0 meant off.

Then came a blunt message from MSI’s marketing side. “MSI’s product marketing team has informed me that AMD officially communicated to MSI that TSME is exclusively supported on PRO series processors,” Kilpatrick wrote.

The deepest evidence came from the AMD Boot Loader, the AGESA component that prepares hardware before the operating system loads. An internal flag named DfIsTsmeEnabled controls whether TSME activates during firmware startup. MSI’s memory dumps showed it reading FALSE on the consumer chip and TRUE on the PRO part. As Kilpatrick put it: “Their BIOS engineer also provided ABL dump comparisons showing DfIsTsmeEnabled returning FALSE for the 9800X3D regardless of whether TSME is set to AUTO or ENABLED in BIOS, while the 9945 returns TRUE when TSME is ENABLED.”

AMD’s Engineers Go Quiet

Kilpatrick filed a bug report on AMD’s public engineering GitHub. Two AMD engineers stepped in. Tom Lendacky, an AMD fellow software engineer, said he didn’t know what caused the change and suggested toggling the BIOS option off and back on. “If that doesn’t work, my guess would be that it is a BIOS issue and you would want to contact MSI,” he wrote. Mario Limonciello, a senior principal software engineer who maintains the fwupd version of HSI, offered similar advice: “If it still doesn’t work; then yes please report it to your board vendor to debug,” he said.

Once the MSI findings landed, Kilpatrick asked the question that counted. “is DfIsTsmeEnabled being set to FALSE on consumer SKUs a silicon-level limitation, or is it a firmware policy decision within AGESA? The distinction matters quite a bit from a user perspective, since one is fixed and the other is potentially changeable.”

Limonciello closed the door. “My apologies; but I don’t have any more information to share on this topic.” The thread ended there.

Kilpatrick spelled out why the answer matters. “The big outstanding question is whether this is a deliberate policy decision by AMD to restrict TSME to PRO chips, or an unintentional regression that was introduced in AGESA 1.2.7.0,” he said. If it is policy, he noted, AMD chose to remove a working feature from consumer hardware. If it is an accidental regression, it is a bug AMD should fix. Either way, the silicon can do it, the change arrived through AGESA, and AMD has not explained it.

What TSME Actually Guards

AMD’s two memory protections are not the same. Secure Memory Encryption (SME) runs under the operating system. It uses a single key and lets the OS encrypt chosen memory pages. TSME runs under firmware. It encrypts all of RAM with no OS involvement, switches on silently once the BIOS enables it, and asks nothing of the user.

That last trait made TSME the practical one. When active, it blocks physical attacks: cold boot exploits, snooping on the DRAM interface, and pulling a memory module to read it on another machine. The performance cost stays low, with AMD’s own figures placing it under five percent. On Ryzen PRO parts, AMD sells the same protection under the name Memory Guard.

The loss bites hardest for people who treat a desktop as a security tool. Cold boot attacks are no lab curiosity; they remain a documented and realistic way to lift secrets straight out of memory. Anyone running a hardware wallet or managing private keys on a consumer AMD box loses a quiet layer of defense, even though the wallet’s own chip stays sealed. The host still touches keys during signing and setup, and unencrypted RAM widens the target. Users who keep large holdings in cold storage have long leaned on exactly this kind of background protection.

The change also sharpens the line between AMD’s consumer and business tiers. Rival Intel ships total memory encryption broadly across its modern chips, which makes AMD’s PRO-only stance look like a deliberate nudge toward pricier hardware for security-minded buyers. For teams that already track enterprise security tooling closely, the takeaway is plain: verify what each SKU actually enables rather than trusting past behavior. The episode is one more reason managing security risk keeps getting harder — a feature that worked for years can vanish from a product line overnight, with no changelog entry to mark its exit.

Users Feel Shortchanged

AMD has never advertised TSME as a consumer feature, and has long said SME sits in the PRO and EPYC tiers alone. Yet in 2020, Lendacky himself wrote that a consumer Ryzen 3700X “should support TSME,” and in a 2025 follow-up he recommended it: “I recommend using TSME (Transparent SME), but it is a BIOS option that needs to be exposed by your BIOS provider,” he said. Years of the feature working on cheaper chips taught buyers to count on it.

Joe Fitzgerald, a specialist in silicon-level security, sees two possibilities, neither flattering. “They could have not realized they did it leading to their cagey responses, or they could have done it intentionally and tried to get away with it, leading to the same cagey responses,” he said in an interview. “But I really feel like an explanation should be in order, even if it was ‘TSME was never supposed to be supported. We did ship some firmwares that erroneously enabled it, but you shouldn’t use them since we can’t guarantee it’ll work properly.'”

For now, AMD has said nothing more, and consumer Ryzen owners who valued the protection are left to confirm, chip by chip, whether it still works.

Written by Alius Noreika