AMD Consumer Ryzen CPUs Reportedly Lose TSME Memory Encryption Feature

AMD's consumer Ryzen processors have reportedly lost Transparent Secure Memory Encryption (TSME), a security feature that encrypts the entire contents of memory to protect against physical attacks such as cold boot exploits and DRAM interface snooping.

Originally introduced in AMD's high-end CPUs a decade ago, TSME was later extended to include consumer versions of Ryzen chips. Users of these lower-end processors had become accustomed to the added security provided by TSME, which activates silently when enabled in the BIOS and operates without operating system involvement.

The removal of the protection was reportedly implemented without warning or notice, making detection impossible on Windows machines and requiring significant technical effort on Linux. A privacy-conscious Linux hobbyist, Ben Kilpatrick, discovered the change after months of investigation, tracing it to newer AGESA firmware that appeared to disable TSME on consumer chips while retaining it on Pro and EPYC models.

AMD has not publicly confirmed the change or provided an explanation, stating only that TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies." This marks the first known explicit public restriction of the feature by the chipmaker. There is no indication that AMD ever advertised TSME as being available in consumer CPUs.

TSME differs from Secure Memory Encryption (SME), which AMD has long stated is exclusive to Pro and Epyc CPU tiers. SME is OS-managed and allows for the selective encryption of individual memory pages. In contrast, TSME is firmware-managed and encrypts all RAM.

Joe Fitzgerald, an expert in silicon-level security, stated that an explanation from AMD is warranted, regardless of whether the change was accidental or intentional. Users who relied on the feature consider its quiet removal a "betrayal."

According to Ars Technica, as quoted by Slashdot, ...