AMD Quietly Removes Memory Encryption from Consumer Ryzen CPUs, Sparking User Outcry

AMD has quietly disabled Transparent Secure Memory Encryption on its consumer Ryzen CPUs through recent firmware updates, removing a physical memory protection that had been available for years without explanation. The move was uncovered by a Linux hobbyist who noticed TSME had stopped working despite remaining enabled in the BIOS.

According to a report by Ars Technica, privacy-conscious Linux user Ben Kilpatrick spent months investigating after TSME on his consumer Ryzen processor ceased functioning. He persuaded MSI engineers to test multiple CPUs, motherboards, and firmware versions, ultimately filing a public bug report that traced the change to newer AMD AGESA firmware. The firmware appeared to disable TSME on consumer chips while retaining it on Pro and EPYC models.

A Decade-Old Protection Disappears Without Warning

TSME encrypts all data stored in system memory, protecting against physical attacks such as cold boot exploits, DRAM interface snooping, and memory module removal. Unlike the OS-managed Secure Memory Encryption, TSME is firmware-managed, encrypts all RAM with no OS involvement, and activates silently via BIOS settings. AMD introduced it in high-end CPUs about a decade ago and later extended it to consumer Ryzen chips, where it worked reliably for years.

Key facts about the change:

• TSME was silently disabled through AGESA firmware updates on consumer Ryzen processors.
• Kilpatrick discovered the issue on Windows and Linux systems; Windows users had no way to detect the change.
• AMD declined to answer detailed questions, stating only that TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies."
• AMD has never publicly advertised TSME as a feature of consumer chips, but the protection was present and functional for years.
• Silicon security expert Joe Fitzgerald said AMD owes users an explanation, even if the company says TSME was never officially supported.

Users Feel Betrayed, Seek Accountability

For users like Kilpatrick, AMD's silence and the unilateral removal of a security feature feel like a betrayal. The chipmaker had conditioned users to expect TSME on consumer processors through years of functionality and through comments from AMD engineers in public forums. Kilpatrick filed a bug report citing those interactions as evidence that TSME was considered a legitimate part of the chip package.

Joe Fitzgerald, a silicon security researcher, told Ars Technica the company could have removed TSME accidentally or intentionally. He argued that regardless of motive, AMD should provide a clear explanation. Fitzgerald suggested AMD could simply state that TSME was never supposed to be supported on consumer chips and that earlier firmware erroneously enabled it.

There is no indication of a broader security vulnerability or recall. Users who require TSME protection must now purchase AMD Pro or EPYC processors. The incident highlights the growing friction between hardware vendors and users when features are removed without notice, particularly in cases where the line between marketing and actual capabilities is unclear.