AMD has removed Transparent Secure Memory Encryption (TSME) from consumer-grade Ryzen processors, a security feature that had protected the chips against cold boot attacks and physical memory exploits for years. The removal appears to have been covert, undocumented, and only discovered when users running security audits found the feature suddenly unavailable.
TSME encrypts the entire contents of a system's memory, making captured data useless to attackers who gain physical access to the machine. AMD introduced the protection on high-end CPUs a decade ago and gradually extended it to lower-end consumer Ryzen chips over time. Users had grown accustomed to the added layer of defense.
The discovery came in April when Ben Kilpatrick, a Linux user, ran Host Security ID (HSI)—AMD's own firmware and hardware security auditing tool—on his Ryzen 7 9700X from the Zen 5 architecture. The output showed "encrypted RAM: not supported," despite TSME being enabled in BIOS settings. Earlier HSI reports on the same machine had indicated TSME was active.
Kilpatrick's monthslong investigation traced the change to a firmware update. Testing by motherboard manufacturer MSI revealed that consumer Ryzen CPUs enabled TSME when running older AGESA firmware versions (AMD's Generic Encapsulated Software Architecture, which initializes hardware at boot). When AGESA version 1.2.7.0 or newer loaded instead, TSME showed as unsupported. Pro versions of the same Ryzen processors continued to support TSME across all firmware versions and motherboards tested.
AMD has not explained the change. When contacted by Ars Technica, the company declined to answer questions beyond a single statement: TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies." This marks the first known time AMD has publicly confirmed the restriction.
Two AMD software engineers engaged with Kilpatrick's bug report on the company's public GitHub repository. Both suggested the issue was a BIOS configuration problem and recommended disabling and re-enabling the TSME setting—a troubleshooting step that did not resolve it. When presented with MSI's controlled testing results showing the feature disabled on consumer processors and enabled on Pro models running the same motherboard and BIOS, one engineer offered no further comment.
The distinction between deliberate policy and accidental regression carries significant weight. If intentional, AMD made a conscious decision to remove a working security feature from consumer hardware and restrict it to enterprise customers—a move that would strip a protection users had relied on. If unintentional, it represents a firmware bug that requires correction. Either scenario underscores the same technical reality: the silicon is capable of TSME, the change occurred in firmware, and AMD has declined to explain it.