AMD pulls memory encryption from consumer Ryzen CPUs

AMD has removed Transparent Secure Memory Encryption (TSME) from a recent run of consumer Ryzen processors without advance notice. TSME encrypts the entire contents of system memory to defend against cold-boot and other physical attacks, and users of lower-end Ryzen models had grown accustomed to having the protection available.

The change came to light when privacy-conscious Linux user Ben Kilpatrick ran Host Security ID (HSI) while reinstalling an OS on a Ryzen 7 9700X and saw “encrypted RAM: not supported” despite TSME being enabled in the BIOS. MSI and Gigabyte engineers found older AGESA firmware enabled TSME for those consumer chips, while AGESA version 1.2.7.0 returned a status of “not supported.” Pro CPUs continued to show TSME enabled across firmware versions.

AMD has not explained the reason for the change beyond saying TSME “is a security feature only applied to PRO CPUs as part of AMD PRO Technologies.” Engineers who engaged on the public bug thread said they had no further information.

amd, tsme, ryzen, 9700x, encrypted ram, agesa, msi, gigabyte, amd pro, hsi