AMD Removes Memory Crypto from Consumer CPUs, Users Cry Foul

A decade ago, AMD introduced a security feature in its high-end processors designed to shield against cold boot attacks and other physical exploits targeting memory chips. Known as Transparent Secure Memory Encryption (TSME), this technology encrypts the entire contents of memory, rendering stolen data useless to attackers with physical access.

Over time, AMD extended TSME to lower-tier processors, including the consumer versions of its Ryzen chips, which are more affordable than the Pro lineup. Users of these budget-friendly CPUs grew accustomed to this added layer of protection. However, recently and without any prior warning or announcement, AMD quietly removed TSME from these consumer-grade chips. The change went undetected on Windows machines and required significant technical effort to identify on Linux systems.

Now you see it, now you don’t

AMD has not explained why TSME was ever functional on these CPUs, nor has it confirmed the removal. When asked via email, the company declined to comment beyond stating that TSME “is a security feature only applied to PRO CPUs as part of AMD PRO Technologies.” This marks the first time AMD has explicitly made this limitation public.

In April, Ben Kilpatrick, a self-described “privacy-conscious Linux hobbyist,” was installing a new operating system on his machine equipped with a Ryzen 7 9700X based on the Zen 5 architecture. To verify all security protections were active, he ran the Host Security ID (HSI) auditing tool, which evaluates firmware and hardware security configurations.

To his surprise, HSI indicated that TSME was no longer available, displaying “encrypted RAM: not supported” near the bottom of the screenshot. A few lines above, the tool showed that TSME had previously been listed as “encrypted.” This baffled Kilpatrick, as he had consistently enabled TSME in his BIOS settings.