AMD Quietly Drops Memory Encryption Feature from Consumer Ryzen CPUs

According to an investigation by Ars Technica, AMD has quietly removed a memory encryption feature from its consumer-focused Ryzen processors after years of inclusion. This feature, known as Transparent Secure Memory Encryption (TSME), is used to encrypt a system’s memory content and prevent possible physical exploits that unencrypted memory data could be vulnerable to. Reportedly, AMD introduced TSME about a decade ago and began shipping it across all of its processors, including regular Ryzen, professional Ryzen Pro, Threadripper, and EPYC solutions. However, a random test on a Ryzen 7 9700X CPU, which uses “Zen 5” IP, has highlighted the absence of TSME support in consumer chips. In various exchanges between AMD engineers and some security professionals, the investigation led to a single response from AMD stating that “TSME is a security feature only applied to PRO CPUs as part of AMD PRO Technologies.”

AMD has reportedly removed the feature quietly without prior notice. Discovering that the feature is missing is incredibly difficult on Windows-based machines, but still possible on Linux-based OS installations. Under a Linux-based OS, checking for firmware security revealed a missing encrypted RAM flag, despite TSME being enabled in the BIOS previously. It turns out that starting with the AGESA 1.2.7.0 build and in future AGESA versions, AMD has systematically removed the feature from its consumer Ryzen processors. After further investigation and inquiries to AMD, there is no information on whether the AGESA firmware is disabling this feature or if newer CPUs will ship with TSME disabled at the silicon level. All we know so far is that the feature is no longer present after years of being included on the consumer side.

Finally, AMD is now reserving the feature for the AMD PRO section of its CPU products. Adding TSME to the PRO-exclusive list of features is another clear product distinction, indicating AMD’s plan to differentiate its lineup from traditional consumer offerings. Interestingly, AMD never advertised TSME to consumers, but it was a nice added benefit. However, for those interested in additional security layers, especially in enterprise environments, switching to the PRO series of Ryzen CPUs might be a good idea.