AMD has quietly disabled a critical memory encryption feature on consumer Ryzen processors through a firmware update — and its engineers have gone silent after being pressed for answers.

The feature, called Transparent Secure Memory Encryption (TSME), encrypts everything stored in your computer's RAM using a hardware-generated key that changes on every boot. It protects against cold boot attacks, physical memory theft, and hardware snooping. After AMD's AGESA 1.2.7.0 firmware update, that protection simply vanished on non-Pro Ryzen chips — with no warning, no documentation, and no way for Windows users to even know it was gone.

The Discovery

Privacy-focused Linux user Ben Kilpatrick discovered the change in April 2026 while installing a new operating system on a machine running a Ryzen 7 9700X, part of AMD's Zen 5 architecture. He ran a standard Host Security ID (HSI) audit and found: "encrypted RAM: not supported" — despite having TSME explicitly enabled in BIOS.

How TSME Works

TSME is a hardware security feature built into AMD processors since Zen launched in 2016. It uses a dedicated AES engine inside the CPU to encrypt all data written to system memory automatically. The encryption key is generated by AMD's Secure Processor during boot and is never exposed to the OS or applications.

The Evidence

MSI ran controlled tests: a Ryzen 9800X3D (consumer) and Ryzen PRO 9945 on the same motherboard. The PRO chip initialized TSME. The consumer chip did not. Analysis of AMD's AGESA firmware revealed an internal flag DfIsTsmeEnabled set to FALSE for all consumer SKUs regardless of BIOS settings.

AMD's Response

When presented with the evidence, AMD engineer Mario Limonciello stated: "My apologies, but I don't have any more information to share." AMD's only public statement claims TSME is a PRO-only feature — the first time they've publicly stated that, despite it working on consumer chips for years.

Read the full article: https://tekmag.thsite.top/amd-removes-tsme-memory-encryption-ryzen-cpus/