AMD quietly disabled RAM encryption on some Ryzen CPUs and users want to know why

Skye Jacobs

Posts: 1,996   +58
Staff
TL;DR: About a decade ago, AMD added Transparent Secure Memory Encryption to its high-end processors to close a gap in hardware security. TSME encrypts everything in RAM, which blunts cold-boot attacks and other hands-on memory exploits targeting data as it sits on the DIMMs. Over time, the same mechanism quietly appeared on some consumer Ryzen chips as well. Then, after a recent firmware update, it stopped working there, and AMD has offered only a limited explanation for why.

Update (June 19): AMD has contacted us and offered an official response to this, confirming that the Memory Guard (TSME) option was intentionally removed from certain non-Pro Ryzen 9000-series desktop processors in a recent BIOS update. However, following community feedback, the company says it will restore the feature in a future BIOS release scheduled for July.

AMD emphasized that Memory Guard remains a core security feature of its Ryzen Pro lineup and said it has no plans to remove support from those products. The statement appears to resolve uncertainty around whether the disappearance of TSME was a bug or a deliberate change, while signaling that consumer Ryzen 9000 owners will regain access to the memory encryption option in the coming weeks.

The change came to light in April, when Ben Kilpatrick installed a new OS on a Ryzen 7 9700X system built on AMD's Zen 5 architecture. He describes himself as a "privacy-conscious Linux hobbyist," and part of his routine is to verify that hardware security features are switched on. To do that, he uses Host Security ID, a checker that inspects firmware and hardware configuration.

On earlier firmware, HSI had reported that RAM encryption was enabled on his machine. This time, the readout showed "encrypted RAM: not supported," even though TSME was still enabled in the BIOS.

A few lines lower, HSI showed that the same system had previously reported RAM as "encrypted." The mismatch between the BIOS setting and the current status is what prompted him to look for an explanation.

Kilpatrick contacted MSI, which made his motherboard, and pushed for tests across different boards and firmware versions. MSI engineers eventually confirmed that consumer Ryzen CPUs reported TSME as supported when an older version of AGESA, AMD's Generic Encapsulated Software Architecture, handled the firmware path during boot.

When systems booted with AGESA 1.2.7.0, those same chips reported TSME as "not supported." Pro-branded Ryzen parts did not change behavior. They showed TSME support across both MSI and Gigabyte boards and across AGESA revisions.

That pattern suggested the silicon was still capable of TSME and that the shift in behavior was tied to firmware. "The big outstanding question is whether this is a deliberate policy decision by AMD to restrict TSME to PRO chips, or an unintentional regression that was introduced in AGESA 1.2.7.0," Kilpatrick told Ars Technica. In his view, "either way the silicon is capable, either way the change happened in AGESA, and either way AMD has declined to explain it."

To get a more direct answer, he opened a bug report in AMD's public GitHub repository for its secure virtualization and memory features. Two AMD engineers responded. Tom Lendacky, an AMD fellow software engineer, said he did not know what caused the change and suggested toggling the BIOS setting: turn TSME off, then back on, and if that failed "my guess would be that it is a BIOS issue and you would want to contact MSI."

Mario Limonciello, a senior principal software engineer who maintains the fwupd implementation of HSI, gave similar advice: try again at the BIOS level, and if it still doesn't work, "then yes please report it to your board vendor to debug."

By the time Kilpatrick returned to the thread six weeks later, MSI had done more detailed analysis. He reported that MSI's product marketing team told him "that AMD officially communicated to MSI that TSME is exclusively supported on PRO series processors."

MSI engineers also broadened their tests. On an Asus X870E board, a Ryzen 9800X3D and a Ryzen 9945 were swapped in and out with the same BIOS configuration. With the Pro chip installed, the system reported tsme_status = 1. With the consumer chip, it reported tsme_status = 0.

The team then examined how AGESA made decisions early in the boot sequence. They captured the output of the AMD Boot Loader, a component within AGESA that runs before the OS, and compared internal state.

One flag, DfIsTsmeEnabled, determines whether TSME is actually turned on during firmware initialization. In the dumps MSI provided, DfIsTsmeEnabled returned FALSE for the Ryzen 9800X3D even when the BIOS had TSME set to AUTO or ENABLED. On the Ryzen 9945 and on Epyc parts, the same flag returned TRUE when TSME was enabled.

Kilpatrick pointed the engineers back to earlier commentary from AMD that showed a different stance. In a 2020 discussion about encryption support in AMD CPUs, Lendacky had written that a consumer-grade Ryzen 3700X "should support TSME," and later added, "I recommend using TSME (Transparent SME), but it is a BIOS option that needs to be exposed by your BIOS provider."

That history, combined with the years where TSME behaved as expected on some non-Pro chips, is part of why Kilpatrick and other users viewed it as a standard part of the package.

After presenting the new AGESA and ABL data, Kilpatrick put a precise question to the engineers: "is DfIsTsmeEnabled being set to FALSE on consumer SKUs a silicon-level limitation, or is it a firmware policy decision within AGESA? The distinction matters quite a bit from a user perspective, since one is fixed and the other is potentially changeable."

Limonciello replied, "My apologies; but I don't have any more information to share on this topic." AMD, responding separately by email, said that TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies."

AMD has long drawn a line between TSME and Secure Memory Encryption. SME, which the company has always described as limited to Pro and Epyc tiers, is managed by the operating system and can encrypt selected memory pages using a single key. TSME is managed in firmware and encrypts all RAM without any involvement from the OS. When enabled in BIOS, it operates silently but still protects against cold boot, DRAM bus snooping, and similar physical attacks.

For users who had built threat models around that behavior, the quiet removal of TSME from newer consumer-grade processors, combined with the absence of a detailed technical rationale, has been unsettling.

Joe FitzPatrick, who focuses on silicon-level security, argued that the lack of clarity is the main problem. "They could have not realized they did it leading to their cagey responses, or they could have done it intentionally and tried to get away with it, leading to the same cagey responses," he said. "But I really feel like an explanation should be in order, even if it was 'TSME was never supposed to be supported. We did ship some firmwares that erroneously enabled it, but you shouldn't use them since we can't guarantee it'll work properly.'"

Permalink to story:

 
As the saying goes, you either die a hero or you live long enough to become the villain
AMD isnt a hero or a villain. They are a multi billion dollar corporation that will take every opportunity to screw over their own consumers. From locking CPUs to motherboard serial numbers to refusing to address problems or support older hardware, AMD is arguably worse then either intel or nvidia.

Nobody should be surprised by this.

AMD ignored consumer complaints about performance for years, until nvidia published FCAT and piledrove AMD into the ground.

AMD left Evergreen users in the cold with broken drivers 3 years before fermi support ended (and fermi worked perfectly when support ended....).

AMD tried to lock 300 series chipset users out of 3000 series CPUs AND both 3 and 400 series users out of 5000 series, until public backlash forced them to change their stance.

AMD refused to support rDNA2 or 3 for FSR4 until continued backlash and low sales finally forced their hand. They are STILL playing mindgames about supporting rDNA 3.5.

AMD dropped rDNA2 from optimization after just 5 years.

I could go on. AMD is not "good" nor "evil", they are just a corporation, and should be treated as such. Buy their products if they are good value and suit your needs, and hold them to task when they repeatedly screw up.
 
This is such a nothingburger for home users, and 99.99% of business. No global enterprise or state level secrets to protect. No expert hackers with professionally designed tooling creeping up on their powered off computers.
 
I don't recall AMD ever advertising this for Ryzen CPU's, this isn't really worse than Intel or Nvidia when this feature isn't useful or needed for a majority of people. Have good antivirus, firewall, use an adblocker, have strong passwords, and you're more than good enough on security.
Meanwhile Nvidia refuses to address their melting power cable, shipped vibe coded drivers that disabled fans, took away the hotspot sensor because they assume people are too stupid. Nvidia is also the main cause behind the RAMpocalypse.
As for Intel, they hid their chip degradation issues for a year, threw the blame at mobo makers. Intel has a history of bribing OEM's, and using a compiler to hurt performance of competing CPU's, the Intel BOT tool is the latest example of benchmark cheating.
 
AMD should explain the decision, but they make it sound like a core feature that millions of users depended on was suddenly removed. For the overwhelming majority of desktop users, that's simply not the case.
 
The feature working for years and then disappearing through firmware makes this look less like a hardware limitation and more like someone discovered a security feature that had not yet been properly segmented into the premium tier.
 
Update (June 19): AMD has contacted us and offered an official response to this, confirming that the Memory Guard (TSME) option was intentionally removed from certain non-Pro Ryzen 9000-series desktop processors in a recent BIOS update. However, following community feedback, the company says it will restore the feature in a future BIOS release scheduled for July.

AMD emphasized that Memory Guard remains a core security feature of its Ryzen Pro lineup and said it has no plans to remove support from those products. The statement appears to resolve uncertainty around whether the disappearance of TSME was a bug or a deliberate change, while signaling that consumer Ryzen 9000 owners will regain access to the memory encryption option in the coming weeks.
 
I don't recall AMD ever advertising this for Ryzen CPU's, this isn't really worse than Intel or Nvidia when this feature isn't useful or needed for a majority of people. Have good antivirus, firewall, use an adblocker, have strong passwords, and you're more than good enough on security.
Meanwhile Nvidia refuses to address their melting power cable, shipped vibe coded drivers that disabled fans, took away the hotspot sensor because they assume people are too stupid. Nvidia is also the main cause behind the RAMpocalypse.
As for Intel, they hid their chip degradation issues for a year, threw the blame at mobo makers. Intel has a history of bribing OEM's, and using a compiler to hurt performance of competing CPU's, the Intel BOT tool is the latest example of benchmark cheating.
And exactly why no one should fan boy over any company.
Companies are just there to make a profit and will do anything within the rules of the law (and outside of those if they think they can get away with it) to achieve that.

Still, I'll get an AMD GPU over an NVIDIA one whenever the pricing for it makes sense. If AMD had a bigger piece of the pie it will benefit customers of both because of competition. AMD hasn't quite done NVIDIA Gameworks-like things yet either that absolutely tanked performance for the competitor in for example Crysis and The Witcher 3... and their software allowing overclocking/overvolting/fan curve customization etc all in one place is nicer imo. That said as soon as pricing goes 20%+in favor of NVIDIA I'm right back with team green (hasn't happened in ages).

In the CPU market they're big enough imo where I don't know if my next system will be Intel or AMD. Not that I'm even thinking about replacing the current system with what has become of hardware prices.
 
AMD isnt a hero or a villain. They are a multi billion dollar corporation that will take every opportunity to screw over their own consumers. From locking CPUs to motherboard serial numbers to refusing to address problems or support older hardware, AMD is arguably worse then either intel or nvidia.

AMD tried to lock 300 series chipset users out of 3000 series CPUs AND both 3 and 400 series users out of 5000 series, until public backlash forced them to change their stance.

AMD refused to support rDNA2 or 3 for FSR4 until continued backlash and low sales finally forced their hand. They are STILL playing mindgames about supporting rDNA 3.5.

I could go on. AMD is not "good" nor "evil", they are just a corporation, and should be treated as such. Buy their products if they are good value and suit your needs, and hold them to task when they repeatedly screw up.
- 300 series chipset issue: There is big difference between "it may work" and "it will work". AMD cannot promise support unless they are certain 5000-series CPUs will WORK and not just "work". Btw. AMD does not make motherboards so motherboard makers must also be able to promise support. You make it sound like Intel route (no viable CPU upgrade paths available at all) is indeed better way. Again, AMD never originally promised 5000-series support for 300-series motherboards and btw 5000-series is TWO CPU ARCHITECTURES newer than 1000/2000 -series. In fact AMD had basically no idea what Zen3 will be when 300-series chipsets were design complete. You are totally wrong here.

- RDNA2/3 and FSR4. AMD already made it clear it takes huge amount of work to make proper support. They are doing it but again, we are talking about 2025 tech for 2020 hardware, it's not just that easy.
 
Back