• Category: Security
  • Status: developing
  • Sources: Tom's Hardware, TechPowerUp, discussion
  • Summary: A newer AGESA firmware (1.2.7.0) disabled Transparent Secure Memory Encryption (TSME) on consumer Ryzen parts without a visible change in the BIOS, which still shows the TSME toggle. The behavior was found by a Linux user, Ben Kilpatrick, on a Ryzen 7 9700X when Host Security ID reported TSME unsupported despite the BIOS option being enabled; the firmware flag DfIsTsmeEnabled is now set FALSE for consumer parts and remains TRUE for PRO and EPYC parts. TSME encrypts all of RAM under firmware with no OS involvement and, when active, blocks physical attacks such as cold-boot exploits, DRAM-interface snooping, and reading a removed memory module on another machine. AMD declined to answer detailed questions beyond stating that TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies," the first known explicit statement of that restriction; AMD engineers had previously recommended TSME on consumer parts in 2020 and 2025.
  • Why it matters: Machines that relied on transparent memory encryption against physical attacks lost it through a firmware update with no UI change, so threat models assuming TSME on consumer Ryzen need revisiting.
  • Follow-up: Track an AMD official statement and whether the change is reverted or documented.

Send feedback on this story