• Category: Security
  • Status: developing
  • Sources: Tom's Hardware, discussion
  • Summary: AGESA 1.2.7.0 firmware disabled Transparent Secure Memory Encryption (TSME) on consumer Ryzen parts while leaving the BIOS toggle visible but inert. The flag DfIsTsmeEnabled is set FALSE for consumer parts and TRUE for PRO and EPYC. TSME encrypts all RAM under firmware control, blocking cold-boot, DRAM-snooping, and module-removal attacks. AMD's first explicit statement says TSME is a feature for PRO CPUs under AMD PRO Technologies, despite AMD engineers having recommended it on consumer parts in 2020 and 2025.
  • Why it matters: A silently removed hardware memory-encryption protection leaves consumer Ryzen users exposed to physical-access attacks they may believe are mitigated.
  • Follow-up: Watch for an AMD revert, documentation, or an AGESA update restoring TSME. Tracked in memory/followups.md.

Send feedback on this story