AMD to Reinstate TSME Memory Encryption on Ryzen 9000 CPUs

AMD has announced plans to reinstate the Transparent Secure Memory Encryption (TSME) feature for consumer Ryzen 9000 series CPUs via a BIOS update in July. According to a report by Tom’s Hardware, the company stated that it would re-enable TSME on non-PRO Ryzen 9000 chips “based on valuable community feedback.”

TSME is a firmware-level memory encryption feature that allows the processor to generate keys to encrypt data stored in RAM. This serves as a defense layer against cold boot attacks, preventing physical attackers from extracting sensitive data from memory following an abrupt shutdown.

The Removal of TSME

Earlier this year, AMD quietly disabled the TSME feature through the AGESA 1.2.7.0 firmware update. This change was first discovered by Ars Technica journalist Ben Kilpatrick while conducting a security audit on a new machine equipped with a Ryzen 7 9700X processor. Kilpatrick confirmed the removal of TSME from AGESA 1.2.7.0 with assistance from his motherboard vendor, MSI.

Following his discovery, Kilpatrick filed a bug report on AMD’s GitHub repository. In response, Mario Limonciello, AMD’s Senior Principal Software Engineer, stated, “We are sorry, but we have no additional information to share on this topic.”

With no further comments from AMD, it appeared the company had disabled TSME in consumer-grade parts to differentiate them from its PRO lineup. While TSME is not crucial for most consumer desktops, as the attacks it prevents require physical access to the device, criticism arose from the community, arguing there was no reason to remove a feature previously available.

AMD’s Official Statement and Decision to

Reinstate

AMD released the following statement to Tom’s Hardware:

“Our company takes the security of customer data very seriously. AMD Memory Guard (Transparent Secure Memory Encryption, TSME) is a hardware-based memory encryption technology available on Ryzen PRO desktop and mobile processors supported by silicon. This is a foundational security feature.”

They added, “Based on valuable community feedback, we will reinstate firmware memory encryption (TSME) on non-PRO Ryzen 9000 desktop CPUs in a BIOS update scheduled for July.”

AMD has explicitly confirmed that the feature will return in July through AGESA-based BIOS updates provided by motherboard vendors, allowing users to reactivate TSME functionality.

The Security Significance of TSME

While TSME is branded as Memory Guard for Ryzen PRO processors, it is also hardware-supported in consumer-grade CPUs. By encrypting data stored in DRAM, TSME protects systems from cold boot attacks, a physical attack method where DRAM modules are cooled down and their contents read before data dissipates. This technique poses risks of extracting sensitive information such as encryption keys, passwords, and personal data.

In most consumer desktop environments, physical attacks are less of a realistic threat. Desktops are often stationary in offices or homes, whereas laptops and mobile devices face higher risks of theft. Despite this, the community argued that, since the feature is supported by hardware, users should be given the option to enable it. Without an official statement from AMD, many interpreted the removal as an intentional differentiation between PRO and non-PRO products.

Impact on the Industry and Evaluation

AMD’s decision to reverse course highlights the importance of transparency regarding the availability of enterprise-grade security features in consumer products. The move also reflects the growing expectation among users for clearer communication about security features.

However, AMD’s lack of explanation during the removal of TSME in AGESA 1.2.7.0 raises questions about the company’s communication practices with its community. When security features are silently disabled through firmware updates, users may struggle to accurately assess the security posture of their systems. This issue underscores the broader need for visibility into how software and firmware changes impact security—a concern seen in recent reports, such as the revelation of the Microsoft Defender privilege escalation vulnerability “RoguePlanet”.

The reinstatement of TSME suggests AMD may be positioning Ryzen 9000 series CPUs for workstation use in enterprise and research environments, where memory encryption is often a critical component of physical security. Following the July BIOS update, users will have the option to enable or disable TSME based on their own risk assessments.

Editorial Opinion

This case serves as an important example of the significance of transparency in security features and the need for user choice. While TSME is tailored to specific attack scenarios, removing a previously available feature without notice can erode trust between users and vendors. AMD’s responsiveness to community feedback and prompt announcement of the feature’s reinstatement are commendable.

In the long term, CPU vendors must establish clearer guidelines for the inclusion of hardware-based security features. If differentiation between PRO and non-PRO products is based on security capabilities, companies must communicate these standards and implications transparently to users. This issue is part of broader discussions surrounding features like Intel’s SGX and AMD’s SEV-SNP, which are designed for virtualized security environments.

The editorial team recommends that users adopt the habit of regularly verifying their system’s security feature statuses. Firmware updates like AGESA or UEFI can occasionally introduce security changes without explicit disclosure. After applying the July BIOS update, users should verify TSME functionality and assess any potential performance impact from enabling the feature.

References

• AMD will reinstate memory encryption on Ryzen 9000 CPUs through a BIOS update in July — TSME is coming back after ‘valuable community feedback’ — Published on 2026-06-19
• Microsoft Defender privilege escalation vulnerability “RoguePlanet” disclosed — Internal link