AMD Removes Memory Encryption from Consumer Ryzen CPUs Without User Notification

AMD quietly disabled Transparent Secure Memory Encryption on its consumer Ryzen processors, leaving users unaware of the loss of this critical security feature.

Editorial Team · Jun 15, 2026 · 2 min read · Source: arstechnica.com

AMD has eliminated Transparent Secure Memory Encryption (TSME) from its consumer-grade Ryzen CPUs, a security measure that encrypts data in RAM to protect against physical attacks. This change occurred silently, without any advance notice or clear communication to users, sparking concern among privacy advocates and tech enthusiasts.

TSME was originally developed over a decade ago to prevent cold boot attacks and other methods where attackers could extract sensitive information directly from computer memory. While initially limited to AMD’s high-end CPUs, the feature gradually extended to lower-tier consumer processors, becoming a standard safeguard in many Ryzen models sold to everyday users. The recent removal of TSME from these consumer chips means that data stored in memory is no longer protected against such hardware-based exploits.

The change first came to light when a Linux user, checking his Ryzen 7 9700X’s security status, noticed that TSME was no longer supported despite BIOS settings indicating otherwise. Further investigation revealed that updated motherboard firmware using the AMD AGESA (Generic Encapsulated Software Architecture) platform had disabled TSME on consumer CPUs, while Pro versions retained the feature.

AMD has not publicly explained the reasoning behind disabling TSME in non-Pro Ryzen chips. The company confirmed in a brief statement that TSME is “a security feature only applied to PRO CPUs as part of AMD PRO Technologies,” marking the first official acknowledgment of this limitation. Meanwhile, the lack of transparency has left many users uneasy about the sudden reduction in memory security, especially since Windows systems provide no straightforward way to detect the feature’s absence.

This move shifts the responsibility onto consumers who rely on TSME for data protection without realizing the feature is no longer active. The absence of clear notifications or accessible monitoring tools complicates efforts to ensure hardware security. Users running Linux can detect the change with specialized tools like Host Security ID (HSI), but this requires technical knowledge far beyond the average user’s reach.