Do Son 
AMD introduced Transparent Secure Memory Encryption (TSME) in 2016 alongside its Zen architecture. Initially, the company reserved this feature for high-end processors. Later, AMD expanded TSME support across its entire Ryzen lineup. Users could simply enable this memory encryption via a standard BIOS update. This accessibility applied to both commercial and everyday consumer processors.
Understanding Transparent Secure Memory Encryption
TSME represents the transparent mode of Secure Memory Encryption (SME). This technology encrypts all system memory using a single cryptographic key. The AMD Secure Processor generates this unique key during the boot sequence. Furthermore, this key never leaves the secure silicon environment. Consequently, the encryption process remains completely transparent to the operating system and applications.
Users simply activate the feature within their standard BIOS settings. Activating TSME provides robust protection against cold boot attacks. Additionally, it thwarts hardware-level threats like physical memory theft. Many experts consider this a fundamental security standard for modern processors. However, AMD has mysteriously removed TSME from consumer processors through recent BIOS firmware updates.
A Silent Feature Removal
Recently, AMD revoked TSME support on mid-range and entry-level Ryzen processors via BIOS updates. Crucially, the company excluded this significant change from their release notes. They also failed to provide any official public explanation. When journalists investigated why users cried foul after AMD stripped memory crypto, representatives claimed TSME belongs exclusively to the AMD PRO technology suite.
Officially, AMD never explicitly promised TSME support for consumer Ryzen chips. Nevertheless, the reality remains that users enjoyed these capabilities for years. Therefore, this abrupt deletion feels like a betrayal to many loyal customers. This sentiment is especially strong because the silent disablement prevents users from reactivating the feature.
Discovering the Unannounced Change
A privacy-focused Linux enthusiast named Kilpatrick initially discovered this discrepancy. He noticed the BIOS still displayed an enabled TSME option. However, the underlying encryption mechanism completely failed to function. Consequently, Kilpatrick spent several painstaking months investigating the issue. He even convinced MSI engineers to test numerous processor, motherboard, and firmware combinations.
Ultimately, he submitted a public bug report to AMD outlining his specific findings. Unfortunately, AMD dismissed the report, stating it was not a bug. An AMD engineer explained that TSME simply worked flawlessly on cheaper processors for years. This accidental functionality led users to assume it was a permanent feature. In reality, the architecture only intended to support enterprise-grade AMD PRO processors.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
