AMD will reinstate memory encryption on Ryzen 9000 CPUs through a BIOS update in July — TSME is coming back after 'valuable community feedback'

AMD will reinstate Transparent Secure Memory Encryption (TSME) on desktop Ryzen 9000 processors in July. The feature is branded as Memory Guard for AMD's Ryzen PRO lineup, but it's available on non-PRO CPUs, as well. Earlier this year, AMD quietly removed the feature with AGESA 1.2.7.0, which Ars Technica reported on earlier this week. AMD tells Tom's Hardware that it's bringing TSME back to non-PRO Ryzen 9000 chips "based on valuable community feedback."

TSME is a firmware-level encryption feature for memory. It allows the processor to generate a key in order to encrypt data stored in RAM, serving as a layer of protection against cold boot attacks, where a sudden shutdown can allow a physical attacker to extract sensitive data stored in memory.

According to the Ars Technica report, AMD confirmed TSME support on consumer CPUs as far back as 2020 with the Ryzen 7 3700X. The author of the story, Ben Kilpatrick, discovered TSME's removal after running a security audit on a new machine with the Ryzen 7 9700X. After discovering that TSME was no longer supported, Kilpatrick worked with MSI (his motherboard vendor) to confirm that TSME had previously been supported but was disabled in AGESA 1.2.7.0.

Following the discovery, Kilpatrick raised a bug report on AMD's GitHub repository, where Mario Limonciello, a senior principal software engineer at AMD, eventually responded: “My apologies, but I don’t have any more information to share on this topic."

Without any comment from AMD, it appeared as though the company disabled TSME through firmware on its consumer parts in order to differentiate its PRO lineup. TSME isn't a critical security feature for most consumer desktops, as it protects against attacks where the attacker needs physical access to the device. Still, if it was previously a capability, there's no reason TSME should be disabled through firmware.

Now, AMD has responded to Tom's Hardware with the following statement:

"We take the security of our customers’ data very seriously.

AMD Memory Guard (Transparent Secure Memory Encryption, or TSME) is a hardware-based memory encryption technology available on our Ryzen PRO desktop and mobile processors where supported in silicon. It is a foundational security feature, and we have no plans to remove support from our Ryzen PRO lineup. This commitment holds now and in the future.

Regarding certain non-PRO Ryzen 9000-series desktop processors, a BIOS option to enable Memory Guard was previously available but was removed in a recent update. Based on valuable community feedback, we will reinstate this option in an upcoming BIOS release in July."

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.