Ben Kilpatrick expected his new Ryzen system to deliver the same protections it always had. In April he installed a fresh operating system on a machine powered by a Ryzen 7 9700X. He ran Host Security ID, a tool that audits firmware and hardware safeguards. The output stunned him. Encrypted RAM had flipped from supported to not supported. Nothing in the BIOS had changed. No warning appeared.
Kilpatrick, a privacy-conscious Linux hobbyist, spent months chasing answers. He filed a detailed bug report on AMD’s public GitHub repository for SEV development. Two AMD engineers responded at first. Tom Lendacky, a fellow software engineer at the company, said he did not know the cause and suggested toggling the BIOS option. Mario Limonciello, a principal member of technical staff who maintains the Linux firmware update tool fwupd, offered the same advice. Neither fix worked. The conversation went cold.
So Kilpatrick turned to MSI, the maker of his motherboard. Engineers there agreed to run controlled experiments. They tested a consumer Ryzen 9800X3D and a Ryzen 9945 PRO on the same Asus X870E board with identical BIOS versions. The PRO chip reported TSME status of 1. The consumer part returned 0. Memory captures from the AMD Boot Loader inside AGESA firmware version 1.2.7.0 showed an internal flag called DfIsTsmeEnabled set to FALSE on the consumer processor no matter how the BIOS option was configured. On the PRO chip the flag read TRUE when enabled.
The silicon in both processors is the same. The difference lies entirely in firmware policy. And that policy changed without notice.
TSME, short for Transparent Secure Memory Encryption, has protected AMD systems for a decade. It generates a fresh AES key inside the secure processor at every boot. The key never leaves the chip. Every byte in RAM gets encrypted before it is written and decrypted on the way back to the CPU. The process happens below the operating system. Users never see it. Cold-boot attacks that freeze RAM modules and read residual data become useless. So do attempts to snoop the DRAM bus or yank modules from a running system.
Related technology called Secure Memory Encryption gives the OS control over individual pages and has always been restricted to PRO and EPYC parts. TSME was different. It activated silently from the BIOS and worked on consumer Ryzen chips for years. AMD engineers had confirmed as much in public discussions. In 2020 Lendacky stated that a Ryzen 3700X should support TSME. As recently as 2025 he recommended its use on a consumer processor in the same thread. The Next Web reported that the feature operated without fanfare until AGESA updates began disabling it.
Yet AMD now draws a hard line. In response to questions from reporters the company issued a single statement. TSME “is a security feature only applied to PRO CPUs as part of AMD PRO Technologies.” That sentence marks the first explicit public restriction. The chipmaker declined to answer further questions or explain why a working capability vanished from millions of sold systems.
Users noticed the shift only through specialized tools. Windows offers no straightforward way to check. Linux users must run HSI or read specific CPU registers. The BIOS toggle remains visible. It simply does nothing on consumer parts. Newer AGESA versions fused the behavior off at boot time. On some recent models such as the Ryzen AI Max+ 395 the restriction appears baked into silicon segmentation, making software restoration impossible. Crypto Briefing noted that the performance cost of TSME typically stays below 5 percent according to AMD’s own documentation, a small price for always-on defense.
The discovery has angered privacy advocates and security researchers. Physical attacks on memory remain rare for average users. They matter to journalists carrying sensitive sources, activists in hostile regions, and operators of cryptocurrency nodes who keep private keys in RAM. One expert in silicon security, Joe Fitzgerald, told Ars Technica that AMD owes its customers clarity. “They could have not realized they did it leading to their cagey responses, or they could have done it intentionally and tried to get away with it.” Either explanation leaves a sour taste.
Discussions on forums and X reflect broader frustration. Some argue the feature was never officially supported and therefore never promised. Others point out that years of silent functionality created an expectation. When that expectation disappeared without documentation or rollback path, trust eroded. Ars Technica detailed how the change traces directly to AGESA 1.2.7.0 and how MSI’s BIOS team confirmed the flag behavior across multiple boards.
But the silence from AMD persists. Limonciello’s final reply on the GitHub thread read simply, “My apologies; but I don’t have any more information to share on this topic.” Kilpatrick had asked whether the flag change represented a silicon limit or a deliberate policy. The question still has no answer.
Industry watchers see parallels with past decisions on feature segmentation. PRO processors carry higher prices and target corporate buyers who demand management tools and certification. Consumer parts compete on cost and raw performance. Encryption at the memory controller adds minor validation overhead during binning. Restricting it sharpens the line between tiers. Yet the method of restriction raises questions about transparency. Systems sold with the feature active received a firmware update that removed it. Owners learned of the loss only if they ran the right diagnostic at the right time.
Intel offers Total Memory Encryption on many of its client CPUs, providing a comparable always-on protection. The contrast has not gone unnoticed among buyers weighing platforms for sensitive workloads. AMD’s EPYC server line and PRO desktop chips continue to ship with full TSME support. Consumer Ryzen, long the heart of enthusiast and small-business builds, no longer does.
Kilpatrick’s persistence forced the issue into public view. His tests, combined with MSI’s engineering cooperation, produced hard data instead of speculation. The GitHub issue now stands as a record of what happened and what was not explained. For an industry that markets silicon-level security as a selling point, the episode highlights a gap between engineering capability and customer communication.
So far AMD shows no sign of reversing course or issuing updated firmware that restores the flag on consumer SKUs. The company has not commented on whether future Zen generations will follow the same split. Users who value the protection must now buy PRO models or accept the risk. Many will never notice the difference. A smaller but vocal group feels the change removes a defense they had quietly relied upon for years. The lack of notice only sharpens the sting.
Hardware security features rarely generate headlines until they break or disappear. This case proves the rule. The silicon could encrypt memory. It did for a long time. Then one day it stopped. And nobody at AMD wanted to talk about why.
WebProNews is an iEntry Publication