AMD has announced it will reinstate Transparent Secure Memory Encryption (TSME) for its consumer Ryzen 9000 series desktop processors. This decision comes after significant community backlash following the feature’s quiet removal in recent BIOS updates. TSME, a hardware-based memory encryption technology, was previously available on consumer chips but was seemingly restricted to Ryzen PRO processors.
Key Takeaways
- AMD will re-enable TSME on consumer Ryzen 9000 CPUs via a July BIOS update.
- The feature was removed without prior announcement, sparking community outcry.
- TSME protects against physical attacks like cold boot attacks by encrypting RAM.
- AMD initially stated TSME was exclusive to PRO processors but reversed its stance due to feedback.
The Removal and the Backlash
Transparent Secure Memory Encryption (TSME) is a hardware feature that encrypts data stored in system memory (RAM) using a dedicated AES engine. This provides an additional layer of security against physical intrusion methods, such as cold boot attacks, where attackers attempt to extract data from memory after power loss. While AMD marketed TSME as a feature for its Ryzen PRO line, it had been available on consumer-grade Ryzen desktop CPUs for some time.
The issue came to light when a Linux hobbyist discovered that TSME was no longer functional on their Ryzen 9000 series processor, despite being enabled in the BIOS. This discovery, made through firmware security audit tools, revealed that a recent AGESA update (AGESA 1.2.7.0) had effectively disabled the feature for non-PRO Ryzen chips, regardless of the BIOS setting. The removal was not accompanied by any official announcement, leading to frustration and accusations that AMD was silently removing features or attempting to gatekeep security capabilities for its higher-end PRO processors.
AMD’s Response and Reinstatement
Initially, AMD engineers provided unhelpful responses to bug reports, with one stating that TSME was “a security feature only applied to PRO CPUs as part of AMD PRO Technologies.” However, facing sustained pressure from the tech community and media outlets, AMD has now confirmed its intention to bring TSME back. In a statement, the company acknowledged that the BIOS option was removed but will be reinstated in an upcoming BIOS release scheduled for July. AMD cited “valuable community feedback” as the reason for this reversal.
Implications for Consumers and Security
The episode highlights concerns about the transparency of firmware updates and the potential for security features to be altered or removed without user knowledge. The AGESA update mechanism, distributed as a closed binary library, means that changes can be implemented at a low level, making them difficult for average users to detect, especially on Windows. The fact that TSME is physically present on the silicon for both consumer and PRO chips, with the difference being solely in the firmware’s instructions, further fueled the community’s dissatisfaction.
While the return of TSME is a positive outcome for consumers, the incident raises questions about AMD’s communication practices regarding security features and the broader implications for firmware security accountability in the industry. Users who rely on hardware-level memory encryption for sensitive data will see the feature restored, but the trust in AMD’s handling of such matters may take time to rebuild.
Via Tom’s Hardware