According to a report by Ars Technica, AMD has quietly stripped a critical security feature from its lower-end CPUs, leaving unaware users potentially vulnerable to physical attacks. Following a months-long investigation tracked on GitHub, Ben Kilpatrick confirmed that the Transparent Secure Memory Encryption (TSME) feature — which protects CPUs against physical exploits that siphon data from connected memory chips — was suddenly no longer available on AMD CPUs outside the company’s Pro lineup.
As the exhaustive inquiry, which involved conversations with AMD engineers, board vendors, and other CPU users, was coming to a head, an AMD engineer abruptly cut discussions short, stating, “My apologies, but I don’t have any more information to share on this topic.” As of this report, AMD has neither officially acknowledged nor explained the disappearance of the security feature.
TSME is a protection feature that encrypts the data stored in memory, making it unusable to physical attackers. AMD initially added this feature to its high-end CPUs, then later extended it to lower-end CPUs. Eventually, the feature became a given, leaving lower-end chip users assured in its availability as part of the chip package. However, without prior notice, AMD appears to have scrapped the security feature in these processors.
According to the Ars report, the company’s only official reaction to the matter — not counting the GitHub discussions — is an email response stating that TSME “is a security feature only applied to PRO CPUs as part of AMD PRO Technologies,” notably the first time the company has publicly stated such a restriction, despite the feature having worked on consumer chips for years. However, it remains unclear whether the disappearance is an intentional policy decision by AMD to reserve TSME for Pro chips or an unintentional regression that was introduced in AGESA 1.2.7.0, a newer firmware release.
Another concerning aspect of the removal is that the feature’s disappearance is completely undetectable on Windows machines and requires significant technical work to identify on Linux. That means the security feature was removed, leaving users unaware that anything had changed.
Kilpatrick, a self-described “privacy-conscious Linux hobbyist” who first reported the change, was installing a new operating system on his machine running a Ryzen 7 9700X from the Zen 5 architecture. To confirm that all his security protections were enabled, he ran Host Security ID (HSI), an auditing feature that evaluates a system’s firmware and hardware security configurations. To his surprise, HSI reported that TSME was no longer supported — even though he had enabled it in his BIOS settings all along. The contradiction sent him searching for answers.
Hellbound and Down 