Ten years ago, AMD quietly slipped a security feature into its high-end processors that no one asked for—and everyone ended up needing. Transparent Secure Memory Encryption, or TSME, was never marketed as a consumer perk. It wasn’t in the product pages. It didn’t show up in the spec sheets. But it was there. Silent. Always on. When you enabled it in your BIOS, your RAM became unreadable to anyone with a soldering iron and a cold spray can.
I remember when I first heard about it. I was tinkering with a Ryzen 7 3700X, trying to lock down a machine that handled encrypted backups. I read a forum post from someone who said, "Just turn on SME in BIOS. It’s automatic." I didn’t know what SME was. I didn’t know TSME was different. I turned it on. And it worked. No reboot. No setup. Just... encrypted memory. That was the magic of it. No OS involved. No driver to install. Just silicon doing its job.
For years, that’s how it stayed. AMD never said, "Hey, your Ryzen 5 can do this." But they never said, "It can’t." And so we assumed. We trusted. We treated it like a baseline feature, like Secure Boot or SMT. We didn’t think twice. Why would we? It didn’t cost us anything. It didn’t slow anything down. It just made our machines harder to crack if someone ever got physical access.
And then, in April of this year, Ben Kilpatrick—a privacy-focused Linux hobbyist—discovered it was gone.
He didn’t notice because his machine crashed. He noticed because his security audit tool said, "encrypted RAM: not supported." And that was it. No warning. No changelog. No email from AMD. Just... silence.
It’s not that the feature broke. It was turned off. Deliberately. By firmware.
The Silent Switch
The change came in AGESA 1.2.7.0, AMD’s firmware update package that ships with motherboard BIOSes. Nothing in the release notes mentioned TSME. No "security improvements." No "bug fixes." Just a silent toggle, flipped in the background.
On consumer Ryzen chips—Ryzen 7 9700X, 9800X3D, 9900X—the flag DfIsTsmeEnabled, an internal AGESA variable, was set to FALSE. On the exact same motherboard, with the exact same BIOS settings, the PRO version of the same chip? TRUE. The silicon was identical. The memory controller was identical. The encryption engine was identical. Only the firmware said, "Nope. Not for you."
This wasn’t a hardware limitation. It was a policy decision. And AMD knew it.
Kilpatrick, frustrated, reached out to MSI and Gigabyte. They ran tests. They pulled memory dumps from the AMD Boot Loader (ABL). They confirmed: the flag was hardcoded to FALSE on consumer SKUs. No matter what you set in BIOS—AUTO, ENABLED, DISABLED—it didn’t matter. The firmware overrode it.
And when Kilpatrick asked AMD engineers why, they gave him the same canned response: "TSME is a security feature only applied to PRO CPUs as part of AMD PRO Technologies."
That’s it. No "we made a mistake." No "we’re fixing it." No "we never intended this to work." Just a corporate line, delivered like a door closing.
The Lie We All Believed
Here’s the thing: AMD engineers themselves told us this was fine.
In 2020, Tom Lendacky, an AMD fellow software engineer, wrote in a public forum: "The Ryzen 3700X should support TSME."
He didn’t say "it might." He didn’t say "it’s experimental." He said "should." And for six years, it did.
In 2025, he followed up: "I recommend using TSME. It’s a BIOS option. Your vendor needs to expose it."
He didn’t say, "But only if you paid extra." He didn’t say, "Don’t rely on it." He gave advice like a trusted expert. And we listened.
Now, in 2026, we’re told: "We never meant for this to work."
So which is it?
Was Lendacky wrong? Was he lying? Or was AMD lying to us now?
The truth is, it doesn’t matter. Because either way, we got burned.
If it was a bug, AMD failed to fix it. If it was policy, AMD failed to warn us.
Either way, they broke trust.
Why This Isn’t Just About RAM
Cold boot attacks sound like something out of a spy movie. You cool down the RAM chips with liquid nitrogen, yank them out, and read the data before it fades. It’s slow. It’s messy. It requires physical access.
So why care?
Because it’s not just about laptops in a coffee shop. It’s about encrypted drives. It’s about SSH keys. It’s about password managers. It’s about the digital fingerprints of your life, sitting in plain text inside your memory.
A police officer with a warrant can do this. A thief who steals your laptop can do this. A corporate spy with access to your desk can do this.
TSME didn’t stop hackers from logging in remotely. It stopped someone from walking out the door with your secrets.
And now, millions of users—people who bought Ryzen chips because they were powerful, affordable, and trusted—have lost that protection. Without knowing. Without consent. Without a single word.
Compare this to Intel. When Intel had a similar feature—Memory Encryption—they never removed it from consumer chips. They just labeled it "not supported." They left the door open. They didn’t slam it shut.
AMD didn’t just remove the feature. They erased the evidence. They made it invisible.
The Real Betrayal
The worst part?
It’s not the loss of encryption.
It’s the silence.
No blog post. No forum reply. No email to users who enabled the setting. No update to the documentation. No changelog.
Just a firmware update, pushed out to millions of machines, that quietly turned off a security feature—and then pretended it never existed.
Joe FitzPatrick, a silicon security expert I spoke with, put it bluntly: "If you’re going to remove a feature that people rely on, even if you never advertised it, you owe them an explanation. Even if it’s, ‘We made a mistake. We’re sorry.’"
But AMD didn’t say that.
They said, "It was never for you."
And that’s the real betrayal.
We trusted them. We assumed they were building systems with us in mind. We didn’t think they’d pull the rug out from under us without even looking back.
This isn’t just about memory encryption.
It’s about whether we can trust the companies we buy our hardware from.
And right now? The answer is no.
What Now?
There’s no fix. No BIOS update will bring it back. AMD has locked the door.
If you’re using a consumer Ryzen chip and you enabled TSME, you’re now vulnerable to physical memory attacks.
Your options?
- Use full-disk encryption. (But that doesn’t protect data in RAM.)
- Don’t leave your machine unattended. (Good luck with that.)
- Switch to a PRO chip. (If you can afford it.)
- Or just accept that the security you thought you had... was never yours to begin with.
I don’t know what AMD’s reasoning was. Maybe they wanted to push users to PRO. Maybe they were afraid of liability. Maybe they just didn’t care.
But I know this: when a company removes a security feature from your hardware without telling you, they’re not protecting you.
They’re protecting themselves.
And that’s not security.
That’s negligence.
Final Thought
I used to admire AMD. I thought they were the underdog who got it right. They listened. They delivered. They didn’t lock you out of your own machine.
Now?
I’m not sure anymore.
I still use Ryzen. I still recommend them. But I don’t trust them.
And that’s the cost of this silence.
Not in dollars.
In trust.
And that’s the one thing you can’t get back.
