A decade old defense against physical memory siphoning attacks is gone from consumer CPUs, with no changelog, no public notice, and an AMD response that reclassifies the feature as commercial only.
For years, a Linux hobbyist running a routine firmware audit on his Ryzen 7 9700X expected to see a reassuring line: encrypted RAM, supported. Instead, he got a one-line verdict that didn't need explanation and that AMD has so far declined to explain: "encrypted RAM: not supported."
That single line, buried in a diagnostic dump, is the clearest entry point into a quiet change that security-conscious buyers are still piecing together. AMD has, without announcement, removed a hardware feature called Transparent Secure Memory Encryption, or TSME, from its consumer Ryzen processors, including the current Zen 5 generation. The feature encrypts the contents of attached system memory so that a physical attacker with the chips in hand cannot read them, a defense that sits next to the well-known cold-boot attack class. AMD's only public response, a partial statement to Ars Technica, is that TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies."
The change is the kind of thing a buyer would normally learn about from a spec sheet, a firmware note, or a product brief. There is no entry for it in any of those. Long-time users of consumer Ryzen chips who had come to rely on TSME found out only because they ran the right Linux-side checks, particularly the Host Security ID, or HSI, test, and compared before and after firmware states. On Windows, the change was effectively invisible. There is no built-in panel, no event-log entry, and no diagnostic that surfaces the loss.
That asymmetry is the core of the story, and the part that makes it more than a quiet spec tweak. A security feature designed to defend against physical memory-siphoning attacks, including the older cold-boot attack class where an attacker with brief physical access cools and removes DRAM modules to read their contents, was removed from a product line without telling the people who relied on it. AMD's response, that the feature was never a consumer feature, is the first time that restriction has been stated in writing, and it contradicts the working assumption of years of consumer Ryzen behavior.
The threat model is narrower than the protest register suggests. TSME is a defense-in-depth feature aimed at laptops and high-risk physical-access environments, not a patchable software vulnerability. A typical desktop or gaming user with standard physical security is not suddenly exposed to a new attack. But "you were never the target" is a difficult message to deliver after years of working behavior, and it is not the message AMD chose to deliver. The company declined Ars Technica's specific questions and offered only partial boilerplate.
The bigger question is what consumer-class silicon security is allowed to mean. AMD is positioning TSME as part of its commercial PRO tier, the same product-line designation that includes manageability and remote-management features sold to businesses. The reclassification is not, on its face, unreasonable. Memory encryption costs die area, and tiering security features between commercial and consumer lines is a standard industry practice. What is unusual is doing so without a public record, without a Windows-visible signal, and without a reviewer-facing channel where the change could be surfaced. The community that documents vendor changes is, in this case, the same community being told they should not have been relying on the feature in the first place.
A reader who wants to know whether their own machine is affected can run the HSI test, available on Linux systems via firmware-audit tooling, or inspect CPUID and BIOS-expose values for memory-encryption status. The Linux path is, for now, the only reliable path. Windows users have no equivalent surface, and AMD has not announced one.
What to watch next is whether AMD documents the change in a public changelog, whether OEM partners add a user-visible signal in their firmware interfaces, and whether the company offers a substantive answer to the specific question of when, in firmware releases, consumer Ryzen stopped reporting TSME support.