For nearly a decade, AMD offered a quiet but powerful security feature on many of its consumer processors: Transparent Secure Memory Encryption, or TSME. It encrypted everything stored in system memory, making cold boot attacks and other physical exploits essentially useless. Then AMD took it away from its consumer chips, and didn’t bother telling anyone.
The feature, sometimes marketed as AMD Memory Guard, works by generating an encryption key at boot through AMD’s Secure Processor. Every byte written to RAM gets encrypted transparently, with no operating system involvement required.
What happened and why it matters
AMD introduced TSME back in 2017, initially as a standard feature on its Ryzen PRO processors aimed at enterprise and business environments. Over time, the protection trickled down to lower-end consumer Ryzen chips.
Then, without any public announcement or documentation change, AMD began fusing off the feature at the silicon level on certain non-PRO consumer models. The Ryzen AI Max+ 395 is one confirmed example where TSME has been disabled by design.
