AMD quietly disabled RAM encryption on some consumer Ryzen CPUs and users want to know why

Serving tech enthusiasts for over 25 years.

TechSpot means tech analysis and advice you can trust.

TL;DR: About a decade ago, AMD added Transparent Secure Memory Encryption to its high-end processors to close a gap in hardware security. TSME encrypts everything in RAM, which blunts cold-boot attacks and other hands-on memory exploits targeting data as it sits on the DIMMs. Over time, the same mechanism quietly appeared on some consumer Ryzen chips as well. Then, after a recent firmware update, it stopped working there, and AMD has offered only a limited explanation for why.

The change came to light in April, when Ben Kilpatrick installed a new OS on a Ryzen 7 9700X system built on AMD's Zen 5 architecture. He describes himself as a "privacy-conscious Linux hobbyist," and part of his routine is to verify that hardware security features are switched on. To do that, he uses Host Security ID, a checker that inspects firmware and hardware configuration.

On earlier firmware, HSI had reported that RAM encryption was enabled on his machine. This time, the readout showed "encrypted RAM: not supported," even though TSME was still enabled in the BIOS.