GoKawiilAccording to a report by Ars Technica, AMD has quietly stripped a critical security feature from its lower-end CPUs, leaving unaware users potentially vulnerable to physical attacks. Following a months-long investigation tracked on GitHub, Ben Kilpatrick confirmed that the Transparent Secure Memory Encryption (TSME) feature — which protects CPUs against physical exploits that siphon data from connected memory chips — was suddenly no longer available on AMD CPUs outside the company's Pro lineup.
As the exhaustive inquiry, which involved conversations with AMD engineers, board vendors, and other CPU users, was coming to a head, an AMD engineer abruptly cut discussions short, stating, "My apologies, but I don't have any more information to share on this topic." As of this report, AMD has neither officially acknowledged nor explained the disappearance of the security feature.
TSME is a protection feature that encrypts the data stored in memory, making it unusable to physical attackers. AMD initially added this feature to its high-end CPUs, then later extended it to lower-end CPUs. Eventually, the feature became a given, leaving lower-end chip users assured in its availability as part of the chip package. However, without prior notice, AMD appears to have scrapped the security feature in these processors.
Latest Videos From Watch full video here:
According to the Ars report, the company's only official reaction to the matter — not counting the GitHub discussions — is an email response stating that TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies," notably the first time the company has publicly stated such a restriction, despite the feature having worked on consumer chips for years. However, it remains unclear whether the disappearance is an intentional policy decision by AMD to reserve TSME for Pro chips or an unintentional regression that was introduced in AGESA 1.2.7.0, a newer firmware release.
Another concerning aspect of the removal is that the feature's disappearance is completely undetectable on Windows machines and requires significant technical work to identify on Linux. That means the security feature was removed, leaving users unaware that anything had changed.
Kilpatrick, a self-described "privacy-conscious Linux hobbyist" who first reported the change, was installing a new operating system on his machine running a Ryzen 7 9700X from the Zen 5 architecture. To confirm that all his security protections were enabled, he ran Host Security ID (HSI), an auditing feature that evaluates a system's firmware and hardware security configurations. To his surprise, HSI reported that TSME was no longer supported — even though he had enabled it in his BIOS settings all along. The contradiction sent him searching for answers.
His first instinct was to reach out to MSI, his motherboard’s manufacturer, but the company didn't initially provide a definitive explanation. He also filed a bug report on AMD's public engineering GitHub repository, where two AMD engineers eventually responded: Tom Lendacky, an AMD fellow software engineer, and Mario Limonciello, an AMD senior principal software engineer.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter Get Tom's Hardware's best news and in-depth reviews, straight to your inbox. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
Interestingly, neither engineer appeared to have a clear answer for why the feature had disappeared. Their advice was basically the same: disable and re-enable the option in the BIOS, and if that didn't work, take it up with the motherboard manufacturer, making it clear that people directly at AMD were just as in the dark as the user reporting it.
... continue reading