AMD removed Transparent Secure Memory Encryption (TSME) from its consumer Ryzen line, a feature that has protected RAM against cold‑boot attacks for a decade. The change appeared in newer AGESA 1.2.7.0 firmware without notice, leaving Windows users unaware and Linux users forced to dig through BIOS settings. Users who relied on the encryption now see “encrypted RAM: not supported” in security audits for users.

The issue surfaced when Linux hobbyist Ben Kilpatrick ran Host Security ID on a Ryzen 7 9700X and discovered TSME disabled despite BIOS settings. Testing on MSI and Gigabyte boards showed older AGESA versions enabled the flag DfIsTsmeEnabled, while version 1.2.7.0 reported it false on consumer SKUs in the firmware. AMD engineers could not explain the regression, suggesting a BIOS or policy problem.

AMD later confirmed TSME is officially limited to PRO and EPYC processors, a policy communicated to motherboard vendors but never disclosed to end users. The silicon remains capable, so the restriction stems from firmware decisions rather than hardware limits. Consumers lose a layer of passive memory protection, in practice forcing them to rely on software‑based SME or accept unencrypted RAM.