AMD to restore memory encryption on Ryzen 9000 CPUs via July BIOS update

At a glance:

• AMD will bring back Transparent Secure Memory Encryption (TSME) on Ryzen 9000 desktop processors through a July BIOS update
• The security feature was quietly removed in AGESA 1.2.7.0 earlier this year after being available since 2020
• TSME protects against cold boot attacks by encrypting RAM data at the firmware level

What happened

AMD is preparing to reverse a controversial decision that removed memory encryption capabilities from its latest desktop processors. The company will reinstate Transparent Secure Memory Encryption (TSME) on Ryzen 9000-series CPUs through an upcoming BIOS update scheduled for July release. This comes after the feature was quietly disabled in AGESA version 1.2.7.0 earlier this year, sparking concern among security-conscious users and prompting community backlash.

The discovery was made by Ben Kilpatrick, a security researcher who noticed the missing functionality while conducting an audit on a system equipped with the Ryzen 7 9700X. After confirming with MSI that TSME had previously been supported on their motherboards but was now disabled, Kilpatrick filed a bug report on AMD's official GitHub repository. The issue gained traction in the community, with AMD engineer Mario Limonciello eventually acknowledging the report, though without providing additional details at the time.

Technical background

TSME represents a firmware-level security implementation that generates encryption keys to protect data stored in system RAM. While not essential for typical consumer desktop security—since it primarily defends against physical cold boot attacks where attackers extract data from recently powered-off memory—it serves as an important layer of defense for users handling sensitive information. The technology has been part of AMD's security portfolio since at least 2020, when it was first confirmed on consumer processors like the Ryzen 7 3700X.

On AMD's Ryzen PRO lineup, this same technology is marketed under the name Memory Guard, emphasizing its role as a foundational security feature. The distinction between PRO and standard consumer variants had led to speculation that AMD was artificially segmenting security capabilities to create product differentiation. However, the company's reinstatement suggests they recognize the value of maintaining consistent security baselines across their processor families.

Community response and AMD's position

The reinstatement follows what AMD describes as "valuable community feedback" regarding the removal of the BIOS option. In their official statement to Tom's Hardware, AMD emphasized their commitment to customer data security while clarifying that Memory Guard remains a core feature for Ryzen PRO processors both currently and in future generations. The company acknowledged that the BIOS option for non-PRO Ryzen 9000 processors was previously available but removed in a recent update.

This episode highlights the growing importance of hardware-level security features in consumer processors, even for protections that may seem niche. Security researchers and privacy-focused users have increasingly scrutinized firmware implementations, particularly as supply chain attacks and physical security threats become more sophisticated. AMD's willingness to respond to community concerns demonstrates how user feedback can influence hardware security decisions, even at the firmware level.

Looking ahead

The July BIOS update will restore user choice regarding memory encryption on Ryzen 9000 desktop processors, though users will need to manually enable the feature through their motherboard's firmware settings. This timeline gives motherboard manufacturers time to integrate the updated AGESA code into their BIOS releases while allowing AMD to address any potential compatibility or performance considerations that may have prompted the original removal.

For enterprise and professional users, the reinstatement reinforces AMD's security-first messaging around the Ryzen PRO ecosystem. Meanwhile, consumer users gain back a layer of protection that, while not critical for everyday computing, provides meaningful defense against specific attack vectors that law enforcement and intelligence agencies have historically exploited in high-value investigations.