AMD Strips Ryzen Owners of Key Security Feature

AMD has quietly blocked Transparent Secure Memory Encryption (TSME) technology in its consumer processors. According to Ars Technica, the manufacturer not only refused to explain the motives behind this decision but also attempted to shift the blame onto motherboard manufacturers.

What is TSME?

TSME technology is an encryption method that protects data from physical theft. It had been on standard Ryzen chips despite being designed for business platforms.

Now, this feature is no longer visible on Windows, and getting it to run on Linux requires significant technical effort. AMD representatives issued a brief statement noting only that TSME is an exclusive feature reserved for Pro-series processors.

How an Enthusiast Exposed the Corporation

The truth came to light thanks to the vigilance of a user named Ben Kilpatrick. In April 2026, while configuring a system with a new Ryzen 7 9700X processor (Zen 5 architecture), he noticed an anomaly: the BIOS reported that encryption was active, but the Linux Host Security ID utility stubbornly insisted that TSME was "not supported."

Kilpatrick and MSI engineers launched an investigation to pinpoint exactly when the security feature "switched off." On earlier BIOS versions, the TSME function worked flawlessly on standard Ryzen chips. The encryption vanished after the AMD AGESA microcode update to version 1.2.7.0.

Tests conducted on MSI, Gigabyte, and Asus motherboards confirmed that the AMD bootloader forcibly disables the DfIsTsmeEnabled flag for consumer chips (including the newly released Ryzen 7 9800X3D). Meanwhile, everything functions normally on Pro-series processors.

AMD Evades the Question

Kilpatrick's attempts to get answers in AMD's official GitHub repository hit a brick wall. 

The enthusiast reminded the developers that back in 2020, AMD itself had confirmed TSME support for the mainstream Ryzen 7 3700X. He then asked directly: "Is setting DfIsTsmeEnabled to FALSE for consumer models a chip-level restriction, or is it a decision made within the AGESA firmware policy?" The distinction matters immensely: if the lock is baked into the silicon, it is permanent; if it is an AGESA firmware constraint, the limitation can be bypassed.

The company's engineer closed the discussion with the phrase: "I apologize, but I do not have any additional information on this matter."

A Mistake or a Deliberate Move?

Technically, the TSME feature was never advertised in promotional materials for standard Ryzen processors (marketers reserved it for the more expensive Pro and Epyc lineups). However, over a decade of stable operation, users had grown accustomed to this security layer working "out of the box."

In any case, abruptly blocking a highly useful feature without clear explanations looks like a major reputational misstep.