AMD has issued a correction. After several days of criticism over the silent removal of TSME memory encryption in certain consumer Ryzen processors, the company has confirmed it will restore the Memory Guard option, also known as Transparent Secure Memory Encryption, in some non-PRO Ryzen 9000 desktop models via a BIOS update scheduled for July.
The controversy wasn’t only about the disappearance of a security feature. What bothered part of the tech community most was how it happened: the option continued to appear in some BIOS setups as if it could be enabled, but the system didn’t actually activate the memory encryption. For the average user, this could go unnoticed. For those reviewing their system’s security settings, especially in Linux, the change was obvious.
What is TSME and why does it matter?
TSME stands for Transparent Secure Memory Encryption. It is a hardware-based memory encryption technology designed to encrypt the contents of RAM, preventing data exposure during certain physical attacks. AMD markets this feature within its professional lineup as AMD Memory Guard.
AMD’s own documentation describes Memory Guard as a layer intended to reduce the risk of physical attacks on memory, including cold boot attacks, direct DRAM reading attempts, or module extraction. The technology encrypts memory contents using integrated AES engines in the processor’s memory controllers, with a key generated on each reboot and managed by the AMD Secure Processor.
| Concept | Explanation |
|---|---|
| TSME | Transparent Secure Memory Encryption |
| Commercial name | AMD Memory Guard |
| Goal | Encrypt RAM contents transparently |
| Threats mitigated | Cold boot attacks, memory extraction, physical DRAM reads |
| Activation | Usually from BIOS/UEFI when motherboard and firmware support it |
| Usual impact | AMD states it is low or barely noticeable on compatible systems |
This isn’t a feature that significantly alters daily security for most home PCs. To exploit it as an attacker, physical access to the device or its memory modules is generally required. However, that doesn’t make it irrelevant. In laptops, workstations, labs, Linux environments, research setups, or sensitive data machines, memory encryption can be part of a layered defense alongside disk encryption, TPM, authentication, and secure boot practices.
The main point of contention was another: if a feature is available in silicon and has been exposed for years on certain platforms, removing it via firmware without a clear explanation undermines trust. Even more so when the option remains visible in BIOS, potentially leading users to believe security is active when it might not be.
The removal came with AGESA 1.2.7.0
According to reports from Tom’s Hardware and Ars Technica, the removal was detected after a firmware update based on AGESA 1.2.7.0—the fundamental component AMD provides to motherboard manufacturers to develop BIOS firmware. The issue came to light when Ben Kilpatrick conducted a security audit on a system with a Ryzen 7 9700X and found that TSME was no longer reported as supported, despite being available previously.
Further checks indicated that the change was not due to a physical hardware limitation but was a decision implemented via firmware. AMD’s Ryzen PRO processors still retained Memory Guard, while certain consumer Ryzen models began reporting the feature as unsupported. This discrepancy led to suspicions that AMD was selectively disabling the feature in consumer models through software.
| Element | Situation details |
| Affected processors | Specific Ryzen consumer models, especially Ryzen 9000 non-PRO desktop variants |
| Reported firmware | AGESA 1.2.7.0 |
| Main symptom | BIOS displayed the option, but TSME was not activated in the system |
| Professional lineup | AMD maintains Memory Guard in Ryzen PRO systems where silicon supports it |
| Post-response | AMD will restore the option in certain Ryzen 9000 non-PRO models in July |
AMD’s initial reaction did little to ease concerns. As per reports, the community opened a GitHub issue, and an AMD engineer responded that they had no further information to share. Without a clearer public explanation, suspicion grew: was it a bug, a business decision, or a deliberate removal of a feature some users valued as part of the product’s security?
Now, AMD has confirmed to Tom’s Hardware that they will re-enable the option in a future BIOS update in July, “based on valuable community feedback.” This statement addresses the immediate concern but leaves several questions unanswered.
An important but incomplete correction
Restoring TSME on certain Ryzen 9000 non-PRO desktops is a positive move. It prevents a security feature from vanishing via firmware update and acknowledges community concerns. However, AMD hasn’t transparently explained why the feature was removed, why the BIOS continued to display it without enabling it, nor what the situation will be with other Ryzen generations.
AMD’s official statement is quite precise: Memory Guard is a hardware-based memory encryption technology available on Ryzen PRO desktop and mobile processors when supported by silicon, with no current plans to remove support from its PRO lineup. Regarding certain Ryzen 9000 non-PRO models, the company admits that a BIOS option was previously available, was removed in a recent update, and will return in July.
| Pending questions | Why it matters |
| Why was TSME removed? | Clarifies if it was an error, a business decision, or a policy change |
| Why did BIOS still display the option? | This can give a false sense of security |
| Which exact models will it return to? | Users need to know if their CPU remains supported |
| What about Ryzen 7000 or older generations? | The correction mentions only certain Ryzen 9000 models |
| How can it be verified in Windows? | Linux makes it easier to audit, but not all users can verify |
| Will it depend on each motherboard manufacturer? | BIOS updates come on different schedules |
For a security-focused company, transparency is nearly as important as the feature itself. If a firmware update can disable security capabilities without clear notice, advanced users lose control. Additionally, if BIOS settings do not reflect the actual system status, the problem shifts from communication to trust.
Firmware security and product segmentation
This case also fuels a broader debate about how manufacturers control features via firmware. Modern processors aren’t static: their behavior depends on microcode, AGESA, BIOS, PSP, motherboard configuration, OS, and verification tools. A feature may be present in silicon but exposed, limited, or disabled by firmware decisions.
That’s not inherently negative. Firmware updates fix bugs, improve compatibility, increase stability, and address vulnerabilities. The problem arises when they are used to remove capabilities without sufficient explanation—especially security functions. Consumers buy products expecting certain features, but those capabilities can change months later through updates.
Segmentation between consumer and professional tiers exists industry-wide. Manufacturers reserve remote management, enterprise validation, extended support, advanced security, or specific warranties for PRO, vPro, workstation, or server lines. This can make sense if communicated clearly. But it’s problematic when a feature available in consumer devices disappears after an update without proper justification.
In this case, TSME isn’t just a minor marketing feature; it relates to the physical protection of memory. It’s not essential for everyone, but for some users, it influences their choice or how they configure their systems. Thus, AMD’s correction was necessary.
What Ryzen users should do
Owners of non-PRO Ryzen 9000 desktop processors interested in TSME should wait for the July BIOS updates that will reintroduce the option, provided their model and motherboard are within supported parameters. Remember that AMD supplies AGESA code, but each motherboard manufacturer must release its own BIOS updates. Therefore, update availability may differ between ASUS, MSI, Gigabyte, ASRock, and others.
If you have already updated to a BIOS with AGESA 1.2.7.0 and depend on TSME, it’s advisable to verify its actual status in the operating system—not rely solely on the UEFI menu. In Linux, there are ways to check if memory encryption is supported and active. In Windows, it may be less straightforward for non-expert users.
| User profile | Practical recommendation |
| Home user without special needs | Not urgent, but keep BIOS updated when possible |
| Advanced Linux user | Check actual support within the OS, not just BIOS |
| System with sensitive data | Wait for corrected BIOS and verify TSME after updating |
| Company or research lab | Document BIOS version, AGESA, and encryption status |
| New buyer | Check support for Memory Guard/TSME before choosing platform |
It’s also wise to read the BIOS release notes before updating. If the manufacturer doesn’t mention AGESA, TSME, or Memory Guard, consider waiting for a later version or consulting support. Remember that firmware updates carry some operational risk—use a stable power source, save settings beforehand, and avoid interruptions during flashing.
Community’s role in correcting manufacturers
This story sends a positive message: community-led audits work. Enthusiast users examined their systems, noticed differences, documented them, contacted motherboard vendors, opened reports, and ultimately pushed AMD to respond. Without that pressure, the removal might’ve gone unnoticed by most.
It also offers a warning: security features should not depend on community detection of silent changes. If a manufacturer disables, limits, or modifies a protective capability, they must clearly explain what’s changing, for which models, why, and how users can verify it.
AMD made the right move by restoring TSME support on certain Ryzen 9000 non-PRO processors. Now, it needs to complete the most important step for rebuilding trust: explaining the original decision and clarifying the exact scope of the restoration. In security, quick fixes matter, but clear communication is nearly as important.
FAQs
What did AMD announce about TSME?
AMD confirmed it will restore the Memory Guard/TSME option on certain Ryzen 9000 non-PRO desktop processors via a BIOS update scheduled for July.
What is TSME?
TSME (Transparent Secure Memory Encryption) is a hardware-based RAM encryption feature designed to mitigate physical attacks such as cold boot or direct memory read attempts.
Does this affect all Ryzen processors?
It’s unclear. AMD has specified certain Ryzen 9000 non-PRO desktop models. It has not yet clarified if the fix will extend to other generations or mobile variants.
Why was the removal controversial?
Because the BIOS could still show the option even if encryption wasn’t active, and because the removal was apparently done via firmware without transparent public explanation.
