AMD will reinstate memory encryption on Ryzen 9000 CPUs through a BIOS update in July

[harlan4096]

The feature was quietly removed through a firmware update on some non-PRO Ryzen CPUs.

AMD has told Tom's Hardware that it will reinstate Transparent Secure Memory Encryption (TSME) on desktop Ryzen 9000 processors in July (we have the full statement further below). The feature is branded as Memory Guard for AMD's Ryzen PRO lineup, but it's available on non-PRO CPUs, as well. Earlier this year, AMD quietly removed the feature with AGESA 1.2.7.0, which Ars Technica reported on earlier this week. AMD tells Tom's Hardware that it's bringing TSME back to non-PRO Ryzen 9000 chips "based on valuable community feedback."
 
TSME is a firmware-level encryption feature for memory. It allows the processor to generate a key in order to encrypt data stored in RAM, serving as a layer of protection against cold boot attacks, where a sudden shutdown can allow a physical attacker to extract sensitive data stored in memory.

According to the Ars Technica report, AMD confirmed TSME support on consumer CPUs as far back as 2020 with the Ryzen 7 3700X. The author of the story, Ben Kilpatrick, discovered TSME's removal after running a security audit on a new machine with the Ryzen 7 9700X. After discovering that TSME was no longer supported, Kilpatrick worked with MSI (his motherboard vendor) to confirm that TSME had previously been supported but was disabled in AGESA 1.2.7.0.

Following the discovery, Kilpatrick raised a bug report on AMD's GitHub repository, where Mario Limonciello, a senior principal software engineer at AMD, eventually responded: “My apologies, but I don’t have any more information to share on this topic."

Continue Reading...