Source linked

AMD Quietly Kills Memory Encryption on Consumer Ryzen Chips

arstechnica.com@threat_watch2 hours ago·Cybersecurity·1 comments

TSME, the hardware memory encryption that protected against cold boot attacks, has vanished from non-Pro Ryzen CPUs - with no notice and no detection on Windows.

amdryzentsmememory encryptionhardware security

AMD dropped Transparent Secure Memory Encryption (TSME) from its consumer Ryzen CPUs sometime in the past year, and nobody noticed until Linux users started digging into memory behavior. On Windows machines the change is invisible. On Linux it takes a fair bit of kernel-level digging to confirm the protection is gone.

TSME encrypts the entire contents of system memory, making data useless against physical attackers performing cold boot attacks or other direct memory access exploits. AMD added this feature to its high-end CPUs roughly a decade ago, then gradually extended it down to consumer-grade Ryzen chips. Users had come to rely on it.

A Decade-Old Protection Goes Missing

No announcement, no changelog entry, no deprecation warning. Users on Reddit and other forums first spotted the discrepancy when comparing memory behavior across different Ryzen SKUs. Subsequent testing confirmed that newer consumer Ryzen chips simply lack TSME. The feature is still present on the Pro line of Ryzen processors, but that line costs more and targets workstations and enterprise.

AMD declined to answer specific questions about when or why TSME was removed from consumer chips. The company's only public statement: "TSME is a security feature only applied to PRO CPUs as part of AMD PRO Technologies." That marks the first time AMD has explicitly drawn that line in public.

AMD's Official Line: PRO Only

For users who bought a Ryzen chip expecting the same hardware-level memory encryption that had been standard for years, that answer is cold comfort. The feature was present, then it wasn't - and there's no way to get it back without moving to a Pro SKU.

The practical impact depends on your threat model. Most users never face a cold boot attack. But for anyone handling sensitive data on a laptop or small form-factor PC that could be physically stolen, TSME was a meaningful last line of defense. Its silent removal erodes trust in AMD's hardware security posture and sets a precedent that shipping features can vanish without notice.

Source: Users cry foul after AMD stripped memory crypto from its consumer CPUs
Domain: arstechnica.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
1.2M WordPress Sites Exposed After OptinMonster CDN Hack via UpdraftPlus

Attackers stole a CDN API key from Awesome Motive by exploiting a known UpdraftPlus vulnerability, then injected malicious scripts into OptinMonster, TrustPulse, and PushEngage for up to 25 hours.

Chinese Spies Hid in Medical REDCap Servers for 18 Months via Custom Malware

Google's Threat Intelligence Group found UNC6508 used InfiniteRed to steal Gmail messages about drones and Chikungunya from North American medical and military networks.

ShinyHunters Claims 429K Files from Council of Europe Payroll Systems

Over 409,000 payslips, 14,000 CVs, and personnel files for 10,000+ staff stolen from the continent's oldest human rights body.

Why Rust and C/C++ Memory Safety CVEs Don't Compare

A 5-line C program calling curl_getenv(NULL) segfaults without triggering a CVE, while Rust's compiler would reject it outright. That asymmetry means raw CVE numbers mislead.

Comments load interactively on the live page.