AMD Quietly Removed TSME Memory Encryption from Consumer Ryzen CPUs. Here's How It Was Found.

How the Change Was Discovered and Confirmed

The discovery came from an unexpected source: a privacy-focused Linux user.

Discovery: Security researcher Ben Kilpatrick noticed TSME had disappeared from his Ryzen system after updating firmware. He launched a months-long investigation, tracked on GitHub .

Confirmation: Kilpatrick ran Host Security ID (HSI), a firmware auditing tool, which reported that TSME was no longer supported — even though he had the BIOS option to enable it on previous firmware versions . The change was traced specifically to AGESA 1.2.7.0. MSI, a motherboard vendor, later confirmed that TSME was available in AGESA 1.2.6.0 but disabled in the newer build .

Why it was hard to detect: On Windows systems, users had no practical way to see the change. On Linux, detection required running specialized auditing tools . Had Kilpatrick not investigated, the change might have gone unnoticed indefinitely .

Community and Company Response

Community reaction: Outrage was swift and widespread.

• Security researchers and enthusiasts called the silent removal a serious breach of trust .
• The story reached the top of Hacker News on June 18, 2026, as the most-discussed item .
• Criticism centered on the complete lack of transparency: no security advisory, no changelog entry, and AMD engineers initially went radio silent when pressed .

AMD's official response: After the backlash, AMD issued a statement:

"Regarding certain non-PRO Ryzen 9000-series desktop processors, a BIOS option to enable Memory Guard was previously available but was removed in a recent update. Based on valuable community feedback, we will reinstate this option in an upcoming BIOS release in July."

AMD confirmed that:

• Ryzen PRO series will retain TSME permanently .
• Non-PRO Ryzen 9000 desktop CPUs will get TSME reinstated via a BIOS update in July 2026 .

AMD stated it "values customer data security," but has not publicly explained why TSME was removed in the first place — whether it was a licensing decision, a product segmentation move, or an internal error .

The Broader Pattern: AMD's Firmware Transparency Problem

The TSME incident is not an isolated event. It fits a pattern of security-affecting changes made silently through AMD's proprietary AGESA firmware:

• AGESA DDR5 PMIC vulnerability (CVE-2025-48516, May 2026): An insecure default configuration in the AGESA bootloader for DDR5 memory modules could allow local privilege escalation and permanent denial of service .

• Zen 5 microcode bug (CVE-2025-62626, 2025): A high-severity vulnerability in Zen 5 that generated potentially predictable random number keys (RDSEED), patched via AGESA firmware update .

• CVE-2024-56161 (Feb 2025): A critical flaw (CVSS 7.2) that could break Secure Encrypted Virtualization (SEV-SNP) protections by allowing malicious microcode injection due to inadequate signature verification .

• AGESA bootloader buffer overflow (CVE-2025-29951): A vulnerability in the AMD Secure Processor (ASP) bootloader allowing privilege escalation and arbitrary code execution .

• Long-standing AGESA transparency problems: AMD has drawn criticism for its closed-source AGESA firmware — the antithesis of the open-source AMD openSIL firmware it has been promising to transition to since 2023 . This lack of visibility means security changes like the TSME removal can slip through without independent auditing.

What This Means Going Forward

The TSME removal fits a broader pattern: security-affecting changes made silently via proprietary AGESA firmware, discovered only by independent researchers, followed by a reactive response only after public pressure. The incident has renewed calls for AMD to accelerate its transition to the open-source openSIL firmware initiative . For now, Ryzen users should be aware that the security features their system reports may not match what the firmware is actually delivering — and that independent verification may be the only way to be sure.