AMD memory encryption returns after user backlash

AMD memory encryption is coming back. But it's a security feature known as Transparent Secure Memory Encryption (TSME) or Memory Guard, and it's set to return to consumer Ryzen processors after AMD faced considerable user backlash for its quiet removal. The chipmaker confirmed plans to reinstate the option in an upcoming firmware update scheduled for July, responding directly to widespread criticism from its customer base. So they listened.

Silent Removal Sparks Outcry

For about a decade, AMD had steadily integrated TSME into its CPU lines, starting with high-end models and eventually extending to consumer versions of its Ryzen chips, and it encrypted all data stored in memory. This rendered data unreadable to adversaries attempting physical intrusions like cold boot attacks. It added an extra layer of protection. Users of these lower-cost chips had grown accustomed to this security measure, but some security experts acknowledged that consumer systems are less frequently targets for such sophisticated physical attacks.

But the protection vanished from AMD's lower-end chip line without any prior warning or announcement. It's nearly undetectable. This change, made through a firmware update, requires considerable technical effort to identify on Linux systems and remains completely invisible on Windows machines. AMD stayed silent. They wouldn't acknowledge or explain the change when questions arose last week.

Community Feedback Prompts Reversal

TSME vanished, and the internet exploded. Consumers immediately voiced their frustration, arguing that AMD’s silent removal of a long-supported feature felt like an underhanded move that betrayed their trust.

AMD finally broke its silence over the weekend. The company confirmed it's bringing back the feature it calls Memory Guard through a forthcoming firmware update, so users can expect the change to arrive soon and address the growing concerns. But that's it. No other details were shared.

“Regarding certain non-PRO Ryzen 9000-series desktop processors, a BIOS option to enable Memory Guard was previously available but was removed in a recent update,” AMD stated in an email. “Based on valuable community feedback, we will reinstate this option in an upcoming BIOS release in July.”

Unanswered Questions Linger

AMD committed to reinstatement. But it hasn't explained why the memory encryption feature was initially removed, leaving users and observers to speculate about the real reasons behind the company's sudden, unexplained decision. Some critics think it's a push to buy pricier CPUs. Others suggest it's about support challenges or performance trade-offs as chip designs change.

Encrypting and decrypting data in memory always adds some latency. But for gamers,who represent a huge chunk of the 9000-series Ryzen user base,even small performance slowdowns are totally unacceptable. It's plausible that AMD just didn't see this coming. Since many gamers already turned off TSME to boost performance and didn't think they really needed it, the company might have underestimated how much its removal would actually affect everyone.

The Mechanics of Secure Memory

TSME operates by encrypting and decrypting all physical memory automatically as data moves in and out of the processor. It's simple. At each system start, an ephemeral encryption key is created, and that key stays completely inaccessible to software, which really boosts security. And TSME is operating system independent, unlike other secure memory solutions. That makes it straightforward to implement and manage.

It's a powerful shield against physical access attacks. But this automatic encryption carries a performance cost that can shift depending on what the processor is working on at any given moment.

• Protects against cold boot attacks and similar physical intrusions.
• Encrypts entire memory contents.
• Ephemeral encryption key created on each system start.
• OS independent for easier enablement.
• Incurs a performance cost depending on tasks.

Some game developers have advised users to disable AMD memory encryption for optimal gaming performance. But it's risky. While disabling security features is generally frowned upon, the argument has been made that for consumer chips the data stored is often not valuable enough to warrant a sophisticated physical attack, so the risk is somewhat lower.

Lessons in Accountability

AMD stayed silent at first. But public demand forced a reversal, highlighting a trend in how major tech companies interact with their user bases. It's a shift from the past. Historically, large corporations were more inclined to openly communicate product changes, admit errors, and outline plans for improvement, but in recent decades, as market power has expanded, perceived accountability has often diminished, and we've seen silence become the default response.

AMD deserves credit. Despite the ongoing opacity about why they removed the memory encryption feature in the first place, the company has shown a real willingness to listen to its customers by restoring it. But the initial removal and the long silence before this decision did erode some user trust. For consumers, the ability to choose whether to enable this security feature on their Ryzen chips is an important capability, and AMD will soon give that control back.