This was never marketed as a feature of the consumer CPUs and if some malignant actor does get physical access to my (consumer) hardware, then them being able to read out bytes through cryo-freezing the RAM really isn't high up on the list of things I'm going to worry about.
I had this enabled as it protects against RAMbleed/ECC errors, so it's not limited to physical attacks.
show comments
hgoel
It's pretty crazy that we have this entire segment of features that companies artificially restrict from the average person and overinflate the price of, for no real reason. GPU virtualization is another example of such a feature.
The market segmentation arguments don't really work either, enterprises are paying the big bucks for more than just these standalone features.
show comments
nickjj
I don't know how this works but does this mean if someone gained physical access to your locked running computer, they could gain access to your full encrypted drive and anything saved on disk?
My reasoning there is if you used an encrypted drive, the decryption key you type when booting up would be stored in memory for the duration of that boot.
This seems alarming because it means if someone broke into your living quarters they can bypass all forms of disk encryption if your machine was on and locked. Encrypting your disks seems like a reasonable thing to want to do with consumer grade hardware.
show comments
nxy
To the general consumer, it doesn’t matter if they remove it or not. Am I wrong? When was the last time ya’ll used this super duper feature?
ChocolateGod
If my memory serves me correctly, this feature was never marketed by AMD for these CPUs and was unstable.
The only mistake AMD potentially made here is not being transparent why it was disabled.
ZiiS
If it can be silently removed was it a security feature?
Whilst I hate companies paying engineers to make things worse just to segment their market; I am not really seeing this as an important feature outside the data-center? If an evil-maid has hardware access they hack the USB and/or PCI not the RAM surely?
show comments
teravor
somewhat relevant, there is a MemoryOverwriteRequestControl efivar which I believe is set on by default in linux (need TPM enabled in bios) which will wipe memory on reboot.
should also set the MemoryOverwriteRequestControlLock (MorLock v1/v2) if you don't want it ever changed (on 'clean' reboot MOR is usually unset to facilitate a faster boot).
there is still the problem of actually triggering the reboot.
pshirshov
To be honest it never worked great - many issues (mostly freezes) with VFIO, NVidia drivers, amdgpu...
nickdothutton
This sort of shenanigan is why it’s important to have a competitive market for CPUs.
show comments
Elfener
I would be fine with this if it meant CPUs became slightly cheaper, but we know that's not going to happen.
And there's been talk that now the so-called "AI companies" will start using more CPUs as well, due to "personal agentic agents", so I hope that people won't be priced out of CPUs too...
Artoooooor
How can they not anything to say about it? I demand answers both why they sneakily added it and then why they sneakily removed it. Especially if it was a burgerland government intervention.
helterskelter
Ridiculous because AMD built their reputation off of avoiding BS market segmentation like this. It's ironic that the equivalent Intel model has this feature.
This has implications beyond simply securing against physical access attacks, but also protects against rowhammer and its ilk.
Between this and their recent botched software update verification I'm getting a little wary of AMD.
Silent enshittification in the name of updates is getting out of hand. There are several evidences that downgrading BIOS/AGESA to below 1.2.7.0 to 1.2.0.3 brought back TSME for their AMD cpus.
I downgrade my bios as a price for my blind trust on AMD, and yes TSME is back.
You lost my trust AMD. The lesson learned is that if your PC with AMD cpu is stable, don't do any bios upgrade, as AGESA in the bios is adversarial to you, the users of AMD cpu.
show comments
dd_xplore
No vendor should be able to do this remotely at all. Irrespective of security vulnerabilities present or not.
hydrogenbon007
crazy amd was the leader for secure memory encryption for consumer while no competitor provided it
sva_
So it seems that the Ryzen PRO in my HP EliteBook is not affected.
SirFatty
"silently"
Everything is done silently and quietly nowadays.
show comments
k__
I'm curious about Denuvo's opinion on that.
show comments
nish__
If you're this serious about security, you should be manufacturing your own hardware.
show comments
lompad
Any idea what's happening? This sounds _bad_.
show comments
crest
AMD is busy learning all the wrong lessons from Intel.
rusk
I wonder what the additional power draw of these features would be. Parenthetically, I wonder often about the energy impact of all these HTTPS localhost links, and is there a point where defense-in-depth has to give way to other concerns?
But yeah 95% of the consumer market don't care about this and it's only adding unnecessary costs
show comments
pjmlp
Another example on how AMD is hardly the good guys.
hugmynutus
Everyone jumping up about "enshitification". I tried to enable this feature on QEMU and it broke my VMs because the secure memory system was board-line hopelessly broken/non-functional.
Did anyone even use this feature?
Yes it is dishonest to remove features but from perspective AMD disabled a feature that never worked in the first place. The feature never should've been advertised as enabled.
bflesch
It's a shame there is no software-based memory encryption included in the linux kernel. Especially cloud providers can easily snoop all your keys and you have zero recourse.
show comments
shiiiit
This will be re-added in a few years. The current flip-flop is just enshittification.
alberth
Makes sense. The ECC in consumer line is what created an entire market for use in inexpensive web hosting.
Then AMD created their EPYC variants, and it wasn’t clear what the difference was between the consumer & Epyc models.
show comments
miga
It is sad that once again we will be exposed to more criminals trying to steal our data. Memory encryption not only allows to secure memory from physical "cold RAM", but also prevents loss of encryption keys as it hides the content during transfer.
garganzol
For what it's worth, RAM encryption belongs to professional SKUs. It's the right business decision that should have been made from from the very beginning.
For most consumer users, RAM encryption primarily adds power consumption and heat generation while providing little practical benefit. They simply don't face many of the threat vectors and attack scenarios that certain industries and enterprise environments must contend with.
This was never marketed as a feature of the consumer CPUs and if some malignant actor does get physical access to my (consumer) hardware, then them being able to read out bytes through cryo-freezing the RAM really isn't high up on the list of things I'm going to worry about.
From yesterday: "Users cry foul after AMD stripped memory crypto from its consumer CPUs", https://arstechnica.com/security/2026/06/users-cry-foul-afte... ( https://news.ycombinator.com/item?id=48559827 )
I had this enabled as it protects against RAMbleed/ECC errors, so it's not limited to physical attacks.
It's pretty crazy that we have this entire segment of features that companies artificially restrict from the average person and overinflate the price of, for no real reason. GPU virtualization is another example of such a feature.
The market segmentation arguments don't really work either, enterprises are paying the big bucks for more than just these standalone features.
I don't know how this works but does this mean if someone gained physical access to your locked running computer, they could gain access to your full encrypted drive and anything saved on disk?
My reasoning there is if you used an encrypted drive, the decryption key you type when booting up would be stored in memory for the duration of that boot.
This seems alarming because it means if someone broke into your living quarters they can bypass all forms of disk encryption if your machine was on and locked. Encrypting your disks seems like a reasonable thing to want to do with consumer grade hardware.
To the general consumer, it doesn’t matter if they remove it or not. Am I wrong? When was the last time ya’ll used this super duper feature?
If my memory serves me correctly, this feature was never marketed by AMD for these CPUs and was unstable.
The only mistake AMD potentially made here is not being transparent why it was disabled.
If it can be silently removed was it a security feature?
Whilst I hate companies paying engineers to make things worse just to segment their market; I am not really seeing this as an important feature outside the data-center? If an evil-maid has hardware access they hack the USB and/or PCI not the RAM surely?
somewhat relevant, there is a MemoryOverwriteRequestControl efivar which I believe is set on by default in linux (need TPM enabled in bios) which will wipe memory on reboot.
should also set the MemoryOverwriteRequestControlLock (MorLock v1/v2) if you don't want it ever changed (on 'clean' reboot MOR is usually unset to facilitate a faster boot).
there is still the problem of actually triggering the reboot.
To be honest it never worked great - many issues (mostly freezes) with VFIO, NVidia drivers, amdgpu...
This sort of shenanigan is why it’s important to have a competitive market for CPUs.
I would be fine with this if it meant CPUs became slightly cheaper, but we know that's not going to happen.
And there's been talk that now the so-called "AI companies" will start using more CPUs as well, due to "personal agentic agents", so I hope that people won't be priced out of CPUs too...
How can they not anything to say about it? I demand answers both why they sneakily added it and then why they sneakily removed it. Especially if it was a burgerland government intervention.
Ridiculous because AMD built their reputation off of avoiding BS market segmentation like this. It's ironic that the equivalent Intel model has this feature.
This has implications beyond simply securing against physical access attacks, but also protects against rowhammer and its ilk.
Between this and their recent botched software update verification I'm getting a little wary of AMD.
Hint: NSA said no.
The github issue that never made it in this news: https://github.com/AMDESE/AMDSEV/issues/292
Silent enshittification in the name of updates is getting out of hand. There are several evidences that downgrading BIOS/AGESA to below 1.2.7.0 to 1.2.0.3 brought back TSME for their AMD cpus.
I downgrade my bios as a price for my blind trust on AMD, and yes TSME is back.
You lost my trust AMD. The lesson learned is that if your PC with AMD cpu is stable, don't do any bios upgrade, as AGESA in the bios is adversarial to you, the users of AMD cpu.
No vendor should be able to do this remotely at all. Irrespective of security vulnerabilities present or not.
crazy amd was the leader for secure memory encryption for consumer while no competitor provided it
So it seems that the Ryzen PRO in my HP EliteBook is not affected.
"silently"
Everything is done silently and quietly nowadays.
I'm curious about Denuvo's opinion on that.
If you're this serious about security, you should be manufacturing your own hardware.
Any idea what's happening? This sounds _bad_.
AMD is busy learning all the wrong lessons from Intel.
I wonder what the additional power draw of these features would be. Parenthetically, I wonder often about the energy impact of all these HTTPS localhost links, and is there a point where defense-in-depth has to give way to other concerns?
But yeah 95% of the consumer market don't care about this and it's only adding unnecessary costs
Another example on how AMD is hardly the good guys.
Everyone jumping up about "enshitification". I tried to enable this feature on QEMU and it broke my VMs because the secure memory system was board-line hopelessly broken/non-functional.
Did anyone even use this feature?
Yes it is dishonest to remove features but from perspective AMD disabled a feature that never worked in the first place. The feature never should've been advertised as enabled.
It's a shame there is no software-based memory encryption included in the linux kernel. Especially cloud providers can easily snoop all your keys and you have zero recourse.
This will be re-added in a few years. The current flip-flop is just enshittification.
Makes sense. The ECC in consumer line is what created an entire market for use in inexpensive web hosting.
Then AMD created their EPYC variants, and it wasn’t clear what the difference was between the consumer & Epyc models.
It is sad that once again we will be exposed to more criminals trying to steal our data. Memory encryption not only allows to secure memory from physical "cold RAM", but also prevents loss of encryption keys as it hides the content during transfer.
For what it's worth, RAM encryption belongs to professional SKUs. It's the right business decision that should have been made from from the very beginning.
For most consumer users, RAM encryption primarily adds power consumption and heat generation while providing little practical benefit. They simply don't face many of the threat vectors and attack scenarios that certain industries and enterprise environments must contend with.