AMD Quietly Strips Memory Encryption From Consumer Ryzen CPUs in Firmware Update

AMD has silently removed Secure Memory Encryption (SME) — marketed as AMD Memory Guard — from consumer Ryzen processors through newer AGESA firmware updates, according to Tom's Hardware. The change appears in no release notes. When engineers were directly questioned, they went radio silent.

What Happened

AMD Memory Guard is a hardware-level feature that encrypts the contents of system RAM using a key generated at boot. Its primary defense is against physical attacks — cold-boot attacks, DMA attacks, or an adversary pulling your DIMMs and reading them on another machine. It is the consumer equivalent of enterprise Transparent Secure Memory Encryption (TSME).

Sometime after a newer AGESA firmware revision — the low-level code underpinning BIOS/UEFI on AMD platforms — SME stopped functioning on consumer Ryzen systems. The critical detail: the BIOS toggle may still appear and report the feature as enabled while memory is not actually being encrypted. Users who applied routine BIOS updates have been silently downgraded. There is no CVE, no security advisory, no errata document, and no statement from AMD's security team acknowledging the change.

Why It Matters

For a typical home desktop, physical RAM access is rarely in the threat model. But this is material for systems in shared spaces, laptops that travel, home servers and edge nodes, or any environment where an adversary could briefly touch hardware. Cold-boot tooling is not exotic — it is documented and publicly available.

More damaging than the technical regression is the trust failure. A security feature being quietly removed with the BIOS UI still showing it as "on" means users may be making active security decisions on a false premise. If you built a security posture, documented a control, or made a compliance argument around AMD Memory Guard being present, that assumption is now invalid — and you were never informed.

It also raises a supply-chain question: if this change shipped undocumented through AGESA, what else has?

What to Do

1. Assume you are exposed. If you run any consumer Ryzen system (desktop or mobile) and have updated your BIOS in the past several months, treat Memory Guard as non-functional regardless of what the BIOS reports.

2. Identify your AGESA version. Find the AGESA string in your UEFI. Monitor Tom's Hardware and your motherboard vendor's release notes for affected version ranges — AMD has not yet published them.

3. Freeze firmware updates on sensitive systems. Do not apply new BIOS updates to machines where memory confidentiality is a control until AMD issues a clear statement with a fixed version.

4. Add compensating controls now. Full-disk encryption (BitLocker, LUKS) does not protect live RAM, but combining physical security, disabled USB boot, and BIOS passwords meaningfully reduces cold-boot attack surface.

5. Apply direct pressure. File support tickets with both AMD and your motherboard vendor. AMD is more likely to issue a formal advisory if they receive volume. Reference the Tom's Hardware report in your ticket.

Watch AMD's product security page for an official response. As of publication, none has been issued.