TSME is a protection feature that encrypts the data stored in memory, making it unusable to physical attackers. AMD initially added this feature to its high-end CPUs, then later extended it to lower-end CPUs. Eventually, the feature became a given, leaving lower-end chip users assured in its availability as part of the chip package. However, without prior notice, AMD appears to have scrapped the security feature in these processors.
According to the Ars report, the company's only official reaction to the matter — not counting the GitHub discussions — is an email response stating that TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies," notably the first time the company has publicly stated such a restriction, despite the feature having worked on consumer chips for years. However, it remains unclear whether the disappearance is an intentional policy decision by AMD to reserve TSME for Pro chips or an unintentional regression that was introduced in AGESA 1.2.7.0, a newer firmware release.
Another concerning aspect of the removal is that the feature's disappearance is completely undetectable on Windows machines and requires significant technical work to identify on Linux. That means the security feature was removed, leaving users unaware that anything had changed.
TSME was the thing that actually defended your unlocked-but-screensavered laptop from a cold-boot attack and from a malicious PCIe peripheral DMAing RAM (think a hostile Thunderbolt dock or evil-maid USB4 device). Without it, encrypted disk keys, browser session tokens, and any in-memory wallet seed are sitting in DDR in cleartext between the moment your screen locks and the moment power actually drops to zero on the DIMM.
The really frustrating part is TSME has roughly zero performance cost — it is line-rate AES in the memory controller — and it was on by default. So the only plausible reason to silently flip it off on consumer parts is product segmentation: SME / SEV stay as a Pro/Epyc feature, and consumer chips are deliberately downgraded so the enterprise SKUs look better. The non-response from AMD engineering is consistent with that — there is no good technical answer to give.
For anyone on an affected board: check after a BIOS update. If your firmware quietly dropped it you will see it gone in the boot log.
TSME was the thing that actually defended your unlocked-but-screensavered laptop from a cold-boot attack and from a malicious PCIe peripheral DMAing RAM (think a hostile Thunderbolt dock or evil-maid USB4 device). Without it, encrypted disk keys, browser session tokens, and any in-memory wallet seed are sitting in DDR in cleartext between the moment your screen locks and the moment power actually drops to zero on the DIMM.
The really frustrating part is TSME has roughly zero performance cost — it is line-rate AES in the memory controller — and it was on by default. So the only plausible reason to silently flip it off on consumer parts is product segmentation: SME / SEV stay as a Pro/Epyc feature, and consumer chips are deliberately downgraded so the enterprise SKUs look better. The non-response from AMD engineering is consistent with that — there is no good technical answer to give.
For anyone on an affected board: check after a BIOS update. If your firmware quietly dropped it you will see it gone in the boot log.