Transparent Secure Memory Encryption Returns on Ryzen Processors, but Watch Out for Gaming

AMD has announced that Memory Guard, the technology based on Transparent Secure Memory Encryption (TSME), will return on the Ryzen 9000 non-Pro desktop processors through a BIOS update scheduled for July. This decision comes after numerous criticisms from the community following the silent removal of the feature in recent firmware versions.

TSME allows for the transparent encryption of the entire system memory, protecting data from physical attacks such as so-called cold boot attacks and other techniques that attempt to extract information directly from RAM modules after gaining physical access to the computer. The technology automatically encrypts memory pages on write and decrypts them on read, using a temporary key generated at each system startup and not accessible via software.

AMD had introduced this feature about ten years ago on high-end processors and later extended it to consumer market Ryzen CPUs. Over time, users had become accustomed to its presence and the ability to independently decide whether to keep it active or disable it.

The removal of Memory Guard does not require changes to the chip and is solely related to changes in the firmware. This aspect fueled community criticisms, which interpreted the elimination of the feature as a deprivation of a capability available for years.

In an email communication, AMD confirmed that "for some Ryzen series 9000 non-Pro desktop processors, a BIOS option to enable Memory Guard was previously available, then removed in a recent update." The company added that, "based on valuable feedback from the community, the option will be restored in an upcoming BIOS version expected in July."

The company did not provide explanations regarding the reasons behind the removal of the functionality. Among the emerging hypotheses are possible difficulties in maintaining support with the new design evolutions of the chips or performance-related considerations. Memory encryption and decryption can indeed introduce a certain operational latency, the impact of which varies depending on workloads. In gaming, a particularly important segment for Ryzen 9000 processors, some developers have long suggested disabling TSME.

On the other hand, consumer systems are generally less exposed to sophisticated physical attacks compared to professional platforms. Nevertheless, many users have contested AMD's choice, especially because the presence of the feature for about a decade had created the expectation of being able to continue independently deciding whether to use this protection.

With the upcoming BIOS update, AMD will therefore restore a feature that many users consider an integral part of the Ryzen experience, highlighting AMD's attention to the community and its requests, at least in the realm of CPUs.