Without the TSME support, the Ryzen-based systems will be prone to cold boot attacks, but AMD didn't consider informing users before removing it.
AMD Removes TSME Support from Ryzen Chips as It Reserves It Only for the "PRO" Family
TSME, or Transparent Memory Secure Encryption, is a hardware security feature that encrypts everything stored in the system RAM using a key generated by the processor during boot. Unlike AMD's SME (Secure Memory Encryption, the TSME feature works automatically once enabled in the BIOS and doesn't rely on the operating system.
For 'privacy-conscious Linux hobbyist' Ben Kilpatrick, this came as a surprise when he found out that TSME was no longer available on his system after upgrading to the latest BIOS on this MSI motherboard. Apparently, he found this out when he was installing a new OS on his system that used the Ryzen 7 9700X. To check that all the security protections were enabled, he ran Host Security ID, which audits all the firmware and hardware security configurations.
To his surprise, the TSME was disabled or not supported, as can be seen from the screenshot. However, it's clear from the notes that the setting was changed from "Encrypted" to "Not supported" as the feature was working just fine previously. To Ben, it didn't make any sense since TSME was enabled from the BIOS. Therefore, he contacted MSI to know the possible cause, and after MSI ran some tests, they found out that the MSI and GIGABYTE motherboards support TSME with older firmware versions.
With AGESA 1.2.7.0 and newer firmware, the TSME always shows as "not supported" on Ryzen-based systems. That said, Ben filed a bug report on AMD's public engineering GitHub repository, thinking that it might have been a bug or unintentional. Two of AMD's engineers took action but couldn't find the root cause of the change and suggested that he enable/re-enable the feature in the BIOS.
Several weeks later, Ben sent the results to AMD engineers and then got the answers. As per the communication held between MSI and AMD, the latter informed MSI that "TSME is exclusively supported on PRO series processors". This was also confirmed by MSI's internal tests, where they found that the tsme_status exposes a "1" value when a Ryzen PRO series processor is installed, but with a consumer Ryzen chip, the value is "0".
While the impact may be limited to the users unless someone has physical access to their systems, many believe that AMD should have been transparent in this matter, letting the users know that the TSME support has been dropped from the consumer Ryzen lineup.
News Source: Ars Technica
About the author: Sarfraz Khan is a hardware reporter with a focus on PC components and the builder community. With years of experience writing about PC hardware and laptops, his work has been featured on several reputable technology publications. Sarfraz's hands-on experience is demonstrated through his first-person accounts of using and comparing different hardware configurations, providing practical and relatable insights for everyday users. His technical analysis is respected by peers in the enthusiast community and has been cited by specialized hardware sites such as Germany's Igor's Lab.
Follow Wccftech on Google to get more of our news coverage in your feeds.
