AMD silently removes memory encryption from consumer Ryzen CPUs (opens in new tab)

simcop23875d ago

It's more than just for cryo-freezing and attacks like that, it also helps defend against row-hammer and other DRAM refresh related issues since the scrambling means that the host kernel or application can't determine what the physical bits on the chips are going to actually be and end up determining the layout in a way to flip specific bits. It might still be possible but it's yet another layer of defense against memory related security problems.

RealityVoid5d ago

Oooh, I saw this memory scrambling trying happening on the Open titan chips and I couldn't wrap my head around why they would scramble the memory since on read you descramble it anyway through the circuitry. That makes sense! Thanks for the explanation.

westurner5d ago

RAM crypto mitigates side channels.

close045d ago

Transparent communication would have been appreciated nonetheless. You have customers not just lawyers on the other side, it's not just about making sure you're legally covered.

thg5d ago

Let me give you an analogy: If you e.g. figure out some undocumented endpoints for a REST API, which are intended for internal use only, and started using them, do you expect the developers to inform you about changes?

As far as AMD is concerned, this was never supported, nor documented. Now pulling the rug with a firmware update isn't a very nice thing to do, but maybe they've had some actual reason for that beyond "this shouldn't be enabled". Nobody should expect undocumented and unsupported features to just continue to work in perpetuity, simply because they did work at some point in the past.

mort965d ago

There's plenty of features in products I buy which aren't "marketed", which I nonetheless get upset if are suddenly removed.

https://github.com/amd/firmware_binaries/blob/main/cezanne/P...

eigenform4d ago

Additionally, if you look at the changelogs for old ABL, it seems like this policy decision (only supporting for PRO SKUs) has always been implemented in firmware:

AFAICT the situation here is, it should have never been enabled for these consumer parts in the first place.

rolandog5d ago

This doesn't matter; it's post-sale enshittification... They didn't even wait to make the next model shittier!

Also, it probably wasn't the selling point, but it was the baseline of quality, and probably documented online or in manuals.

Furthermore, accepting this as normal opens the door to further post-sale enshittification of ALL things. Next thing you know, upgrades here and there are going to degrade the quality of products and services just because it wasn't explicitly written (think post-upgrade slowdowns of mobile phones to pressure people to buy newer ones).

This is THE slipperiest slope; and it's just taking place because the deregulation mafia is turning a blind eye to these tech cartels.

ChocolateGod5d ago

This is FUD. We have no idea the reason why.

Given it was never marketed, it's possible perhaps despite the feature being exposed it never worked correctly and AMD saw fit to just disable it rather than people get a false sense of security through it.

himata41135d ago

Many many people use consumer CPUs for gaming servers.

porridgeraisin5d ago

And? do you worry about the gaming server owner's neighbour breaking in, freezing the ram, quickly transferring it to another machine and reading it off?

embedding-shape5d ago

So reading between the lines, you're saying it's bad for AMD to disable undocumented features because people still might have bought them for those undocumented features, particularly for gaming servers?

https://en.wikipedia.org/wiki/Cold_boot_attack

chironjit5d ago

So that burn notice episode about freezing ram is real? Damn, thought they made it up

dgellow5d ago

I remember reading a study on that topic >15 years ago

fragmede5d ago

Except let's say the argument for running a local model is for your finances or marriage, counseling or help raising children and you want privacy for that, and you're willing to buy the new AMD AI Halo box for that ($4,000 MSRP, July 10th). You're gonna want this shit to be trustable that depending on your marriage that notification that the other person's reading, your shit is accurately being logged. But in the case of a domestic dispute, in this age of AI the partner is being cheated on only has to have a targeted conversation with AI in order to figure out how to read out bytes via cryo-freezing the RAM. The attacker isn't the police because you're not committing crimes. The attacker is your partner that you thought you could trust or maybe your kids trying to get access to your bank account to buy drugs or some such.

lompadOP5d ago· 9 in thread

Any idea what's happening? This sounds _bad_.

themafia5d ago

> To be fair to AMD, there is no clear indication that the company ever publicly advertised TSME as a consumer Ryzen feature.

A feature that was possibly accidentally enabled on consumer chips is now being disabled. I would guess that the number of owners of consumer chips who also relied on them for encryption is exceedingly small.

The primary concern persists. The manufacturer has an exceptional amount of control of the state of your CPU most of which you cannot change and an unknown chunk of which you cannot even see. We are sort of playing in a fools paradise.

willis9365d ago

How can manufacturers simultaneously have exceptional control over flags and not enough control to know what flags are enabled on their shipping products?

They either have that control or they don't.

5 more replies

AussieWog935d ago

> I would guess that the number of owners of consumer chips who also relied on them for encryption is exceedingly small.

I guarantee you that there's one small company that put 1,000 of these chips in a server room or datacentre though, and they're now completely boned.

2 more replies

vfclists5d ago

> A feature that was possibly accidentally enabled on consumer chips is now being disabled.

Bro what are you smoking? The highly paid and experienced engineers designing these chips could have "possibly enabled" the feature on consumer chips.

The chips were designed with the feature as it is cheaper to do everything right from the get go and disable functionality rather than design a less capable chip then tack on the feature afterwards, just as the consumer versions of Windows are the server versions with functionality removed.

Ygg25d ago

To be fair same can't be said of ECC, even though ECC should be basic feature out of the box.

voxadam5d ago

Market segmentation.

kijin5d ago

How does market segmentation work if you refuse to clarify which chips have the feature and which chips don't?

ykonstant5d ago

I would also like to know. Surely some people here have at least second-hand knowledge, and silence can sometimes be deafening.

porridgeraisin5d ago

It's not bad at all. Long story short, this feature prevented people stealing your ram stick off of your machine, super-freezing it and quickly moving it to their machine before the charge runs out and read off whatever bits are still left intact.

It prevented it by having a hardware module on the CPU's memory controller that AES encrypts the contents you are sending to DRAM, and decrypts it before reading it back to the CPUs memory structures. All with hardware keys completely invisible to software (and one that is basically impossible to manipulate physically).

And you need to be able to do it multiple times for the bits of memory that you want to snoop on, to be the bits that survive the transfer.

hgoel5d ago· 8 in thread

It's pretty crazy that we have this entire segment of features that companies artificially restrict from the average person and overinflate the price of, for no real reason. GPU virtualization is another example of such a feature.

The market segmentation arguments don't really work either, enterprises are paying the big bucks for more than just these standalone features.

loloquwowndueo5d ago

Reminds me of subscription heated seats in bmw cars. The hardware is already there, you paid for it and you can’t use it unless you give the automaker a revenue stream on top of the tens of thousands you already paid for the car.

iknowstuff5d ago

Well you didn’t pay for it though did you. The subscription is foul but the manufacturer choosing to streamline manufacturing by only having one variant restricted with software if you don’t pay is not particularly bad or surprising. Plus, easy to hack it back in, so win win

blacklion5d ago

Same with some old IBM hardware: two CPUs were installed in each box, but if you bought only 1 CPU server other one is disabled via firmware.

2 more replies

MostlyStable5d ago

I'm ok with a version of this as a concept. The version being when a feature is technically present in every SKU, but requires an extra purchase to unlock. A reply to you specifically mentioned subscriptions, which I very much do not like (except in cases where the feature requires ongoing costs), but there are many cases where having every version contain the feature, but requiring a purchase to unlock it is pro-consumer, and is a win-win-win (or at wist a win-win-draw). It can, under the right circumstances, allow the product to be available for a cheaper cost than it would otherwise be. So people who are willing to pay for it are better off, people who aren't willing to pay for maintain the option to change their mind for a nominal fee, and the company probably makes slightly more profit.

All that being said, in my opinion, it needs to come with several features:

1. no subscriptions for something that is just a one time unlock 2. It needs to be legal and protected for customers to figure out how to unlock it on their own without purchasing the unlock.

I haven't thought enough to have a strong opinion on the exact situation you describe (where it is present and an unlock isn't available at any fee), other than to say I'd still argue strongly that customers figuring out how to unlock it on their own should be legally protected.

dd_xplore5d ago

I think intel tried to offer GPU virtualisation with their consumer offerings but not sure what happened to that.

zamadatix4d ago

Older Intel iGPUs used to support GVT-g, they got rid of that in the newer models.

SR-IOV ("true" GPU partitioning) is targeted at the Arc Pro/DC GPUs only, not the desktop variants.

That leaves Intel in the same boat as the others these days: you can either pass the whole GPU through or buy a non-consumer variant for proper hardware virtualization (or try to hack it).

undersuit5d ago

From what I recall they started adding SR-IOV support to Xeon iGPUs. Among the ARC GPUs you still need a PRO model.

hgoel5d ago

Yes, I think Intel did offer that, but I recall hearing their software wasn't very good.

nickjj5d ago· 8 in thread

I don't know how this works but does this mean if someone gained physical access to your locked running computer, they could gain access to your full encrypted drive and anything saved on disk?

My reasoning there is if you used an encrypted drive, the decryption key you type when booting up would be stored in memory for the duration of that boot.

This seems alarming because it means if someone broke into your living quarters they can bypass all forms of disk encryption if your machine was on and locked. Encrypting your disks seems like a reasonable thing to want to do with consumer grade hardware.

shanoaice5d ago

Physical Access to a computer is almost always the fastest and easiest way to crack it down. Additionally, both Windows's BitLocker and Linux's dm-crypt are data at "rest" encryption. They are not responsible for the safety when your machine boots up. MAC and user password are the proper method when it's running.

inigyou5d ago

If they have liquid nitrogen and a memory dumping boot disk, or a memory bus interceptor.

beAbU5d ago

Is this still a viable attack in 2026?

pshirshov5d ago

This feature was off by default in all the mobos I've seen.

It causes many stability issues, as to my experience.

The attack is sophisticated, Mr.Nobody, generally, should not worry about expensive cryogenic attacks - three letter guys would extract your key with a wrench.

I mean the change is bad - it undermines already damaged trust, but the "average Joe" is extremely unlikely to be affected directly.

There are many much cheaper ways to force you to give up your keys.

deno5d ago

Unless you live in North Korea, China, Russia, UK, France, Australia or Ireland it’s still illegal to coerce or force someone to give up their personal keys or passwords, so this feature is still useful against some law-bound adversaries in free countries.

akimbostrawman5d ago

>It causes many stability issues, as to my experience

In my experience it very much does not, ram instability with this feature indicates a hardware issue same as with ECC.

>Mr.Nobody, generally, should not worry about expensive cryogenic attacks - three letter guys would extract your key with a wrench.

This is disingenuous framing. There exist valid threat models for average people between thieves and three letter agencies. Police forces and organized crime have been known to use ram freezing, the former is not known for wrench attacks. That scenario is only good for hand waving real concerns anyways.

[1] https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d... [2] https://en.wikipedia.org/wiki/Chat_Control [3] https://arstechnica.com/tech-policy/2020/02/man-who-refused-...

kobalsky5d ago

> three letter guys would extract your key with a wrench.

Are people still using this to justify no encryption? that comic sure did a lot of damage.

Mr. Nobody should be able to decide how much they want to protect themselves. If it's unstable maybe Mr Nobody is fine with it.

Raising the cost of achieving this to enterprise budgets, just because, seems suspect. Specially when there are so many attempts to undermine secure computing by the powers that be. [1] [2]

> There are many much cheaper ways to force you to give up your keys.

Yes, but that requires the Mr Nobody knowing you have access to them, which in itself is a big deal.

But let's think about it, why would they torture Mr Nobody by wrench? News stations would like to hear that, or do you think they will make Mr Nobody disappear too? Would they take those risks for a Mr Nobody?

Maybe the most realistic scenario is that people sometimes can hold onto their passwords. Scumbag or not. [3]

vablings5d ago

I would honestly them have rather communicated this first clearly.

bflesch5d ago· 6 in thread

It's a shame there is no software-based memory encryption included in the linux kernel. Especially cloud providers can easily snoop all your keys and you have zero recourse.

matja5d ago

There was a patch called Tresor that did this, but I don't think it was updated for a long time.

You have to store the encryption key in CPU registers and ensure it's not saved to RAM during task switching or power suspend operations. Tresor used x86-specific debug registers for it, but you could potentially use unused SIMD registers if you masked-off the CPUID bits for them and disabled them for access by user-space.

But securing against attacks from a hostile hypervisor or a server provider needs more than just memory encryption, because they can intercept any part of the boot process and control the hardware/firmware that can lie to your kernel.

To counter that you'd need something like AMD SEV(ES/SNP) with measured boot and remote attestation to switch the only thing you trust to the CPU manufacturer (best you can do IMO).

bflesch5d ago

Realistically as an Europeans we have the security threat of backdoored components from Epstein's colleagues at five eyes which are used for mass-surveillance of VMs at European hosters such as Hetzner. And every time you add a configuration option like memory encryption it makes their drive-by mass surveillance a tiny bit more difficult and hopefully easier to detect for the sysadmins at Hetzner.

IMO using the specialized CPU instructions (AES) is not clever because they'd obviously have backdoored that instruction to simply remember all keys that were used.

It's part of a defense-in-depth approach that Europe unfortunately needs as Europeans are considered as foreigners without any human rights by the five eyes community. America and their major tech leaders have made that abundantly clear to Europe, including the hitler salute as cherry on top.

I'm quite sad we have reached this situation, but if one is serious about security these things need to be discussed and if possible implemented.

pbmonster5d ago

> You have to store the encryption key in CPU registers and ensure it's not saved to RAM during task switching or power suspend operations.

Interesting insight. Any reason why the key can't be kept exclusively in the secure enclave / trusted platform module / crypto coprocessor?

benjojo125d ago

In a cloud provider situation there is no pure software solution to this, the hypervisor can always dump your memory pages / register states

bflesch5d ago

It's one piece of a proper defense-in-depth approach. Europe needs to hope for the best but prepare for the worst.

Retr0id5d ago

Software-based memory encryption would be horrendously slow, and realistically you'd still need to have the key in memory.

k__5d ago· 5 in thread

I'm curious about Denuvo's opinion on that.

akimbostrawman5d ago

AMD's memory encryption is completely transparent and irrelevant to the OS and its applications hence the transparent in the name.

not_a95d ago

This does not fit DRM/anticheat threat model anyway.

151555d ago

In a post-LLM world, Denuvo has far greater issues.

Retr0id5d ago

Why would Denuvo have an opinion?

nicman235d ago

denuvo is dead in the water right now, anyways

ZiiS5d ago· 4 in thread

If it can be silently removed was it a security feature?

Whilst I hate companies paying engineers to make things worse just to segment their market; I am not really seeing this as an important feature outside the data-center? If an evil-maid has hardware access they hack the USB and/or PCI not the RAM surely?

mike_hock5d ago

Sneakily and silently removing a feature in a firmware revision is not acceptable, security or otherwise.

p0w3n3d5d ago

if anyone does it sneakily, there is alleged wrongdoing attached to it. I can imagine multiple scenarios like some well-known Israeli company "selling their software only to governments", paying quite amount of money for it, because they were unable to break this one.

embedding-shape5d ago

> Sneakily and silently removing a feature in a firmware revision is not acceptable

What if said feature was sneakily and silently added in the first place? Wouldn't it be acceptable to sneakily and silently removing it in the future then? Or regardless of if it was documented/announced or not, removing anything sneakily and silently is bad?

crest5d ago

Removing it required AMD's firmware code signing keys. If an attacker has those and some time they can do much worse.

SirFatty5d ago· 4 in thread

"silently"

Everything is done silently and quietly nowadays.

supertrope5d ago

I get your point. I assume the intent is to call out companies on marketing good things and trying to bury customer unfriendly things. As a customer you can assume that if a company is not drawing attention to something, it's not good or at least the feature is not there.

SirFatty5d ago

I don't think you got it... it's a lazy way of writing headlines, and as someone else pointed out, it's an AI thing. Search news.google.com for silently or quietly and be amazed how many hits there are.

Retr0id5d ago

Because they're words LLMs like to use. But in this instance it seems like the word a human would pick, too.

niam5d ago

"AMD, with nary antecedent aforenotice, has elected to excise"...

garganzol5d ago· 4 in thread

For what it's worth, RAM encryption belongs to professional SKUs. It's the right business decision that should have been made from from the very beginning.

For most consumer users, RAM encryption primarily adds power consumption and heat generation while providing little practical benefit. They simply don't face many of the threat vectors and attack scenarios that certain industries and enterprise environments must contend with.

olavgg5d ago

I disagree, I play a lot around with enterprise stuff. Its insane that I need to buy enterprise grade hardware that costs 1000x more for lab/experimentation/learning. My only alternative is to wait a few years, and get it from Ebay.

I also believe that a strong reason that Optane pdimm's failed, was that it was only available on enterprise servers so hackers didn't get a chance to play with it and build software that took advantage of this special hardware.

Just look at how specialized Infiniband is, even though its awesome and has some great use cases. If it was a commodity tech, there would be 100x times more applications/software that took advantage of it.

baq5d ago

how do you know what threats I face? how do you know what threats journalists and whistleblowers face?

this is approximately the same discussion as with ECC RAM: the benefits vastly outweigh the slight performance loss and die area increases.

bakugo5d ago

ECC passively benefits everyone, even people who don't know what it is or why it's useful. Anyone can be a victim of random bit flips, it's not a targeted threat.

Memory encryption, on the other hand, provides absolutely no benefit to 99.999% of users. If you consider yourself to be such a high value target that you suspect someone might gain physical access to your hardware without your knowledge and carry out extremely sophisticated hardware attacks to extract your data, you are a tiny minority and it makes sense that such niche protections would require buying specialized hardware. Even then, the odds of such an attack being chosen instead of a far less sophisticated software-based approach are also tiny.

Of course, if the hardware itself supports the feature and AMD simply decided to disable it, that's still a shitty thing to do, but let's not pretend that it is in any way comparable to ECC.

rubyn00bie5d ago

This is an absurd take since the referenced chips in the article are all desktop parts, and the power usage is dwarfed by any “modern” (within the last five years) GPU.

There are many people, myself included who opt to use security features like this. All this does is reduce security for folks without any legitimate reason. “Power consumption” is absolutely not a valid excuse to completely disable it.

I’ve been a fan of AMD for a while now but they’re really jumping the shark these days. It’s a real shit situation we’re all in because of the lack of competition in consumer CPUs. I can only hope things like RISCV take off sooner than later.

Integer5d ago· 3 in thread

I had this enabled as it protects against RAMbleed/ECC errors, so it's not limited to physical attacks.

riobard5d ago

Are you sure? I thought it's just AES without any authentication.

bonzini5d ago

Yes, it's AES with a tweak based on the physical address. It adds some protection from RowHammer and the like because flipping a bit in encrypted memory is catastrophic, while it can be done in a controlled manner if it's not encrypted.

2 more replies

crest5d ago

Which encrypts each cache line with a key unknown to the attacker. This means an attacker can't target individual bits. Every change affects at least one AES encrypted block. It's much stronger than any normal defence against row hammer in that regard because flipping a single bit in plaintext changes ~half the bits in the ciphertext. It's similar to how Apple uses always on disk encryption instead of the normal means to limit run length in their NAND flash controllers. If the encryption is "off" it just means the decryption key is stored somewhere in the trusted enclave.

nickdothutton5d ago· 3 in thread

This sort of shenanigan is why it’s important to have a competitive market for CPUs.

functionmouse5d ago

it's exactly why we're not allowed a competitive market for CPUs

we could all be burning our own tiny ~300nm feature size ICs at home for around the price of a blu ray burner and a dark room setup. Our silicon limitations are not for a lack of hardware, but rather a lack of freedom.

bob10295d ago

> a lack of freedom

> ~300nm feature size

Can you point to a specific regulation that prevents me from crafting shitty semiconductors in my shed? I am pretty sure there are entire YouTube channels dedicated to this.

https://www.amd.com/en/products/processors/desktops/ryzen/90...

ezconnect5d ago

I think we are in the era we have so many CPU choices.

rekttrader5d ago· 3 in thread

Hint: NSA said no.

zamadatix5d ago

Why did the NSA wait 9 years to say no & why does that explain the coincidence of the feature being supported in the PRO variants of the same CPU, which just happen to cost more?

If the NSA wanted to say no they'd just ask for some kind of back door and call it a day.

HDBaseT4d ago

AMD PSP probably already works around it anyways.

NooneAtAll35d ago

NSA added disabling switch in the first place

nish__5d ago· 3 in thread

If you're this serious about security, you should be manufacturing your own hardware.

Crosseye_Jack5d ago

If you're this serious about security, then manufacturing your own hardware isn't good enough, you need to create your own big bang to seed your own planet to source your own helium to be used in the production of your own ICs.

But even then? can you really trust the research and information about how to produce those ICs if you have not conducted that research yourself personally?

Cider99865d ago

I wouldn't trust myself to manufacture my own hardware.

If you're serious about privsec you should use GrapheneOS.

nish__5d ago

Then learn? Otherwise, you have to trust those that do.

rusk5d ago· 2 in thread

I wonder what the additional power draw of these features would be. Parenthetically, I wonder often about the energy impact of all these HTTPS localhost links, and is there a point where defense-in-depth has to give way to other concerns?

But yeah 95% of the consumer market don't care about this and it's only adding unnecessary costs

Karliss5d ago

Consumers were always capable of disabling it themselves if they didn't need it. The performance impact seems to be ~3% on average, impact on power consumption is probably similar or less since any extra delay idling can destroy performance while not having as big impact on power consumption. https://www.phoronix.com/review/amd-memory-guard-ram-encrypt...

Any extra cost would be mostly due to power consumption and testing that the feature works (which they probably don't do for consumer skews anyway). The area of silicon used by the feature is probably negligible, from the manufacturing cost perspective it's cheaper to avoid any unnecessary design differences between skews.

undersuit5d ago

Despite it being hardware accelerated I've always wondered what the energy cost for HDCP encryption on HDMI connections is.

alberth5d ago· 2 in thread

Makes sense. The ECC in consumer line is what created an entire market for use in inexpensive web hosting.

Then AMD created their EPYC variants, and it wasn’t clear what the difference was between the consumer & Epyc models.

zamadatix5d ago

No clear difference beyond the scaling to 6x the memory channels, 24x the memory capacity, 12x the core count, 6x the PCIe lanes, and ability to double (or nearly double) these with a 2nd socket. There are also a few features, like per VM memory encryption, which have only ever been on Epyc (and "real" Epyc, not just any Epyc branded consumer platforms).

Like the article hits spot on right at the start, it has nothing to do with needing to differentiate Epyc somehow and everything to with differentiating the PRO versions of the consumer CPUs:

> was suddenly no longer available on AMD CPUs outside the company's Pro lineup

The PRO variants are just the standard consumer CPU sold at a $ premium for enterprise targets. They have remote management firmware enabled, get longer firmware and support lifecycles, FIPS certification, and, now, memory encryption over the consumer branded version of the same CPU.

alberth5d ago

What’s the different between these two:

Consumer:

EPYC variant:

https://www.amd.com/en/products/processors/server/epyc/4005-...

LoveMortuus5d ago· 1 in thread

Do companies ever announce when they remove features and degrade products?

zamadatix4d ago

Yeah.

RandyOrion5d ago· 1 in thread

The github issue that never made it in this news: https://github.com/AMDESE/AMDSEV/issues/292

Silent enshittification in the name of updates is getting out of hand. There are several evidences that downgrading BIOS/AGESA to below 1.2.7.0 to 1.2.0.3 brought back TSME for their AMD cpus.

I downgrade my bios as a price for my blind trust on AMD, and yes TSME is back.

You lost my trust AMD. The lesson learned is that if your PC with AMD cpu is stable, don't do any bios upgrade, as AGESA in the bios is adversarial to you, the users of AMD cpu.

RandyOrion5d ago

To people who silently downvoted this: please explain why you did that, you're doing things like AMD.

ciupicri5d ago

From yesterday: "Users cry foul after AMD stripped memory crypto from its consumer CPUs", https://arstechnica.com/security/2026/06/users-cry-foul-afte... ( https://news.ycombinator.com/item?id=48559827 )