Limoncello promptly replied: “My apologies; but I don’t have any more information to share on this topic.” With that, the discussion and Kilpatrick’s inquiry were over.
The Lendacky comment in 2020 Kilpatrick referred to came in this thread discussing encryption features available in AMD CPUs. Lendacky said that the Ryzen 3700x, a consumer CPU, “should support TSME.” In a 2025 comment in the same thread, the engineer followed up on his comment concerning the 3700x.
“I recommend using TSME (Transparent SME), but it is a BIOS option that needs to be exposed by your BIOS provider,” Lendacky said in response to the question about the consumer chip.
There’s no indication that AMD ever advertised or marketed TSME as being available in consumer CPUs. AMD has long said that a related memory protection, Secure Memory Encryption (SME), is available only in the Pro and Epyc CPU tiers. SME is OS-managed. It uses a single key and allows the OS to selectively encrypt individual memory pages. TSME is firmware-managed. It encrypts all RAM with no OS involvement. When active, it provides protection against physical attacks, including cold boot exploits, DRAM interface snooping, and memory module removal. It activates silently when enabled in the BIOS, making it the more practically useful of the two protections.
AMD engineers’ comments, such as those mentioned above, and the years of TSME working just fine in the lower-cost tier processors, have understandably conditioned Kilpatrick and other users to reasonably regard it as an expected part of the chip package. AMD quietly removing it and providing no acknowledgment or explanation strikes these users as something of a betrayal.
“They could have not realized they did it leading to their cagey responses, or they could have done it intentionally and tried to get away with it, leading to the same cagey responses,” Joe Fitzgerald, an expert in silicon-level security, said in an interview, referring to AMD’s potential motivations for withdrawing TSME. “But I really feel like an explanation should be in order, even if it was ‘TSME was never supposed to be supported. We did ship some firmwares that erroneously enabled it, but you shouldn’t use them since we can’t guarantee it’ll work properly.’”
Leave a Reply