AMD AGESA 1.2.7.0 Removes TSME from Ryzen 9000 Consumer SKUs

AMD restricted TSME to PRO SKUs in AGESA 1.2.7.0. Consumer parts including Ryzen 7 9700X and 9850X3D report “encrypted RAM: not supported” under current firmware on MSI and Gigabyte boards. Earlier AGESA builds enabled the feature on identical hardware. AMD confirmed the restriction in a single statement to Ars Technica but supplied no changelog entry or silicon erratum.

Host Security ID logs and motherboard vendor test matrices establish the change occurred at the firmware level rather than in microcode. Linux users detect the regression through fwupd and kernel SME capability checks; Windows users receive no equivalent signal. The same AGESA update left PRO parts unaffected, confirming selective gating. Comparable precedent exists in Intel’s phased removal of SGX from consumer client CPUs between 2021 and 2023.

The move forms part of an industry pattern in which memory encryption migrates from default consumer silicon to premium SKUs. No public benchmark or threat model justifies the split; cold-boot and DMA exposure vectors remain identical across market segments. Downstream, OEMs lose a zero-cost privacy control and must document the downgrade to enterprise customers who purchase mixed fleets.

Future AGESA releases through at least 1.2.9.x are expected to maintain the PRO-only boundary. No rollback mechanism or consumer opt-in has been indicated in AMD’s public engineering repository.