Episode notes
AMD silently removed a memory-encryption feature from its consumer Ryzen chips in a firmware update earlier this year. Users noticed. Users complained. Over the weekend, AMD said it would put the feature back in a July BIOS release. Dan Goodin covered the reversal at Ars Technica. The feature is called TSME — Transparent Secure Memory Encryption — and it has been shipping in consumer chips for about a decade. AMD did not explain why the feature was removed. AMD did not respond to questions about the reversal either.
The removal was undetectable on Windows and required significant technical work to detect on Linux. The mechanism was a firmware update — AGESA 1.2.7.0 — distributed through the AMD-to-OEMs-to-end-users chain, with no mandatory public changelog requirement for security-relevant changes. The same silicon was capable of TSME befor ...