SmackerNews

AMD silently removes memory encryption from consumer Ryzen CPUs

448 points · 209 comments · 2 days ago · lompad

tomshardware.com

thg2 days ago
This was never marketed as a feature of the consumer CPUs and if some malignant actor does get physical access to my (consumer) hardware, then them being able to read out bytes through cryo-freezing the RAM really isn't high up on the list of things I'm going to worry about.
ciupicri1 day ago
From yesterday: "Users cry foul after AMD stripped memory crypto from its consumer CPUs", https://arstechnica.com/security/2026/06/users-cry-foul-afte... ( https://smackernews.com/item/48559827 HN )
hgoel1 day ago
It's pretty crazy that we have this entire segment of features that companies artificially restrict from the average person and overinflate the price of, for no real reason. GPU virtualization is another example of such a feature.
The market segmentation arguments don't really work either, enterprises are paying the big bucks for more than just these standalone features.
Integer2 days ago
I had this enabled as it protects against RAMbleed/ECC errors, so it's not limited to physical attacks.
nickjj1 day ago
I don't know how this works but does this mean if someone gained physical access to your locked running computer, they could gain access to your full encrypted drive and anything saved on disk?
My reasoning there is if you used an encrypted drive, the decryption key you type when booting up would be stored in memory for the duration of that boot.
This seems alarming because it means if someone broke into your living quarters they can bypass all forms of disk encryption if your machine was on and locked. Encrypting your disks seems like a reasonable thing to want to do with consumer grade hardware.
ZiiS2 days ago
If it can be silently removed was it a security feature?
Whilst I hate companies paying engineers to make things worse just to segment their market; I am not really seeing this as an important feature outside the data-center? If an evil-maid has hardware access they hack the USB and/or PCI not the RAM surely?
ChocolateGod1 day ago
If my memory serves me correctly, this feature was never marketed by AMD for these CPUs and was unstable.
The only mistake AMD potentially made here is not being transparent why it was disabled.
nickdothutton1 day ago
This sort of shenanigan is why it’s important to have a competitive market for CPUs.
pshirshov1 day ago
To be honest it never worked great - many issues (mostly freezes) with VFIO, NVidia drivers, amdgpu...
Elfener2 days ago
I would be fine with this if it meant CPUs became slightly cheaper, but we know that's not going to happen.
And there's been talk that now the so-called "AI companies" will start using more CPUs as well, due to "personal agentic agents", so I hope that people won't be priced out of CPUs too...
rekttrader2 days ago
Hint: NSA said no.
omgwtfbyobbq1 day ago
This, like the fluctuations in ram prices, feels familiar.
I wouldn't be surprised if lower hardware prices and weaker demand for everything are more likely to lead to more feature rich products to encourage sales, and higher hardware prices hurting sales volume leads to a natural/expected contraction in feature availability to compensate for lower sales.
Artoooooor1 day ago
How can they not anything to say about it? I demand answers both why they sneakily added it and then why they sneakily removed it. Especially if it was a burgerland government intervention.
gck11 day ago
It is absolutely astonishing that the only hardware brand that cares about security features in consumer space is Apple. How did we even get here?
rusk2 days ago
I wonder what the additional power draw of these features would be. Parenthetically, I wonder often about the energy impact of all these HTTPS localhost links, and is there a point where defense-in-depth has to give way to other concerns?
But yeah 95% of the consumer market don't care about this and it's only adding unnecessary costs
teravor1 day ago
there is a MemoryOverwriteRequestControl efivar which I believe is set on by default in linux (need TPM enabled in bios) which will wipe memory on reboot.
should also set the MemoryOverwriteRequestControlLock (MorLock v1/v2) if you don't want it ever changed (on 'clean' reboot MOR is usually unset to facilitate a faster boot).
there is still the problem of actually triggering the reboot.
dd_xplore1 day ago
No vendor should be able to do this remotely at all. Irrespective of security vulnerabilities present or not.
LoveMortuus1 day ago
Do companies ever announce when they remove features and degrade products?
sva_1 day ago
So it seems that the Ryzen PRO in my HP EliteBook is not affected.
SirFatty1 day ago
"silently"
Everything is done silently and quietly nowadays.
waterTanuki1 day ago
After some more back-and-forth, Kilpatrick asked bluntly whether the flag being set to FALSE on consumer chips was a silicon-level limitation or a firmware policy decision — since one is permanent and the other is potentially reversible. Limonciello’s reply effectively closed the chapter. “My apologies, but I don’t have any more information to share on this topic,” he wrote.
Too many people downplaying this as a simple business decision from AMDs side but the response here is what really makes this a story.
Where there's smoke, there's fire.
k__2 days ago
I'm curious about Denuvo's opinion on that.
nxy1 day ago
To the general consumer, it doesn’t matter if they remove it or not. Am I wrong? When was the last time ya’ll used this super duper feature?
bflesch2 days ago
It's a shame there is no software-based memory encryption included in the linux kernel. Especially cloud providers can easily snoop all your keys and you have zero recourse.
lompadOP2 days ago
Any idea what's happening? This sounds _bad_.
RandyOrion1 day ago
The github issue that never made it in this news: https://github.com/AMDESE/AMDSEV/issues/292
Silent enshittification in the name of updates is getting out of hand. There are several evidences that downgrading BIOS/AGESA to below 1.2.7.0 to 1.2.0.3 brought back TSME for their AMD cpus.
I downgrade my bios as a price for my blind trust on AMD, and yes TSME is back.
You lost my trust AMD. The lesson learned is that if your PC with AMD cpu is stable, don't do any bios upgrade, as AGESA in the bios is adversarial to you, the users of AMD cpu.
hydrogenbon0071 day ago
crazy amd was the leader for secure memory encryption for consumer while no competitor provided it
helterskelter1 day ago
Ridiculous because AMD built their reputation off of avoiding BS market segmentation like this. It's ironic that the equivalent Intel model has this feature.
This has implications beyond simply securing against physical access attacks, but also protects against rowhammer and its ilk.
Between this and their recent botched software update verification I'm getting a little wary of AMD.
nish__1 day ago
If you're this serious about security, you should be manufacturing your own hardware.
crest1 day ago
AMD is busy learning all the wrong lessons from Intel.
hugmynutus1 day ago
Everyone jumping up about "enshitification". I tried to enable this feature on QEMU and it broke my VMs because the secure memory system was board-line hopelessly broken/non-functional.
Did anyone even use this feature?
Yes it is dishonest to remove features but from perspective AMD disabled a feature that never worked in the first place. The feature never should've been advertised as enabled.
pjmlp2 days ago
Another example on how AMD is hardly the good guys.
shiiiit2 days ago
This will be re-added in a few years. The current flip-flop is just enshittification.
alberth1 day ago
Makes sense. The ECC in consumer line is what created an entire market for use in inexpensive web hosting.
Then AMD created their EPYC variants, and it wasn’t clear what the difference was between the consumer & Epyc models.
miga2 days ago
It is sad that once again we will be exposed to more criminals trying to steal our data. Memory encryption not only allows to secure memory from physical "cold RAM", but also prevents loss of encryption keys as it hides the content during transfer.
garganzol2 days ago
For what it's worth, RAM encryption belongs to professional SKUs. It's the right business decision that should have been made from from the very beginning.
For most consumer users, RAM encryption primarily adds power consumption and heat generation while providing little practical benefit. They simply don't face many of the threat vectors and attack scenarios that certain industries and enterprise environments must contend with.

news.ycombinator.com/item?id=48582320