AMD has confirmed it will restore Transparent Secure Memory Encryption (TSME) on non-PRO Ryzen 9000 desktop processors following a firestorm of criticism over its recent removal. The chipmaker told Tom’s Hardware on June 19, 2026, that a July BIOS update will re‑enable the security feature for affected AM5 motherboards. For weeks, enthusiasts and security‑conscious users had been vocal about the missing option, which AMD quietly stripped from the AGESA firmware that underpins most Ryzen‑based boards.

The reversal comes as a relief to many who rely on TSME to protect sensitive data in memory against cold‑boot attacks, DMA probes, and other physical threats. But the episode has rekindled long‑simmering debates over firmware transparency, product segmentation, and whether consumers can trust BIOS updates that may secretly remove capabilities they once paid for.

What Is TSME and Why Should You Care?

Transparent Secure Memory Encryption is AMD’s implementation of full‑memory encryption that operates beneath the operating system. When enabled in the UEFI firmware, TSME encrypts all data stored in DRAM with a single ephemeral key generated at each boot. The encryption and decryption happen in real time via a dedicated AES engine embedded in the processor’s memory controller, making the process invisible to applications, the OS, and hypervisors.

This hardware‑enforced protection defeats a range of physical attack vectors. An attacker who removes a DIMM and reads it with a memory analyzer, or one who uses a PCIe‑based DMA attack to siphon live memory contents, will see only ciphertext. TSME is particularly valuable for journalists, activists, researchers, and anyone handling confidential data on a desktop that could be physically compromised. It also complements OS‑level encryption like BitLocker by shielding the very memory where decryption keys and plaintext might temporarily reside.

AMD first popularized memory encryption with EPYC server processors in 2017, later adapting it for Ryzen PRO mobile and desktop chips. By 2020, the feature had started appearing as a toggle in many consumer AM4 BIOSes, often under the name “TSME” or “Memory Guard.” Motherboard vendors enabled it by default on some boards, especially after AMD released AGESA versions that exposed the option broadly. For Ryzen 5000 and 7000 series, TSME became a quiet but welcome addition for power users who dug into advanced CPU settings.

The Disappearance: AGESA Update Strips TSME from Some Ryzen 9000 CPUs

The trouble began in early June 2026, when members of the hardware community noticed that TSME had vanished from their UEFI after updating to a recent AGESA build. The affected systems were non‑PRO Ryzen 9000 desktop processors—specifically the mid‑range and high‑end models like the Ryzen 5 9600X, Ryzen 7 9700X, Ryzen 9 9900X, and the flagship Ryzen 9 9950X. Users who had relied on the feature for months found that the setting was no longer present under “AMD CBS” or “CPU Common Options,” and some reported that it had been disabled silently, without any note in the BIOS release notes.

Initial theories ranged from an inadvertent bug to deliberate feature segmentation. AMD had always marketed TSME as a security feature for the PRO line, yet for years it had been available—albeit unofficially—on consumer silicon. The AGESA update, which motherboard partners had started rolling out in May, seemed to enforce that segmentation more strictly. Speculation gained traction when reviewers noted that Ryzen PRO 9000 samples still retained the TSME toggle.

The exact AGESA version is still unclear, as motherboard vendors typically rebrand it with their own numbering. However, early adopters pinned the change to ComboAM5PI 1.0.0.3 or later, which corresponds to AMD’s internal branch for the AM5 platform. For many, it was the first major firmware update since the Ryzen 9000 launch earlier in spring 2026, and the missing security option became a flashpoint on forums and social media.

Trust in Firmware Erodes as Users Revolt

The removal didn’t just annoy a handful of tinkerers. It struck at a core tenet of the enthusiast community: that a firmware update should fix bugs and add capabilities, not silently take them away. For users who had built their workflows around whole‑system encryption—combining TSME with OS‑level encryption for defense‑in‑depth—the change represented a tangible security downgrade.

“I updated my BIOS for better memory compatibility, and suddenly my memory encryption is gone. No warning. No rollback option,” wrote one user on a major hardware forum. Others pointed out that the ability to revert to an older BIOS was complicated by the fact that newer AGESA versions often bring critical stability fixes for DDR5 memory or new CPU microcode. Staying on old firmware wasn’t always feasible.

The backlash quickly extended beyond forum threads. News outlets, including WindowsNews.ai, picked up the story. Hardware reviewers began testing whether TSME had been removed in software or at the silicon level, and some demonstrated that older BIOS versions could still enable it on the same chips. That pointed to a deliberate firmware‑level lockout rather than a physical hardware change.

Security researchers weighed in, too. Physical memory encryption on consumer desktops is rare; Intel’s TME (Total Memory Encryption) is mostly limited to vPro and server platforms. AMD’s decision to claw back TSME sent a worrying signal about the direction of consumer‑grade hardware security. If features can be revoked post‑purchase, what else might be on the chopping block?

AMD’s Response: Public Statement and a July Fix

On June 19, AMD broke its silence. In a statement provided exclusively to Tom’s Hardware, the company said:

“We heard feedback from the community about the availability of Transparent Secure Memory Encryption on certain Ryzen 9000 non‑PRO desktop processors. We are working to restore the option in a forthcoming AGESA update, which will be distributed by motherboard partners as part of their July BIOS releases. We appreciate the patience of our users as we address this.”

The statement didn’t offer an explanation for why TSME was removed in the first place, nor did it address whether the feature would remain available on future AGESA builds for the lifespan of the AM5 platform. But it did commit to a specific timeline: July 2026. That means most users can expect new BIOS downloads from ASUS, Gigabyte, MSI, ASRock, and others over the next few weeks.

Behind the scenes, industry insiders suggest that the removal may have been an overcorrection. AMD’s product teams likely intended to align the consumer firmware with the official feature set of the non‑PRO SKU, which technically doesn’t include TSME. But the quiet, unannounced nature of the change—combined with years of precedent where the feature worked—turned what could have been a routine segmentation decision into a public relations problem.

Now AMD must walk a fine line: delivering the promised fix without breaking the contractual distinction between PRO and consumer processors. One possible compromise is that TSME will return as an unsupported but present option, similar to how Precision Boost Overdrive and manual overclocking exist on chips that aren’t officially warranted for such use.

A History of Feature Segmentation on AMD Ryzen

The TSME saga is not the first time AMD has drawn (and redrawn) the line between consumer and commercial Ryzen processors. The Ryzen PRO line, which typically launches a few months after the mainstream chips, includes additional security and manageability features: TSME, DASH remote management, and support for Microsoft Secured‑core PC. In the AM4 era, many of these features—including TSME—were physically present in the silicon but gated behind firmware.

During the Ryzen 3000 and 5000 generations, AMD waffled on whether to expose TSME on non‑PRO parts. Some AGESA versions enabled it by default, others hid it, and still others offered it as a toggle. The inconsistency frustrated users and motherboard makers alike. By the time Ryzen 7000 debuted with AM5, TSME seemed to have settled into a semi‑official presence: not advertised, not mentioned in spec sheets, but accessible in the BIOS of most mid‑range and premium boards.

Ryzen 9000 upended that status quo. The launch version of AGESA (ComboAM5PI 1.0.0.0) retained TSME, but the subsequent 1.0.0.3 update killed it. The flip‑flop eroded confidence in the long‑term predictability of the AM5 platform, especially as AMD has committed to supporting the socket through at least 2028. If users can’t trust that security features won’t be yanked mid‑cycle, they may think twice before investing in a motherboard that promises years of upgradability.

How to Re‑enable TSME When the July BIOS Lands

For Ryzen 9000 owners waiting to reclaim their memory encryption, the process will be straightforward once motherboard vendors release the new AGESA‑based BIOS files:

  1. Identify your motherboard model and visit the support page of its manufacturer (ASUS, Gigabyte, MSI, ASRock, etc.).
  2. Look for a BIOS dated July 2026 or later that mentions “Restore TSME support” or “AGESA update to ComboAM5PI 1.0.0.4” (the exact version name may vary).
  3. Download the BIOS file and follow the manufacturer’s instructions to flash it—typically via a USB drive and the UEFI’s built‑in flash tool.
  4. After flashing, enter the UEFI and navigate to the Advanced or AMD CBS section. Locate “Transparent Secure Memory Encryption” or “TSME” and set it to “Enabled.”
  5. Save changes and reboot. The system will train memory again, but once booted, TSME will be active.

Users should verify that TSME is functioning by using tools like memtest86+ (which can detect memory encryption) or by checking CPU ID bits under Linux (/proc/cpuinfo for the sme flag). Under Windows, there is no direct user‑level indicator, but the presence of the UEFI setting and a slightly increased boot time are good signs.

It’s worth noting that TSME comes with a small performance overhead—usually 1–3% in memory‑intensive workloads—because of the real‑time encryption. For most desktop users, this is imperceptible, but latency‑sensitive applications like competitive gaming might see a marginal impact. Enthusiasts will have to weigh the security benefit against that overhead.

Broader Implications: Firmware Trust and the Open‑Source Alternative

The TSME episode highlights a growing unease with proprietary firmware. When a BIOS update can silently remove a security feature, it undermines the argument that closed‑source firmware is more reliable than open alternatives. The open‑source firmware community—projects like coreboot and Libreboot—has long argued that transparency is essential for security, as it allows independent auditing and guarantees that features aren’t altered without notice.

AMD has made modest strides toward openness with its OpenSIL initiative, but AGESA remains a black‑box binary. Motherboard vendors customize it, add their own modules, and often release BIOS updates with vague change‑logs. The result is an ecosystem where a user might install a “stability improvement” update only to find that a valued feature has disappeared.

For Windows users, the TSME restoration is particularly important because Microsoft’s own security roadmap leans heavily on hardware‑based protections. Features like Hypervisor‑Protected Code Integrity (HVCI) and Windows Hello rely on a secure hardware foundation, and memory encryption adds another layer that can foil attacks attempting to steal credentials from RAM. In an era of increasingly sophisticated physical attacks—such as the use of liquid nitrogen to freeze DIMMs for cold‑boot attacks—TSME is a critical countermeasure.

What Comes Next

AMD’s quick reversal is a testament to the power of a united community, but it’s also a reminder that consumer‑grade hardware exists in a gray area where marketing claims and actual silicon capability often diverge. The July BIOS update will deliver short‑term relief, but the longer‑term question remains: will AMD formalize TSME support for non‑PRO Ryzen, or will users have to fight this battle again with the next AGESA release?

Motherboard manufacturers, for their part, are caught in the middle. Many have privately expressed frustration at having to explain feature removals they didn’t initiate. ASRock, for instance, already published a beta BIOS on June 22 that restores TSME for its X870E Taichi line, hinting that some partners are eager to distance themselves from the controversy.

For now, the Ryzen 9000 faithful can breathe easier. Come July, their memory encryption toggle will be back where it belongs. But they’ll likely approach that next BIOS update with a bit more caution—and a lot more suspicion. In the world of modern PC hardware, firmware trust has become a feature in itself.