AMD's Silent Security Rollback and Volkswagen's War on Privacy Software
How this was made Verified AI
Every Intellegix briefing is generated from that day's broadcast and run through automated checks before it publishes — with a human paged on any flag. Here is the trail for this edition.
Two stories in Thursday's feed share an underlying structure: a corporation exercising unilateral control over security properties that users believed they owned. The first involves AMD and a firmware update; the second involves Volkswagen and a mobile operating system.
Reported by Tom's Hardware and drawing 150 points and 72 comments, the AMD story concerns the silent removal of Transparent Secure Memory Encryption — TSME — from consumer Ryzen CPUs through an AGESA firmware update distributed via motherboard vendors. There was no changelog entry, no security advisory, and no communication to users. Engineers discovered the change by testing memory protection features and finding them absent. TSME is AMD's hardware-level memory encryption protecting against cold boot attacks, DMA attacks, and certain firmware exploits. On professional and enterprise AMD processors, the feature remains active. Commenters with security backgrounds describe the removal as a product segmentation decision — distinguishing the EPYC server line from the consumer Ryzen line — but characterize the method of delivery, a quiet update that actively removes a previously available security feature with no opt-out, as a meaningful failure of user trust. The usual advice to avoid firmware updates creates its own risk, because AGESA packages frequently contain critical bug fixes.
The Volkswagen story is the second-highest engagement item of the day by comment count: 709 points and 420 comments. Volkswagen has begun blocking users of GrapheneOS — a hardened, privacy-focused Android operating system — from accessing the Volkswagen app, which handles remote vehicle monitoring, EV charging management, and navigation updates. The HN community's immediate question is what legitimate reason a car company could have for blocking a hardened operating system rather than a compromised one from features unrelated to vehicle safety.
The GrapheneOS developers' response, linked in the thread, is described as characteristically direct. They note that VW's blocking mechanism is bypassed when GrapheneOS is configured with sandboxed Google Play — a finding that, observers argue, definitively establishes the block is not security-motivated. If GrapheneOS with sandboxed Google Play passes VW's checks while GrapheneOS without it fails, the targeting is the privacy configuration, not any security property. The thread's darker interpretation is that VW's app collects and monetizes user data, and GrapheneOS's privacy protections interfere with that data collection — making this a business-model concern dressed as a security one. A legal dimension is noted: right-to-repair and software interoperability regulation is growing in several jurisdictions, and a car company blocking a privacy OS from non-safety-critical vehicle features represents a relatively clean test case for those principles.