Vendor lock-in on AMD CPUs in Lenovo disrupts second-hand market

AMD has developed the Platform Secure Boot (PSB) feature as a layer of hardware protection against the increasing number of attacks on computer boot processes. It has been reported that using this feature even once has the disadvantage of vendor lock-in of the CPU, which is causing confusion in the second-hand market.

Lenovo Vendor Locking Ryzen-based Systems with AMD PSB

Anchoring Trust: A Hardware Secure Boot Story

AMD PSB vendor locking enabled by Default on Ryzen Pro desktops, seriously damaging the second hand market.: Amd

Computers that require a high level of security have traditionally used a feature called 'UEFI Secure Boot ' to prevent attacks that steal sensitive information by booting a tampered OS or an OS for hacking. .. This feature sets a trust anchor in the UEFI firmware that runs first when the system is powered on, and the subsequent process verifies that it is properly digitally signed to the boot process. It prevents attacks, but has the drawback of not being able to respond to attacks on UEFI itself.

Therefore, AMD has developed a function called Platform Secure Boot (PSB) to protect the boot process from the hardware point of view. With this function, by setting the AMD CPU in advance, it is possible to verify 'whether it is a genuine UEFI of the hardware manufacturer' before executing UEFI, and it will be possible to prevent unauthorized loading of UEFI. .. At this time, the 'setting to CPU' uses an ' OTP fuse ' type memory that can be written only once, so the CPU that has been 'set' once cannot be used with products from other manufacturers.

It has been reported that from around 2020, PSBs have been used in products for servers , and CPUs that look like ordinary CPUs but can only be used with systems of specific manufacturers have become available. And at the end of 2021, it was reported that PSB was enabled by default in the combination of Lenovo's consumer products and AMD Ryzen Pro.

Not only can AMD Ryzen Pro that came with Lenovo products not be portable to systems from other manufacturers, but if you hit 'Y' repeatedly without reading carefully in the setup when changing to a new CPU, the CPU will become Lenovo products. It is said that the vendor will be locked in. By pressing 'N' on the screen below, you can set up the CPU without putting it in the vendor lock-in state.

Be careful when buying a second-hand AMD Ryzen product, as it's hard to tell by appearance whether the CPU is vendor-locked in.

in Hardware, Posted by log1d_ts