
AMD PSB Vendor Locks EPYC CPUs for Enhanced Security at a Cost - virgulino
https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/
======
mleonhard
Manufacturers push the term "gray market" to imply that resold goods are
somehow bad and people who sell them are participating in something like an
illegal black market. Reselling equipment is a normal part of doing business.
There's nothing gray about it.

There is no separate market for new products that have been bought from
manufacturers and resold. It's just one market. We don't need to refer to
something that doesn't exist, so we don't need a special term for it.

The term "gray market" is linguistic manipulation to benefit manufacturers at
the expense of customers, society, and the environment. Let's stop using the
term.

For products that have been used, we have a "second-hand market".

~~~
speleding
In Europe there is indeed a market for new products that have been bought from
manufacturers and resold right away, that's what's called a grey market. This
happens because suppliers tend to use different pricing in countries with a
different purchasing power, in order to extract more consumer surplus.

It's not uncommon that if you buy the cheapest product in a webshop in
Northern Europe you will find it has a Polish user manual when it arrives.
It's not illegal to do that (although suppliers would probably like it to be).

The same happens with servers, just compare USD and EUR prices on the Dell
website.

~~~
hvidgaard
It should not be considered a grey market. But it should be considered illegal
to grossly vary prices inside the EU region. It's an extremely anti consumer
practice and all it does is, as you say, extract more money from the
consumers.

~~~
speleding
There actually are rules that say you cannot charge different prices depending
on the location of the buyer, but suppliers trivially manage to circumvent
that by making a tiny change and giving it a different SKU.

Although I understand the sentiment, I'm not sure I would like additional
legislation to try to prevent that. Even if you do manage to make that water
tight the end result will probably mean higher prices for the consumers in
countries with low purchasing power.

~~~
hvidgaard
At no point will the manufacture or distributers sell at a loss unless it's
for strategical reasons. Perhaps the prices will go up in the countries with
lower purchasing power, but it's bound to go down in the countries with higher
purchasing power. That may or may not be intentional, but it's clearly
possible to sell it at the low price, so they could just do that.

------
hlandau
So this basically seems like the AMD equivalent of Intel Boot Guard, except
that the keyfusing seems to be done on the CPU, not the PCH.

What I'm hearing here is that Dell, HP, etc. are designing their firmware to
keyfuse any unfused CPU it sees to their firmware automatically, silently, and
without any prompting whatsoever. And that AMD apparently has no problem with
this.

In no way, shape or form is this a reasonable design. A boot prompt before
basically quasi-destroying (for many purposes) a CPU would be the only
reasonable thing to do. "This operation is irreversible and will render the
CPU unusable in other machines", etc.

I'm wondering if Dell etc. could be sued for this.

>Outside of x86, IBM POWER10 is making a push for enhanced security, so the
will need to have a silicon root of trust to enable their security feature
set.

If this were true, this would make POWER10 dead-on-arrival in terms of being
something Raptor is willing to ship. Comments made by Raptor don't suggest
this and suggest they will be able to ship POWER10 eventually, so it doesn't
seem likely.

Keyfusing is an excessively brittle technology, can't support key rollover
(you're stuck with one key forever, or at best can change it only a couple of
times, depending on the size of OTP), and is basically unusable for owner
controlled (not vendor controlled) secure boot.

~~~
clinta
Having such a prompt doesn't really alleviate any of the concerns in this
article. I still have to worry about that when buying a second hand CPU,
except now I'm even less sure, because sure the CPU came out of a Dell, but
maybe the owner never fused it.

~~~
R0b0t1
If the CPU doesn't perform as advertised you can always return it. The only
hope here may be putting enough pressure on Dell and whoever else to make
their components worthless on the second hand market.

I've been involved in more than one purchasing decision where the ability to
resell the parts was factored into the sticker price.

~~~
Godel_unicode
> If the CPU doesn't perform as advertised you can always return it.

For second-hand CPUs? Not likely.

~~~
R0b0t1
Nope, very likely. In Kansas at least it is explicitly impossible to disclaim
an implied warranty or suitability for a particular purpose. Most other states
are actually de facto the same -- how can you sell something without it
addressing some need of the purchaser?

If it doesn't fulfill that need, even second hand, you can get your money
back.

~~~
Godel_unicode
Ali Express doesn't care about your local laws. Neither does Craigslist, nor
eBay. If you're buying a Dell from Dell, then sure, but that's never been the
problem anyway.

~~~
R0b0t1
If someone sells to you they must operate under your state's laws. You can
easily bring suit against them in small claims or real court, but you probably
won't even need to do that as you can just get a chargeback.

What you are suggesting is absurd. Craigslist, Ebay, Paypal, and the people
selling using those platforms are above the law?

~~~
Godel_unicode
I can see how you'd think that if you'd never tried to do any of these things,
but in reality there's what the law says and then there's what you can
actually get the law to do. Those are sometimes very, very different things.
This is one of those times.

It sounds like you might not be familiar with any of the platforms in
question. But no, you can't do either of those things to the kinds of people
who deliberately sell defective parts on ebay and Craigslist. Or at least, you
won't once you figure out what's actually involved.

I would say beside as opposed to above, but it sums to the same thing.

------
ohazi
The "this is for security" argument would make sense if they only locked CPUs
that were sold by the vendor together with the motherboard, or if they had an
action that an administrator could affirmatively take to lock the CPU.

But automatically, permanently "poisoning" any CPU that's inserted into the
socket after a single boot? That sounds like it's being done for economic
reasons.

They want to turn the used CPU market into a sketchball market for lemons so
that everyone is so scared that they only buy board+CPU combos directly from
the vendor rather than trying to save a few pennies here and there.

~~~
caf
I don't know, when you think about what makes easier (cheaper) for the vendor,
this way they just have to assemble the CPUs into the motherboards and ship
the systems like they always have.

I can't see that the market for enterprise system is heavily affected by grey
market CPUs. Their customers are by and large buying these systems built &
configured, and racking them up as they come.

It'd be nice if there was a jumper you could set on the motherboard to stop it
claiming a CPU though (maybe there even is?).

------
jlawer
Its not really vendor locking by design. It locks to a signing key. That key
COULD be shared between vendors or even a single vendor could have multiple
incompatible keys.

It provides a mechanism to prove the entire boot process hasn't been tampered
with, but I wish AMD provided a way to run these fused processors in a generic
way without the security chain, with it just reporting that there isn't a
secure root of trust. However I assume they are afraid of that allowing
malicious code to fool deeper parts of the system without the system
administrator knowing.

So good for security, but bad for e-waste and second hand sales.

~~~
Abishek_Muthian
>So good for security, but bad for e-waste and second hand sales

I concur, but it's true for even consumer devices like smartphones. Once the
software updates stop, if security is the key then the devices are e-waste.
Many times, I wish there was an International law which forces manufacturers
to unlock their device when they stop pushing software updates to their
device, so that alternate firmware can be installed. Of course this is just a
wishful thinking, even those who abandoned their smartphone segment
entirely(MS) didn't do this, So why would those who run profitable business
out of planned obsolescence do it?

~~~
xwdv
It almost seems that a law like that would be something out of a sci-fi or
cyberpunk universe.

~~~
ajuc
We live in a cyberpunk universe. The only think it got wrong was aesthetic.

~~~
swiley
Instead of grunge everything is covered in RGB LEDs. Literally almost everyone
my age has RGB LEDs everywhere. All over their rooms and not to mention
keyboards.

~~~
theandrewbailey
Bright neon-colored lighting is a big part of the cyberpunk aesthetic.

------
justinclift
If I put a cpu in a server (Dell, HP, whatever), and that CPU then doesn't
function in other equipment, than that cpu is _broken_. That's not an
exaggeration in any way.

So, the server maker then owes me a new cpu (of the same model obviously) that
does work.

It'll be interesting to see the legal fallout from this, as purposely breaking
customer owned gear is not going to end well.

~~~
alisonkisk
No one owes you anything if the CPU functions exactly as advertised.

If you don't want a platform-secured CPU, don't buy one.

~~~
erik_seaberg
Nobody advertises irreparable damage. This testing lab found out the hard way
and then had to follow up with the vendors to get an explanation.

~~~
dastx
This entirely depends on individual's perspective.

As Chris mentioned, this is exactly what Big Corp™ wants. They'll be the ones
buying it too, and would likely pay extra for such a feature. They're the
target market for these vendors.

Thus, sure, for those looking to buy second hand, this is indeed advertising
irreparable damage. But for Big Corp™, this is advertising security (in my
opinion quite rightly so), and ensuring their data isn't stolen.

~~~
dayjobpork
And what happens when old hardware is resold? How can anyone trust any future
excorp hardware?

~~~
dastx
Well you don't. But corportations don't really care about that as much as they
care about their data.

Admittedly it feels like AMD could have created something that allows the chip
to be reset providing you have the original signing keys.

~~~
erik_seaberg
They should at least disclose to all prospective buyers that a current chip
cannot be reset, and how to tell which firmware CA it's stuck on.

------
userbinator
I am beyond sick of this "security" justification being used for everything.
At the end of the day, the only thing really being secured are the greedy
vendor's profits.

~~~
supernova87a
Well, the market is free for someone to offer a processor that doesn't care
about "security" (whether it is or isn't the excuse you deem it to be), and we
could see if that offering is successful. Maybe there's a new role for
something like that. Cursing the situation won't do any good.

~~~
archi42
You mean that's going to surely happen, because the server CPU market has
traditionally been easy to enter due to low R&D costs, steady avaibility of
qualified engineers, cheap manufacturing equipment and customers eager to
adopt unknown brands? /s

~~~
supernova87a
Well then, maybe you have to live with some inconveniences and higher costs
than you would like, because of the natural market dynamics?

You pointed out all those factors to say that they're reasons why CPU OEMs
should be able to make all your dreams about price, quality, speed, open
hardware come true?

~~~
archi42
It was about the market being difficult to enter. If you disagree, prove me: I
hereby pledge to buy one CPU (needs to be a custom design) + mainboard
designed and manufactured by supernova87a, and am willing to pay 800 US$, due
3m after delivery, conditional: It runs my Linux &Windows software like a, and
performs at least equally or better than a, then-new system costing up to
400US$ (for cpu+mb, so today something like a Ryzen 1600). This agreement
expires on 1.1.2025 0:00 UTC. Your call, do you agree? - Edit, also for
balancing reasons: What do I get from you if you fail?

(Since I know you're not getting a x86 license that's an easy call for me - I
know for sure you're unable to tap into that market)

~~~
throwaway2048
how about 800 million dollars US, it will be the same result.

~~~
archi42
You're right, but: In the unlikely case a random person on the internet
succeeds (who knows what happens in the next 5 years, or who s/he is?), I am
out of 800US$. For something that I think is a good idea. In case of 800m US$,
well, I'm a little bit embarrassed to admit that I can't afford that right now
;-)

------
argb
These kind of DRM-like 'security' features starting being implemented first
with phones and consoles and then has spread throughout the entire industry
like a cancer.

Many of the features of the AMD PSP could be implemented as hardwired logic,
no need for a CPU for that. And thus no chance of malware being able to run
undiscovered.

It's like Orwellian doublespeak, in fact the Platform Security Processor might
well be making the entire system less secure. Because we cannot inspect the
content of the eFuse ROM how do we know if a state level adversary has placed
code in there to weaken the system security?

Note: On the nVidia Tegra platform the eFuse ROM can contain executable code
to patch the boot-up process, as Nintendo has done with the Switch console.
It's likely that AMD has such similar functionality.

So the PSP could be cracked, and then CPUs can be eFused with malware before
shipping the server, and nobody would know that there's an easily exploitable
vulnerability now present.

I guess one of the real purposes of the PSP is to protect AMD's security and
prevent the user from unlocking disabled cores, boosting clock frequencies,
retrieving HDCP keys, etc. on both CPUs and GPUs. So it's partly to prevent
the owner from doing what they want with the hardware.

~~~
argb
AMD should realize they are tarnishing their own brand reputation with the
inclusion of the PSP and the recent CPU lockdown.

Even though it's a server CPU that's affected by the lockdown, stories like
this are definitely not well received by the enthusiast and gamer communities
and draw attention to such anti-features like the PSP. Knowing that there's a
special processor inside the CPU specifically designed to prevent you from
unlocking cores, etc. would NOT be good PR for AMD at all. I am using a Ryzen
system right now and I regret buying it, I wish I went with Intel instead. At
least the management engine has been cracked, unlike AMD's AFAIK.

It's about time we looked into a legal response to this behavior, just as with
John Deere farm equipment, it will likely not stop unless fines are imposed or
some kind of consumer boycott occurs.

Regarding the CPU lockdown, even Intel wouldn't do such a thing. Surely isn't
it anti-competitive to lock the CPU to a specific system in this way? What
would the EU think about this regarding e-waste and recycling? And I believe
in Australia the ACCC would crack down very hard on such shenanigans?

~~~
argb
AMD, you removed the TrueAudio block from your older Radeon GPUs, couldn't you
cut the PSP and implement some of its functionality using logic instead of a
CPU? So the first thing to boot will be an x86 core, as it did in the old
days. A physical jumper can be used to disable the security functions and
remote attestation (to a server on the LAN) can be used to determine if CPUs
are running in secure mode or not? Thus satisfying the needs of corporate
users?

Removing the PSP will eliminate the negative PR it creates together with the
associated security risk of having a secret part of the CPU where malware can
hide.

On GPUs HDCP functionality can be implemented with ROM-based microcontrollers
as it did on older hardware?

~~~
argb
In many jurisdictions the product has to be 'fit for purpose', should the PSP
be cracked and a hacker able to use it to _assist_ malware wouldn't that make
AMD's product not fit for purpose???

------
bubblethink
How many exploits/breaches in the wild due to open s3 bucket, default admin
passwd to database, poorly written webshit code, plaintext password, etc. ?
And how many prevented by secure boot, boot guard, memory encryption, ME, PSP
etc. ? Other than obvious money reasons for Dell, people seem to be vastly
overestimating their threat models. And even for the secure chain of trust,
there are ways to do so where the owner has the key, not the vendor. See heads
for example.

~~~
sedatk
Or, those scenarios just don't make the news as frequent as script kiddie
stuff. We only learned about what NSA has been up to because Snowden happened.

~~~
young_unixer
If I want to protect against the NSA I'm worried about them using Intel ME,
AMD PSP and other black boxes to hack me. I don't worry that much about them
sneaking into my data center or house and physically changing my hardware.

The security you lose from having a black box in your CPU is much greater than
the security you win by virtue of being (theoretically) protected against
unsigned bootloaders and rogue hardware.

~~~
sedatk
I merely provided NSA as an example of how advanced attack vectors might go
unnoticed for decades.

------
dayjobpork
This is bullshit. Unless it clearly says at boot 'continuing will permanently
prevent your CPU from being used in a non Dell computer y/n?' they are asking
for a lawsuit for damaging hardware

~~~
dayjobpork
In fact Australian Consumer Law flat out holds them liable for costs due to
problems a seller could have reasonably foreseen

~~~
elmo2you
Do consumer laws apply to businesses in Australia? Because afaik, in the EU
regretfully a lot of laws that protect consumers against abuse from vendors,
do not apply to B2B/enterprise transactions.

On the other hand, there have been people who have warned about the dangers of
CPU vendors putting Management Engines in their products, which are outside of
the control of end users (by design). One of those concerns was the ability to
rig sales or even kill off second hand markets markets all together.
Apparently, this have already become a reality now.

I'm not surprised it's sold as security feature, just as terrorism and child
pornography have been magic words in other fields. But at the end of the day,
vendors stand to substantially increase their control on sales and with it
their profits, with features that may only be significant in edge cases. That
smells a lot like an antitrust issue to me. That all vendors are likely try to
move in this same direction, as an opportunity to make more profit, doesn't
make it any less devious. All the more reason for antitrust investigators to
start looking into this.

~~~
shakna
> Do consumer laws apply to businesses in Australia? Because afaik, in the EU
> regretfully a lot of laws that protect consumers against abuse from vendors,
> do not apply to B2B/enterprise transactions.

Yes. Consumer protections apply to everyone. Within Australia, those
protections are considered the "bare minimum" that must be implemented by
every business, across the board.

Certain industries have other protections they must implement atop of those.

~~~
elmo2you
If that's true, and I have to admit that's a big surprise for me, then I'm
glad to hear that. At least for Australia.

I'm not even sure if the following is uniform across the EU, but I have always
assumed (maybe even been told) that it is. Where I come from (The
Netherlands), (afaik) when you do business with another business then consumer
protection laws don't apply.

The rational appears to be that as a business you don't need the same kind of
protection as a consumer. It's considered the risk of doing business, and
companies suing each other in court (e.g. for fraud) is considered to be less
unbalanced than it would be for private individual (consumer) against a
company, in terms of (financial/legal) means.

In reality there probably are different (less savory) historical reasons
behind it too, maybe even the preservation of the "natural power distribution"
(euphemism for the already wealthy to stay that way) between smaller and
larger businesses. That's at least how I have heard it being justified
politically. Meanwhile, good luck suing a large company if you're a smaller
business yourself. Either way, as I already implied, I think that's more or
less by design.

Great if Australia is more egalitarian on that subject. If not for all of
nature tring to kill me at every second there, I'd seriously consider
immigrating over this xD

~~~
shakna
There is some nuance with the Australian laws, but for the most part, the
protections exist: [0]

When you buy goods or services for your business which are:

\+ under $40,000

\+ over $40,000 and normally bought for personal, domestic or household use or
consumption

\+ vehicles and trailers used mainly to transport goods on public roads

your business will be considered a consumer and entitled to certain remedies
under the consumer guarantees if something goes wrong.

\---

As an EPYC CPU doesn't cost more than $40,000 per unit (closer to $8,000 from
what I've found), it would fall under the guarantees.

Australian laws are still skewed in favour of the larger companies, but one
place where the law tends not to fall down is consumer protections.

[0] [https://www.accc.gov.au/business/business-rights-
protections...](https://www.accc.gov.au/business/business-rights-
protections/business-rights)

------
intricatedetail
It should be illegal to lock devices like that. Pure corporate greed. It is
sad that as soon as AMD restored its glory they gone for a cheap cash grab. It
should be easy to tell that device is running unsigned boot loader without
blocking it (e.g. a jumper on the motherboard). If attacker is able to switch
a jumper, then you have bigger problems than a boot loader. Community should
nip this in the bud and out AMD.

~~~
tifadg1
Did you even read the article? AMD is shipping everything unlocked, it's the
OEMs that can choose to active this feature.

Certainly it's a debate whether such feature should exist in the first place,
but presumably OEMs are the driving force behind this, so they see a need.

~~~
tgsovlerkhgsel
This is the work of AMD together with the OEMs.

AMD wins because it destroys the secondary market, driving up the prices they
can charge for new CPUs.

The OEMs win because once you've put your CPUs into Dell servers, you can't
just buy different servers and move your CPUs over (e.g. to reuse CPUs from
servers that broke in other ways or were decomissioned for other reasons), so
you have a higher hurdle when switching to a competitor. Payment from AMD
could also be involved, because I think AMD has more to win here.

You as a CPU buyer, or a buyer of services that cost more if CPUs cost more
(aka everything), lose, as does the environment.

------
Zenst
This may well be a case of the vendor does this, they get a better price as
removes all aspects of reselling the CPU's on and the whole grey market risk -
[https://en.wikipedia.org/wiki/Grey_market](https://en.wikipedia.org/wiki/Grey_market)

Large vendor, such details may mean a few dollars saving on the CPU's and that
will add up. For many it won't be an issue, more a gotcha for the second hand
market upon those thinking they can buy and part it out. So down the line,
this is going to make some second hand CPU's a real gotcha unless these chips
have identifiable visible marking.

------
devit
That seems absurd, why not just clear the secure area (or make it inaccessible
until cleared) if the processor detects a different firmware instead of not
booting?

Looks like they might be doing this intentionally to get some sort of
financial gain: perhaps the plan is that this would lead to less used AMD
chips being resold and thus more AMD chips bought from AMD itself and more
profit for AMD?

Even then, why would Dell play along? Is AMD contractually forcing them to
create a firmware that locks the chips? What about the massive liability of
customers demanding refunds or suing them because the Dell firmware
irreparably damaged their CPUs?

------
tgsovlerkhgsel
If this was about actual security, not destroying the secondary market, the
obvious solution for this would be providing a way to "factory reset" the CPU
using a pin that is normally physically disconnected.

An attacker that breaks into your datacenter to physically reset the CPU could
also swap it, so once you have physical access, the security argument doesn't
hold. OEMs/recyclers could simply plug each CPU into a testing/resetting jig
that has this connected, or mainboards could have a jumper for it.

Disgusting.

Edit: I wonder if this will enable a new category of ransomware. "Pay us (half
the current value of your CPUs) to get your firmware signed with the key that
we just locked all the CPUs in your fleet to".

------
the8472
Why does this require to blow fuses? Just store a secret into the CPU that can
only be unset if the same secret is provided again. It could be totally
reversible, as long as you know the secret, that way the lock could be removed
when decommissioning the system.

With a tiny bit more fancy crypto one could also generate per-system unlock
keys so that a vendor doesn't have to reveal his master lock or something like
that.

Unlocking bootloaders is a solved problem on android. Why introduce a worse
solution that creates vendor lock-in?

~~~
teddyh
> _Why introduce a worse solution that creates vendor lock-in?_

Obviously in order to create vendor lock-in.

------
nottorp
I don't understand what this secures, with the exception of Dell's profit.

If it locks the CPU to a certain manufacturer, all an attacker has to do is
get an identical new system and swap the CPUs.

Besides, what matters is the data on the storage. Is it encrypted with keys
stored on the CPU? If it's not, how does this help?

~~~
stingraycharles
I may be wrong, but as far as I understand the most likely scenario it
protects against is a tampered bootloader. Someone could inject malware in
there and then the whole chain of trust of secure computing breaks.

~~~
nottorp
Ok, that makes sense.

What does not make sense is that it's not optional.

------
_kbh_
I honestly don't see why the CPUs couldn't from the factory contain a public
key from AMD, and from there AMD issues certificates to firmware vendors to
sign their firmware with. This would allow the CPU to 'verify' the certificate
chain of the firmware that is being used without locking it to a specific
vendor. This decreases security a little because the leakage of a single
signing certificate means you can malicious firmware on any device but it
seems like its much more consumer friendly.

------
fiberoptick
Does this defend against any additional attack surface that wasn't already
defended by the UEFI Secure Boot standard?

~~~
wmf
Yes, UEFI Secure Boot defends against OS/bootloader malware while this defends
against flashing malware into the UEFI firmware itself.

~~~
arpa
Wait so if i flash malware into the firmware, i should also have a spare fresh
EPYC CPU i could install?

~~~
jacoblambda
Yes, I think that would be a valid way to bypass the protection.

With physical access you can bypass just about any protection given enough
money and time. In a data centre context, the damage you can do is rapidly
minimised by rapidly increasing the amount of capital and time required to
access more of the DC.

The more important change is that without this feature, malware could
theoretically install itself into the firmware without requiring physical
access. Now it should be just about impossible to break the chain of trust
without a person physically tampering with the machine.

Note: I should mention that I think this is such a massive double edged sword
(maybe double edged shield is a better term). This lets you build a threat
model that accounts for everything up to physical access. This however also
has such a massive opportunity to be an incredibly anti-consumer feature that
I fear to see how it will be used. I wish they would have required a physical
switch to enable/disable the feature. I do however understand how adding such
a feature could complicate its implementation quite a bit.

------
rasz
This sounds reasonable. I mean to bypass this lock our criminal would have to
... replace the CPU and continue attack like nothing happened. Totally
infeasible, inconceivable even! proving this was introduced for safety and not
Vendor_lock-in!!!1

------
non-entity
I get why its done, but all this locking down of modern systems is making me
rapidly lose interest in computing.

------
yk
I can think of two scenarios where this security feature is helpful.

First, somebody breaks into a server room, replaces the motherboard with a
compromised one, and notices mid replacement that they forgot a processor.
(Since the processor locks during first boot, it is of no use if the supply
chain is compromised before the first boot. On the other hand, I would imagine
somebody willing to break into a data center to replace a motherboard would
also be willing to do all kinds of other shenanigans, like bringing another
processor.)

The second scenario is, somebody thinks about buying a used instead of an new
processor.

~~~
mmis1000
Well, the security key of VM is stored in the CPU, so you can't replace CPU
unless you can enter the console, copy the data out and re-encrypt it with key
from another CPU.

While if you can do this, you don't need to replace mother board/CPU anyway
because you already pwned them and copy/modify the data whatever you want.

~~~
Dylan16807
> Well, the security key of VM is stored in the CPU

What security key? Do you mean the memory encryption key? We're talking about
a powered off machine, so that's irrelevant.

~~~
SaltySolomon
Memory and Virtual Machines

~~~
Dylan16807
Please explain better.

The article talks about virtual machines as a _subset_ of memory encryption.
It also specifically says "ephemeral keys". Not ones that would be preserved
across a shutdown.

What is encrypted on a powered-off server that the CPU knows the key to?

------
walrus01
I'm not as sketched out about this as if it were single socket workstation
ryzen/threadripper CPUs. In the market from $1000 to $6000 workstation
desktops where enthusiasts and people with specific requirements (or just 10,
15, 20 years of experience building x86-64 PCs themselves) would want to build
their own desktop from individual components ordered off Newegg.

I doubt more than a single digit percentage of 'serious' dual socket (64-128+
core) rackmount server customers are going to be buying their own barebones
motherboards and CPUs and assembling it themselves. They're going to buy it
from a Dell, HP or a Supermicro integrator or similar. If you're buying a
$12,000+ server with 128 cores and 512GB to 4TB+ of RAM and some fast NVME
storage it's highly unlikely you're putting it together yourself.

Any massive hosting/cloud scale operations that want to DIY their own EPYC
systems from pieces will be doing it through a Taiwanese integrator, such as
those that supply the ecosystem components for open compute platform server
motherboards. And as such they'll also not encounter any technical issues or
procurement issues with this. At the point where you have two $3000 CPUs on a
motherboard that costs $1200, the full firmware/motherboard/CPU integration
and qualification process is very different than putting a $399 ryzen into a
$300 board.

~~~
soneil
Not yet. We will in 5 years time when their resale value meets our budgets.

I work in a rather budget-constrained lab environment. “Beg, borrow, steal” is
the order of the day. Just today I was pricing out pre-loved Gen8 HPs. In 5
years time I could be exactly the hypothetical the article outlines.

This isn’t today’s problem - it’s a problem we’re creating today. We’ll hit it
when your examples start retiring them and my example are eager to recycle
them.

~~~
walrus01
Yes - and no, I know lots of people including myself who have things like
older dual socket Dell R710 as home test hypervisor servers. Also a very tiny
percentage of people will bother to ever upgrade the CPUs on them.

For home lab stuff... When people buy a $200 used Dell R610 off ebay with two
8-core CPUs they most likely expect to use it in the exact same CPU
configuration. Maybe add RAM. And probably use their own choice of SATA 6Gbps
SSD in the drive trays instead of whatever old, possibly unreliable used
spinning drives might come with it.

I have a 4U, quad socket Dell R910 with 32 total cores and 256GB of RAM that I
got for $350. I'm absolutely not going to go messing around with replacing the
CPUs on it with something I've purchased from ebay. When it's too old or slow,
or I'm tired of having a 500W electrical load in my garage, I'll replace it
with another thing that's come off a 3-4 year lease cycle.

~~~
snuxoll
I have never purchased a used server and aruck with the included CPU’s,
they’re either power hungry beasts or bottom-rung SKU’s. All of my 12th gen
PowerEdge servers at home run E5-2450L’s (they’re all -EN platforms), for
example. The one exception is the R210 II I use as a firewall/router.

~~~
walrus01
By percentage the number of 1U/2U servers sold with ultra power efficient CPUs
is fairly low. When people buy those new they will absolutely be going for
CPUs that are 85W to 130W TDP per socket, times two sockets.

As a person that's formerly worked for a server manufacturer for a number of
years I would say that the mid to upper performance range of the CPU market is
80%+ of the servers by volume. The other 10% is either the very low power
models, and the top 10% of the units sold by volume are the very most
expensive CPUs available at the time.

If you buy a used 1U Dell R610 with two six-core CPUs and 64GB of RAM, nobody
should be surprised that a 120VAC watt meter at the wall shows it idling at
150W power consumption, with cpu load at 0.00... [surprisedpikachu.gif]

~~~
snuxoll
I mean, they don’t have to be the ultra-efficient ones - but for my home lab
use I want < 100W idle usage and even my R520 can handle that with the 2450L’s
(Ivy Bridge-EN could do this without the L suffixed SKU’s, but HCC chips in
that family were more expensive when I was buying).

------
mikedilger
This would be better if there were a physical-only method to factory reset the
CPU, instead of blowing fuses.

------
Covzire
What problem is this trying to solve? Is there that much of a black market for
data center CPUs?

~~~
0zymandiass
BIOS (UEFI) level rootkits

~~~
im3w1l
I managed to get that much from the article but I still feel I'm missing a few
pieces here. Are UEFI rootkits an actual concern, like are they common in the
wild? Why should the responsibility of detecting them rest with the processor?
How is this related to the Secure Encrypted Virtualization?

~~~
judge2020
> Are UEFI rootkits an actual concern, like are they common in the wild?

If one segment needs to worry about UEFI rootkits, it's cloud vendors. Very
dedicated (nation-state sponsored) attackers could burn/use a zero-day
hypervisor escape to installs a UEFI rootkit that tampers with the processor's
integrated HSM (as said in the article, tampering with it has already happened
and the exploits have been patched by AMD). As I understand it, If a vendor
uses full memory encryption, the above exploit could lead to decrypting and
exfiltrating other customers' data.

~~~
boring_twenties
Cloud vendors should be using coreboot, not UEFI.

~~~
freeone3000
One of the cloud vendors _created_ UEFI.

~~~
boring_twenties
Then they know full well how bad it is!

*Jokes aside, I think Intel created UEFI (for Itanium?), not Microsoft?

~~~
freeone3000
The consortium has AMD, Intel, and Microsoft listed as contributors, so even
if they didn't initially create the thing, they had a hand in it. The
executable format used for UEFI is PE, which is telling.

------
kaspar030
I felt a great disturbance in the Force, as if millions of voices suddenly
cried out in terror and were suddenly silenced. I fear something terrible has
happened.

------
zwaps
Sorry to be blunt, but am I correct that this is a measure against tampering
with servers by Chinese intelligence during the customs process? In that case,
are the CPUs themselves signed or could they be replaced after modifying the
motherboard?

Because otherwise it's really hard why the website would claim that every end
user would be enthused about these lock-ins. Sort of weird statement.

~~~
caf
No, it's about stopping BIOS-level rootkits from being installed when someone
remotely compromises the machine.

~~~
rasz
No, its about shutting down secondary server hardware market.

------
virgulino
The article was updated with new info from HPE:

"HPE does not use the same security technique that Dell is using for a BIOS
hardware root of trust. HPE does not burn, fuse, or permanently store our
public key into AMD processors which ship with our products. HPE uses a unique
approach to authenticate our BIOS and BMC firmware: HPE fuses our hardware –
or silicon – root of trust into our own BMC silicon to ensure only
authenticated firmware is executed. Thus, while we implement a hardware root
of trust for our BIOS and BMC firmware, the processors that ship with our
servers are not locked to our platforms. (Source: HPE)"

------
jhallenworld
I thought this type of system would provide a way to revert to factory
defaults with a side effect of erasing all keys. So the processor would no
longer be secure, but would at least still boot. Maybe this clearing can be
done through the BIOS/UEFI on the original Dell system.

------
AstralStorm
One time programmable fuses are rather terrible. I'd rather have an old UV
resettable fuse that would also clear the key space. Or perhaps a set of
contacts to reset the fuse, like a jumper or lands that should be connected
with a pencil.

------
brokencode
Is there any way to “fix” the processor afterwards? Maybe send it to AMD to be
reset? If I’m buying a multi thousand dollar processor, I’d feel better if I
could reuse it in other systems if needed.

~~~
soneil
If they’re setting OTP on the die, all AMD could offer would be a warranty
replacement at best. There’s no etching new fuses into a packaged die.

~~~
p1mrx
They could blow the key to an "insecure" state, and then have a jumper on the
motherboard to allow insecure booting.

~~~
soneil
That’s about the only way I see out of this, yeah. No fuses blown is obviously
a specific state (works as expected everywhere). All-fuses blown needs to be a
specific state too (say the trustroot is dead and it’s now “just a cpu”).

You couldn’t just fail to that state (it’d be inappropriate for its primary
use-case), as long as there’s some way to get there.

------
oneplane
This is just waiting to be abused. No software or firmware (or even silicon!)
is 100% secure; if at any point someone figures out a way to flip a fuse
(maybe something like creating a short by overloading two adjacent fuses or
abusing reads via power supply gliching) and then make the CPU unusable for
everyone...

Hell, next step might be ransomware that fuses your CPU and unless you pay
them they will reboot them so you can't use them any more until you buy their
signing key.

------
virgulino
TL;DR: Put an Epyc cpu in a Dell once, and it will never work again in any
other vendor's motherboard? Is that right?

~~~
0zymandiass
It's not necessarily just Dell, they're just the first to use the feature.

It also won't necessarily work in other Dell motherboards, just ones using the
same key as the first.

It's strange Dell would blow the fuses by default, though.

~~~
felixfurtak
Could even enable some sort of region lock too? Selling CPUs at different
prices to different markets for example?

~~~
kllrnohj
Not really. AMD is only selling unlocked CPUs, and the "locking" is done the
first time it boots in a given motherboard. So crossing regions wouldn't be
any more of an issue in the future than it is now, you "just" need to ensure
your motherboard and CPU come bundled together. Or you need to ensure you get
an "unlocked" CPU, which is what retailers provide via AMD.

This will greatly complicate the future second-hand market, though. Buying
used Epyc CPUs off of ebay in 5 years will become _very_ sketchy for example.

~~~
toast0
You could have some crude region locking if SGI US signs with a different key
than SGI EU, and US servers will only run on 60hz power supplies and EU
servers only run on 50hz (some pinball machines use this to reduce
transatlantic resale) it's not hard to measure, but it would need an extra
power supply pin and a zero crossing circuit. DC systems would have a
different signing key. Japanese systems wouldn't be able to move across their
50/60Hz divide, etc.

Used SGI to not pick a real vendor.

~~~
kllrnohj
That only region locks the motherboard. The CPU would only be locked _after_
it has been used in the motherboard, not before, which necessarily means you
already have the CPU in question. So there wouldn't be any barrier to CPU
movement across regions.

As in for your example there isn't anything stopping you from buying a CPU
from anyone, including US retailers, and using it in an SGI EU motherboard.
The CPU itself isn't locked when new, this signing key locking isn't baked
into the CPU at the factory. It happens when you plop it into the socket &
fire it up for the first time.

~~~
toast0
> As in for your example there isn't anything stopping you from buying a CPU
> from anyone.

I can't buy a used cpu from an SGI US customer and put it in an SGI EU
motherboard. I can buy a new CPU from anyone though, but then I can only sell
it in-region.

~~~
kllrnohj
> I can't buy a used cpu from an SGI US customer and put it in an SGI EU
> motherboard.

Correct, but that's less a region thing and more this just poisons _all_ used
CPUs.

As in you don't even know if an SGI US CPU will work in a different SGI US
motherboard. There's no particular reason to assume all SGI US motherboard
models will have the same signing key. Within the same model that'd almost
certainly be the case, but if it's a different model, especially different
chipset, I don't know why they would necessarily strive to keep the key the
same across different firmware branches.

> I can buy a new CPU from anyone though, but then I can only sell it in-
> region.

Er, why? Nothing about this stops you from re-selling CPUs however you want.
Or are you still talking about the used market here?

~~~
toast0
I'm not reselling a cpu without plugging it in and testing it. If it's DOA
when my customer got it, and I didn't test it, I need to take it back etc. Of
course, if it gets locked when I test it, now it's more likely to be DOA for
my customer.

------
gigatexal
Some enterprising enthusiasts will find a way around this i hope

~~~
userbinator
Hopefully the keys get leaked someday, as often eventually happens with such
DRM-ish schemes.

------
bubblethink
Amidst all the hype for firmware security, one point missing in these
discussions is how many points of failure these guys have added. 1) Intel/AMD
for ME/PSP 2) Dell for bios signing keys 3) MS for secureboot keys 4) American
Megatrends, Phoenix, etc., companies that people don't even know exist, who
actually write the bios code. If the threat model is nation state attacks,
there is plenty of surface area here in the circus.

------
parliament32
I'm looking forward to the malware/ransomware that permanently locks CPUs to
an attacker-signed BIOS.

------
tyingq
This will be an interesting mess on eBay.

------
dboreham
"Vendor-Locks" perhaps?

------
ksec
If you dont provide this, Enterprise Vendor wont be buying AMD CPU, and AMD
lose. ( They desperately need those EPYC Sales )

If they do, lots of people, whether they will buy it or not, will complain and
make a big fuss about it. If they are going with Vendor lock they might as
well go back to Intel.

Looks like AMD just cant Win.

------
the_pwner224
The title as submitted to HN is super clickbaity. Overall this doesn't seem
'bad', aside from some questionable defaults that other commenters said about
it being enabled by default.

~~~
judge2020
It really should copy the article:

> AMD PSB Vendor Locks EPYC CPUs for Enhanced Security at a Cost

~~~
fiberoptick
Should be corrected to "Vendor-Locks", as well.

------
wu_187
Honestly I see this as a net positive. It increases the security of the
server, which is good for everyone. The secondary market will adjust
accordingly, probably by selling the processor/motherboard/barebones server
together. The only issue I can see is that there is no way to distinguish a
locked processor from an unlocked one.

~~~
probably_wrong
> _It increases the security of the server, which is good for everyone_

That is exactly the point: it isn't good for everyone. In particular, it is
suspicious that a move in the name of security _just so happens_ to negatively
affect the secondary market. A market that by definition doesn't net AMD any
money.

If AMD had released this exact same feature and said "we are doing this
because the second-hand market is bad for our sales", regulators would
immediately jump at them for anti-competitive behavior. And the fact that
there is no option to disable this check at all makes it even more suspicious.

It is possible that the benefits outweigh the downsides. But I wouldn't give
them a pass that easily.

