There is no separate market for new products that have been bought from manufacturers and resold. It's just one market. We don't need to refer to something that doesn't exist, so we don't need a special term for it.
The term "gray market" is linguistic manipulation to benefit manufacturers at the expense of customers, society, and the environment. Let's stop using the term.
For products that have been used, we have a "second-hand market".
It's not uncommon that if you buy the cheapest product in a webshop in Northern Europe you will find it has a Polish user manual when it arrives. It's not illegal to do that (although suppliers would probably like it to be).
The same happens with servers, just compare USD and EUR prices on the Dell website.
Although I understand the sentiment, I'm not sure I would like additional legislation to try to prevent that. Even if you do manage to make that water tight the end result will probably mean higher prices for the consumers in countries with low purchasing power.
These businesses are called suppliers there is nothing grey / illegal / dodgy about the business model of suppliers.
And what should be illegal is pricing things with such huge differences between regions in same market, or have the same brand's product have grossly different quality/composition between regions.
because it is exploitative?
You use your brand, widely known, to sell inferior product for cheap. I would call it an 'official' counterfeit. Worst case - some of those inferior products were sold at higher markup!
Merrian-Webster: a market employing irregular but not illegal methods especially : a market that legally circumvents authorized channels of distribution to sell goods at prices lower than those intended by the manufacturer https://www.merriam-webster.com/dictionary/gray%20market
Investopedia: A grey market is a market in which goods have been manufactured by or with the consent of the brand owner but are sold outside of the brand owner's approved distribution channels—an activity that can be perfectly legal. In the securities markets, a grey market is a market wherein a company's shares are traded before they are issued in an initial public offering (IPO). https://www.investopedia.com/terms/g/greymarket.asp
Wikipedia: A grey or gray market (sometimes confused with the similar term "parallel market") refers to the trade of a commodity through distribution channels that are not authorized by the original manufacturer or trade mark proprietor. Grey market products (grey goods) are products traded outside the authorized manufacturer's channel. https://en.wikipedia.org/wiki/Grey_market
Conclusion: Grey market seems to be the correct term.
After you've been sold a product, the manufacturer has no authority on how you use it or where you resell it. Since the manufacturer doesn't have this authority they you can't be legally circumenvting authorized channels when reselling it.
There is nothing "gray" about second hand.
But if I buy a similar lens from the camera shop down the street, and it was originally sold in the US and the warranty is still valid in the US etc, it's a USED lens or a second-hand lens, but there's nothing gray-market about it.
I think you're spot-on here; sources quoted in the article are misusing the term gray-market to simply refer to second-hand parts, which are something completely different. They want to make pre-owned parts sound just as shady, but the're not -- the first-sale doctrine would like a word.
How do you know this? More to the point, how does an amateur buying their first lens ever know this?
My friends and I used to buy surprisingly good deal products on Craigslist and see how long it took to determine if they were fakes or broken. It was always one or the other.
I'm sure I could take a lens to them and have it checked out for a few bucks, or have them broker a sale between me and another private party. Knowing what I'm getting has its own value, and I'm not opposed to paying someone for their time and expertise.
tl;dr: I don't, personally, know that. I trust someone else to know that.
Unfortunately, this idea is not as settled as you make it sound (around the world). Even in the US, it still pops up - in 2019 SCOTUS heard a case on cheap imported college text books.
Additionally, manufacturers have latitude on who they sell to, and to sign contracts with those intermediaries.
To show how absurd this subjective projected pejorativity is, lets use it to 'second hand':
>The question is not "Does the term second hand market have a meaning?" the question posed was "Is the use of the term perpetuating an unhealthy view of commerce to advantage manufacturers?".
>There is nothing "second" about selling used products.
"gray" sounds like it's questionably legal and halfway to "black market". The negativity is definitely part of the term, not imagined.
Has something been done to it to void the warranty?
Is this a cheaply done "refurbished" version which will die in 3 months?
Is it stolen?
Seems pretty gray to me.
Take grey market cameras. They're are often bought as kits from Asian markets, broken up into lenses and camera bodies and sold on "as new" in western markets but with no support direct from eg Nikon if it goes wrong. Warranty support is from the reseller only. They may ship your unit back to China for support, or repair/replace it at their cost.
So no, these are important differences for customers to recognise. Let's keep using it.
Thats just the thing they don't there is nothing unconventional about suppliers acting as middlemen and setting their own price. To pretend this is a problem is unconventional and anti consumer.
I wouldn't import a Ford truck from the US and expect a local Ford garage to meet its warranty obligations here in the UK.
There are extraordinary things to consider for the consumer.
A label like "grey market" helps. It's not a slight. It's just quicker and easier than saying "this was imported from a distribution channel in another country and will only be serviced in that country".
From my experience reading manufacturers' warnings about this, they never use the phrase "gray market" because a lot of consumers don't understand what that terminology means. It's more that the dealers/retailers and some savvy consumers use the phrase "grey market".
There is a category of _new_ (not used) products that have the following attributes:
- sold by unauthorized dealer : i.e. no contractual relationship with the original manufacturer to buy from them and then resell the item
- sold without a manufacturer's warranty : any warranty must be honored by the unauthorized reseller or some other 3rd party or comes with no warranty at all
So instead of the cumbersome long-winded hyphenated term of "unauthorized-retailer-and-no-manufacturer-warranty market", the industry just shortens it to "gray market". It's a useful label of what the product is. You're right, it's not unlawful or unethical to sell unauthorized/unwarranted merchandise as long you inform the customers.
E.g. Most of the luxury watches sold on amazon.com (Cartier, Rolex, etc) are "gray market" because they don't come with manufacturer's warranty. If you buy a Cartier watch from Amazon to save money and it's broken and needs repair, you can't take it into a Cartier retailer at the mall to have them fix it. There's nothing wrong with it as long as customers understand the tradeoffs of lower price vs service convenience. Even though the watches are genuine instead of counterfeit, they don't come with manufacturer's documentation to get factory-authorized service.
 one example of a manufacturer warning about "gray market" without ever using that terminology: https://usa.yamaha.com/support/unauthorized_sellers/index.ht...
The term "unauthorized dealer" is another word to stop using. In a free market, everyone is authorized to buy & sell every safe product at all times.
This is incorrect, and you're unintentionally spreading misinformation. California law specifically uses the term "grey market" and manufacturers do not have to honor warranties of products purchases through unauthorized channels as long as it is disclosed to the consumer. See the actual text of the law:
>The term "unauthorized dealer" is another word to stop using.
I think you're too focused on words instead of the underlying behavior. Even if we outlawed the phrase "unauthorized", you still have the reality of manufacturers refusing to enter wholesaler contracts with any dealer. You'd still need an alternative word to describe a dealer that sells products without a contract to purchase directly from the manufacturer. Whether we use a cumbersome multi-hyphenated phrase or come up with alternative jargon to avoid the word "unauthorized" ... the reality still remains that manufacturers will not enter into buy/sell contracts with every dealer.
Some savvy and sophisticated consumers will want to know if dealer X doesn't have a direct relationship with the manufacturer as part of the purchasing decision. You don't like the word "unauthorized". Ok, that's fine. But what alternative label do you propose for that non-existent relationship?
So the claim that "manufacturers must honor warranties regardless of who you bought the product from" is still true. If it ever had a US warranty, that warranty will not be invalidated by any selling or reselling.
The law is not about what wasn't originally sold in the USA. Instead, it's specifically defines "grey market" imports and the whole purpose of the following text is for resellers to disclose the product's grey market status to inform the buyer. The California law does allow for resellers to "hide" the grey market status only if the reseller (not the manufacturer) has a "reseller warranty" equal to or better than the manufacturer's warranty.
>So the claim that "manufacturers must honor warranties regardless of who you bought the product from" is still true.
No it isn't. Please read section 1797.81 again carefully.
Read the actual text excerpt:
"1797.81 (a)(1) The item is not covered by a manufacturer’s express written warranty valid in the United States "
I.e. You can't buy Nikon/Canon grey market cameras or Cartier grey market watches in California and force the manufacturers to honor the warranty. California law does not force this.
>If it ever had a US warranty, that warranty will not be invalidated by any selling or reselling.
You're inadvertently trying to say something else here but it's missing a word. I will correct your statement to be: "If it ever had a [VALID] US warranty, that warranty will not be invalidated by any selling or reselling."
The "grey market" products such as cameras/pianos/watches through side channels never had a valid US warranty in the first place.
>But the "grey market" that we're talking about with AMD processors [...] You're using a much narrower definition that doesn't fit this entire conversation.
I thought mleonhard was making a general statement about "grey market" outside of these specific AMD chips.
That's what I'm trying to say. This law only applies when there are distributors or other parties that were sold the product outside the US and import it into the US.
> Read the actual text excerpt: "1797.81 (a)(1) The item is not covered by a manufacturer’s express written warranty valid in the United States "
That text excerpt says that if a product meets that criteria, it must have a label stating so. It doesn't say when that happens. "Every retail seller who offers grey market goods for sale shall post a conspicuous sign at the product’s point of display and affix to the product or its package a conspicuous ticket, label, or tag disclosing any or all of the following, whichever is applicable"
> You're inadvertently trying to say something else here but it's missing a word. I will correct your statement to be: "If it ever had a [VALID] US warranty, that warranty will not be invalidated by any selling or reselling."
Okay, I guess? I would say that an "invalid warranty" is not in fact a warranty, so the use of the word "valid" is redundant. But pretend I said "valid" if you want.
> The "grey market" products such as cameras/pianos/watches through side channels never had a valid US warranty in the first place.
But the "grey market" that we're talking about with AMD processors is largely composed of products that were sold in the US, with a valid US warranty, that are now being sold off later. You're using a much narrower definition that doesn't fit this entire conversation.
I'm not a lawyer. I read through the rest of the California consumer warranty laws and some of the Uniform Commercial Code which California also uses. A warranty goes with a product. It does not matter which company sold the product. A manufacturer cannot refuse to honor a warranty just because it doesn't like the reseller who issued the receipt.
The California law you linked applies to products that were originally sold outside USA. International trade is complicated. That law tries to protect buyers from confusing different products that have the same name. It has an important caveat at the top:
"(1) The item is not covered by a manufacturer’s express written warranty valid in the United States (however, any implied warranty provided by law still exists)."
Implied warranties are made by law. Express warranties are made by manufacturers & resellers and provided in writing to buyers. Even if a foreign-purchased product is sold in the USA with no US express warranty, it still has implied warranties.
New goods have implied warranty periods of at least 60 days. Products without express warranties have implied warranties of 1 year. https://leginfo.legislature.ca.gov/faces/codes_displaySectio...
Used goods have implied warranty periods of at least 30 days:
And the other protections apply. For example, manufacturers/resellers must provide technical documentation for repairing electronic products (>$99) for 7 years from date of manufacture: http://leginfo.legislature.ca.gov/faces/codes_displaySection...
Neither sections "1797.8. (a)" nor section "1797.81. (a)(1)" talks about products "originally sold outside the USA"
The law talks about _imports_ and not what was _sold_in_foreign_country_. The law then further defines that some imports are considered "grey market".
Using the phrase "originally sold outside the USA" that's not even there in the text of the law is copying the same mistake that Dylan16807 made.
>A manufacturer cannot refuse to honor a warranty just because it doesn't like the reseller who issued the receipt.
I'm not sure why you believe this? I can't find any court case that forces manufacturer to honor a warranty when it is purchased from unauthorized resellers.
>Implied warranties are made by law. [...], it still has implied warranties.
Both UCC and California law allows for manufacturers and sellers to disclaim implied warranties. Search for word "disclaim" in the actual California law text: https://leginfo.legislature.ca.gov/faces/codes_displayText.x....
Disclaimers will look similar to the following text: "SELLER MAKES NO WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. NOR IS THERE ANY OTHER EXPRESS OR IMPLIED WARRANTY."
(I'm sure everyone has seen that verbage before but never really paid attention to it because what most people care about is the manufacturer's warranty.)
Enabling retail is a massive part of U.S. property and commercial law, this is how Blockbuster was able to do business.
What I'm hearing here is that Dell, HP, etc. are designing their firmware to keyfuse any unfused CPU it sees to their firmware automatically, silently, and without any prompting whatsoever. And that AMD apparently has no problem with this.
In no way, shape or form is this a reasonable design. A boot prompt before basically quasi-destroying (for many purposes) a CPU would be the only reasonable thing to do. "This operation is irreversible and will render the CPU unusable in other machines", etc.
I'm wondering if Dell etc. could be sued for this.
>Outside of x86, IBM POWER10 is making a push for enhanced security, so the will need to have a silicon root of trust to enable their security feature set.
If this were true, this would make POWER10 dead-on-arrival in terms of being something Raptor is willing to ship. Comments made by Raptor don't suggest this and suggest they will be able to ship POWER10 eventually, so it doesn't seem likely.
Keyfusing is an excessively brittle technology, can't support key rollover (you're stuck with one key forever, or at best can change it only a couple of times, depending on the size of OTP), and is basically unusable for owner controlled (not vendor controlled) secure boot.
I've been involved in more than one purchasing decision where the ability to resell the parts was factored into the sticker price.
For second-hand CPUs? Not likely.
If it doesn't fulfill that need, even second hand, you can get your money back.
What you are suggesting is absurd. Craigslist, Ebay, Paypal, and the people selling using those platforms are above the law?
It sounds like you might not be familiar with any of the platforms in question. But no, you can't do either of those things to the kinds of people who deliberately sell defective parts on ebay and Craigslist. Or at least, you won't once you figure out what's actually involved.
I would say beside as opposed to above, but it sums to the same thing.
Are as-is used car sales illegal in that state?
Were there ever any updates to that rather pessimistic blog post?
But automatically, permanently "poisoning" any CPU that's inserted into the socket after a single boot? That sounds like it's being done for economic reasons.
They want to turn the used CPU market into a sketchball market for lemons so that everyone is so scared that they only buy board+CPU combos directly from the vendor rather than trying to save a few pennies here and there.
I can't see that the market for enterprise system is heavily affected by grey market CPUs. Their customers are by and large buying these systems built & configured, and racking them up as they come.
It'd be nice if there was a jumper you could set on the motherboard to stop it claiming a CPU though (maybe there even is?).
However, and I may have misunderstood this so please do correct me if I have, based on the article, it seems for certain vendors, they share the same signing key with multiple machines (presuming whole lines), in which case this certainly seems to be about vendor lock-in from the vendor side.
It provides a mechanism to prove the entire boot process hasn't been tampered with, but I wish AMD provided a way to run these fused processors in a generic way without the security chain, with it just reporting that there isn't a secure root of trust. However I assume they are afraid of that allowing malicious code to fool deeper parts of the system without the system administrator knowing.
So good for security, but bad for e-waste and second hand sales.
I concur, but it's true for even consumer devices like smartphones. Once the software updates stop, if security is the key then the devices are e-waste. Many times, I wish there was an International law which forces manufacturers to unlock their device when they stop pushing software updates to their device, so that alternate firmware can be installed. Of course this is just a wishful thinking, even those who abandoned their smartphone segment entirely(MS) didn't do this, So why would those who run profitable business out of planned obsolescence do it?
It doesn't go as far as to force unlocking, but requiring transparent disclosure of a committment to security update longevity (like Chromebooks and pixel phones have) is probably the first step along the road to that.
Basically, "doesn't go as far as" sounds like a massive understatement.
This is entirely debatable. This is essentially bootguard for socketed CPUs similar to how most laptops behave. For one, it makes fixing the crap that Dell and their contractors write impossible. You cannot replace the bios with coreboot.
For all these features that require blessings, I really liked apple's use of the term notarised. Everyone should call these notarisation features rather than security ones. It's as boring and useless as going to a notary, if you have ever done that.
If you care about this specific attack scenario then make sure you check the keys with a management tool or something. It's not necessary to make the chip unusable for almost every aftermarket user just to make it a little bit clearer that a compromise has happened in that rare case.
I'm just trying to speculate what might be driving demand for this type of feature, since TPMs already exist.
I see, so it's basically AMD's implementation of Intel Boot Guard, but on servers instead of laptops. On boot, the CPU verifies the BIOS's signature from its OTP memory and refuses to boot if verification fails.
Theoretically, if you move CPUs between different laptops, you'll find the CPUs are locked to its platform as well, but we don't feel it since they are not replaceable, the only visible effect is that the firmware has been locked and you cannot run coreboot.
And now the same thing is coming to servers and it has a bigger visible effect...
It could be implemented in a way that preserves the ability to reuse CPUs, but it wont be.
It’s an interesting problem. The solution is valid, but it’s unfortunately permanent.
Also, we sometimes lose the CPU rather than the board. As the CPUs become more complex, their probability to fail has risen.
I guess that's the key point here.
(This is fairly normal in cpus. Picture 8 regular fuses. If you read across them, you’ll get 0xff. Now blow the first four fuses and read again. You’ll get 0xf0. Here’s the catch. You can’t “unblow” them. With real fuses, you’d replace them. If they’re inside the cpu, you replace the cpu.)
Fun trivia. The boot loader signing in the raspberry pi works the same way.
this made me think of the pencil trick from the earliest days of socketed athlons. not exactly the same I know.
Older firmware has exploits, which allow installing Ubuntu, etc. To prevent exploiting, old firmware refuses to boot if the new firmware has ever booted. This is marked by blowing fuses.
Note - there is even a fuse that when blown, prevents other fuses from being blown!
I believe Xbox 360 one was rewritable while Switch one is not. They also require higher voltages than rest of CPU to write. So modders used to modify PCB to block writes or tried to write old values. For Switch they had unrelated nonupdatable boot exploits to bypass signature checks for early batches.
And the simplest answer is that code could check if the fuses are reading out too early a version and abort. Which you could try to patch around but it won't be easy.
I had the same initial reaction though. It seems like something that makes more sense as a jumper or something that can be reset by jumper so physical access becomes the requirement.
The only reason I can think of to do it as described is to kill the secondary market or, even worse, to maintain a lifetime licensing requirement on the system. If the signing keys can expire like signing certificates I expect step 2 will be custom signed firmware via a cloud portal where no license means no signing. I hope I'm wrong, but that's likely the endgame here.
TLDR; If the signature on the BIOS can expire, it's more nefarious than it sounds IMO.
The header pins can be varnished (or other techniques) so they do not conduct, but they still look normal. To set a pin, 36GA wire between the plastic of the header and the PCB would do the trick. If the adversary had a particularly high budget, they could fabricate and install a header that would even pass inspection by a multi-meter's continuity check by making the outer part of the pins be electrically isolated from the inner, except where it contacts the PCB, where the attackers choice of conductivity is made.
I don't think anyone has come up with a good way to downgrade the CPU from secure operation to insecure without also creating a way to bypass it for an attacker. The only way I can think of is if there was a revocation of secure mode that put the CPU serial number on a public list, then after a week, the CPU blew a fuse allowing it to boot in insecure mode. It will allow enterprises to be assured that the computers they are sending all over the globe are untampered, but still allow people who don't care to get them second hand and not be stuck with the rest of the computer. The hard part is making sure the CPU can only blow that fuse after it gets an ack that its been a week. Ideally, there would be some way for the CPU to attest which mode its running in so secondary audits of the CPU's state can be performed.
If they have physical access and are replacing the BIOS, they could just replace the CPU at the same time with a fresh unlocked one that will lock itself to the replacement's signing key on first boot.
What I am most worried about is vendor's key becoming compromised (whether cracked or stolen), which means that a revocation mechanism is missing.
Even with revocation implemented, such equipment would be rendered useless (I imagine vendor would have to cover for replacements).
So, the server maker then owes me a new cpu (of the same model obviously) that does work.
It'll be interesting to see the legal fallout from this, as purposely breaking customer owned gear is not going to end well.
Quite frankly this should be an optional security feature I can flip off with a physical switch on the board - go show an alert on the BMC for all I care, but as is this is total bullshit.
IANAL; I wonder if this would be grounds for a class-action lawsuit in the future. Something like suing the motherboard manufacturers to replace every CPU their boards have broken by this method.
Expressing discontent in an open forum can catalyse a much larger reaction that PR depts will pay much more attention to compared to a few angry emails or twitter DMs.
If you don't want a platform-secured CPU, don't buy one.
As Chris mentioned, this is exactly what Big Corp™ wants. They'll be the ones buying it too, and would likely pay extra for such a feature. They're the target market for these vendors.
Thus, sure, for those looking to buy second hand, this is indeed advertising irreparable damage. But for Big Corp™, this is advertising security (in my opinion quite rightly so), and ensuring their data isn't stolen.
Admittedly it feels like AMD could have created something that allows the chip to be reset providing you have the original signing keys.
...the problem is what happens when you buy an unlocked CPU.
So if I wanted to modify my car to unlock performance that's usually OK and certainly has been considered moral for decades. But if I wanted to unlock a core in my Ryzen CPU, or just hardware hack my GPU (Radeon Vega and above) to make it do neat tricks, I now technically risk a FELONY because of the PSP encryption and the DMCA - even though I want nothing to do with cracking copy protection. That is enough to have a chilling effect and prevent neat stuff from being released.
AMD have gone as far as signing the BIOS* on their recent GPUs, so tweaking it may be technically illegal (assuming you could crack the signature, though)!
This is unprecedented, nobody ever risked a potential felony for wanting to look inside their car to see how it works, or modifying their household appliances.
We need to get together (on Twitter and other social media) to fight this and let consumers know what is happening, because if people did, especially the more technically minded enthusiasts/gamers, that would put pressure on AMD and others to stop.
Specifically for gamers, let them know it's likely a FELONY to unlock a core in their Ryzen CPU or Radeon GPU due to PSP crypto. Just as with the ink cartridge recyclers who have been prosecuted for breaking cartridge chip security.
* = Radeon Vega and later GPUs have a Cortex-A5 PSP which runs autonomously, executing the Trustonic TEE from the SPI BIOS chip at boot, once the signature has been verified. Yes a whole DRM operating system running on the GPU - if you want to see for yourself, take a Radeon Vega or later BIOS and run binwalk -e to extract the compressed TEE.
But yes, its really shitty how the downsides end up with the loss of user control and ewaste. Especially when it is possible to design something that is secure and that the user controls.
It surely makes sense for phones as it makes less profitable to steal them (as you could only sell parts of the phone and even that can be blocked). Maybe even for laptops but not for desktops and servers.
You pointed out all those factors to say that they're reasons why CPU OEMs should be able to make all your dreams about price, quality, speed, open hardware come true?
(Since I know you're not getting a x86 license that's an easy call for me - I know for sure you're unable to tap into that market)
Makes perfect sense.
Many of the features of the AMD PSP could be implemented as hardwired logic, no need for a CPU for that. And thus no chance of malware being able to run undiscovered.
It's like Orwellian doublespeak, in fact the Platform Security Processor might well be making the entire system less secure. Because we cannot inspect the content of the eFuse ROM how do we know if a state level adversary has placed code in there to weaken the system security?
Note: On the nVidia Tegra platform the eFuse ROM can contain executable code to patch the boot-up process, as Nintendo has done with the Switch console. It's likely that AMD has such similar functionality.
So the PSP could be cracked, and then CPUs can be eFused with malware before shipping the server, and nobody would know that there's an easily exploitable vulnerability now present.
I guess one of the real purposes of the PSP is to protect AMD's security and prevent the user from unlocking disabled cores, boosting clock frequencies, retrieving HDCP keys, etc. on both CPUs and GPUs. So it's partly to prevent the owner from doing what they want with the hardware.
Even though it's a server CPU that's affected by the lockdown, stories like this are definitely not well received by the enthusiast and gamer communities and draw attention to such anti-features like the PSP. Knowing that there's a special processor inside the CPU specifically designed to prevent you from unlocking cores, etc. would NOT be good PR for AMD at all. I am using a Ryzen system right now and I regret buying it, I wish I went with Intel instead. At least the management engine has been cracked, unlike AMD's AFAIK.
It's about time we looked into a legal response to this behavior, just as with John Deere farm equipment, it will likely not stop unless fines are imposed or some kind of consumer boycott occurs.
Regarding the CPU lockdown, even Intel wouldn't do such a thing. Surely isn't it anti-competitive to lock the CPU to a specific system in this way? What would the EU think about this regarding e-waste and recycling? And I believe in Australia the ACCC would crack down very hard on such shenanigans?
Removing the PSP will eliminate the negative PR it creates together with the associated security risk of having a secret part of the CPU where malware can hide.
On GPUs HDCP functionality can be implemented with ROM-based microcontrollers as it did on older hardware?
The security you lose from having a black box in your CPU is much greater than the security you win by virtue of being (theoretically) protected against unsigned bootloaders and rogue hardware.
Additionally, a PSP or Intel ME related hack involving a SCADA system would not be discovered until it's too late, with potentially extremely severe consequences. AMD is advertising the processor as being a security device that is intended to enhance system security. If such a SCADA hack involving the PSP was to result in loss of life for example, what would AMD's liability be in such circumstances, where the 'security device' itself has enabled the system to be hacked in the first place? Taking into account that the 'security device' cannot be disabled by the SCADA operator, so they have no choice to use it.
That is why I believe the PSP and ME should be removed completely. Should that not be possible it should be replaced with a processor that is transparent to its internal operation.
On the other hand, there have been people who have warned about the dangers of CPU vendors putting Management Engines in their products, which are outside of the control of end users (by design). One of those concerns was the ability to rig sales or even kill off second hand markets markets all together. Apparently, this have already become a reality now.
I'm not surprised it's sold as security feature, just as terrorism and child pornography have been magic words in other fields. But at the end of the day, vendors stand to substantially increase their control on sales and with it their profits, with features that may only be significant in edge cases. That smells a lot like an antitrust issue to me. That all vendors are likely try to move in this same direction, as an opportunity to make more profit, doesn't make it any less devious. All the more reason for antitrust investigators to start looking into this.
Yes. Consumer protections apply to everyone. Within Australia, those protections are considered the "bare minimum" that must be implemented by every business, across the board.
Certain industries have other protections they must implement atop of those.
I'm not even sure if the following is uniform across the EU, but I have always assumed (maybe even been told) that it is. Where I come from (The Netherlands), (afaik) when you do business with another business then consumer protection laws don't apply.
The rational appears to be that as a business you don't need the same kind of protection as a consumer. It's considered the risk of doing business, and companies suing each other in court (e.g. for fraud) is considered to be less unbalanced than it would be for private individual (consumer) against a company, in terms of (financial/legal) means.
In reality there probably are different (less savory) historical reasons behind it too, maybe even the preservation of the "natural power distribution" (euphemism for the already wealthy to stay that way) between smaller and larger businesses. That's at least how I have heard it being justified politically. Meanwhile, good luck suing a large company if you're a smaller business yourself. Either way, as I already implied, I think that's more or less by design.
Great if Australia is more egalitarian on that subject. If not for all of nature tring to kill me at every second there, I'd seriously consider immigrating over this xD
When you buy goods or services for your business which are:
+ under $40,000
+ over $40,000 and normally bought for personal, domestic or household use or consumption
+ vehicles and trailers used mainly to transport goods on public roads
your business will be considered a consumer and entitled to certain remedies under the consumer guarantees if something goes wrong.
As an EPYC CPU doesn't cost more than $40,000 per unit (closer to $8,000 from what I've found), it would fall under the guarantees.
Australian laws are still skewed in favour of the larger companies, but one place where the law tends not to fall down is consumer protections.
Certainly it's a debate whether such feature should exist in the first place, but presumably OEMs are the driving force behind this, so they see a need.
AMD wins because it destroys the secondary market, driving up the prices they can charge for new CPUs.
The OEMs win because once you've put your CPUs into Dell servers, you can't just buy different servers and move your CPUs over (e.g. to reuse CPUs from servers that broke in other ways or were decomissioned for other reasons), so you have a higher hurdle when switching to a competitor. Payment from AMD could also be involved, because I think AMD has more to win here.
You as a CPU buyer, or a buyer of services that cost more if CPUs cost more (aka everything), lose, as does the environment.
Works really well for laptops - motherboard fried? Just throw that CPU, GPU, RAM and VRAM away, and buy a new one! You're not rich enough to pay for its repair, are you?
Justified by thinness for consumers and security for corporate. What a terrible practice.
Large vendor, such details may mean a few dollars saving on the CPU's and that will add up. For many it won't be an issue, more a gotcha for the second hand market upon those thinking they can buy and part it out. So down the line, this is going to make some second hand CPU's a real gotcha unless these chips have identifiable visible marking.
Looks like they might be doing this intentionally to get some sort of financial gain: perhaps the plan is that this would lead to less used AMD chips being resold and thus more AMD chips bought from AMD itself and more profit for AMD?
Even then, why would Dell play along? Is AMD contractually forcing them to create a firmware that locks the chips? What about the massive liability of customers demanding refunds or suing them because the Dell firmware irreparably damaged their CPUs?
An attacker that breaks into your datacenter to physically reset the CPU could also swap it, so once you have physical access, the security argument doesn't hold. OEMs/recyclers could simply plug each CPU into a testing/resetting jig that has this connected, or mainboards could have a jumper for it.
Edit: I wonder if this will enable a new category of ransomware. "Pay us (half the current value of your CPUs) to get your firmware signed with the key that we just locked all the CPUs in your fleet to".
With a tiny bit more fancy crypto one could also generate per-system unlock keys so that a vendor doesn't have to reveal his master lock or something like that.
Unlocking bootloaders is a solved problem on android. Why introduce a worse solution that creates vendor lock-in?
Obviously in order to create vendor lock-in.
If it locks the CPU to a certain manufacturer, all an attacker has to do is get an identical new system and swap the CPUs.
Besides, what matters is the data on the storage. Is it encrypted with keys stored on the CPU? If it's not, how does this help?
What does not make sense is that it's not optional.
With physical access you can bypass just about any protection given enough money and time. In a data centre context, the damage you can do is rapidly minimised by rapidly increasing the amount of capital and time required to access more of the DC.
The more important change is that without this feature, malware could theoretically install itself into the firmware without requiring physical access. Now it should be just about impossible to break the chain of trust without a person physically tampering with the machine.
Note: I should mention that I think this is such a massive double edged sword (maybe double edged shield is a better term). This lets you build a threat model that accounts for everything up to physical access. This however also has such a massive opportunity to be an incredibly anti-consumer feature that I fear to see how it will be used. I wish they would have required a physical switch to enable/disable the feature. I do however understand how adding such a feature could complicate its implementation quite a bit.
First, somebody breaks into a server room, replaces the motherboard with a compromised one, and notices mid replacement that they forgot a processor. (Since the processor locks during first boot, it is of no use if the supply chain is compromised before the first boot. On the other hand, I would imagine somebody willing to break into a data center to replace a motherboard would also be willing to do all kinds of other shenanigans, like bringing another processor.)
The second scenario is, somebody thinks about buying a used instead of an new processor.
It’s actually easier to swap a mobo with a cpu and heatsink that’s already seated.
While if you can do this, you don't need to replace mother board/CPU anyway because you already pwned them and copy/modify the data whatever you want.
What security key? Do you mean the memory encryption key? We're talking about a powered off machine, so that's irrelevant.
The article talks about virtual machines as a subset of memory encryption. It also specifically says "ephemeral keys". Not ones that would be preserved across a shutdown.
What is encrypted on a powered-off server that the CPU knows the key to?
I doubt more than a single digit percentage of 'serious' dual socket (64-128+ core) rackmount server customers are going to be buying their own barebones motherboards and CPUs and assembling it themselves. They're going to buy it from a Dell, HP or a Supermicro integrator or similar. If you're buying a $12,000+ server with 128 cores and 512GB to 4TB+ of RAM and some fast NVME storage it's highly unlikely you're putting it together yourself.
Any massive hosting/cloud scale operations that want to DIY their own EPYC systems from pieces will be doing it through a Taiwanese integrator, such as those that supply the ecosystem components for open compute platform server motherboards. And as such they'll also not encounter any technical issues or procurement issues with this. At the point where you have two $3000 CPUs on a motherboard that costs $1200, the full firmware/motherboard/CPU integration and qualification process is very different than putting a $399 ryzen into a $300 board.
I work in a rather budget-constrained lab environment. “Beg, borrow, steal” is the order of the day. Just today I was pricing out pre-loved Gen8 HPs. In 5 years time I could be exactly the hypothetical the article outlines.
This isn’t today’s problem - it’s a problem we’re creating today. We’ll hit it when your examples start retiring them and my example are eager to recycle them.
For home lab stuff... When people buy a $200 used Dell R610 off ebay with two 8-core CPUs they most likely expect to use it in the exact same CPU configuration. Maybe add RAM. And probably use their own choice of SATA 6Gbps SSD in the drive trays instead of whatever old, possibly unreliable used spinning drives might come with it.
I have a 4U, quad socket Dell R910 with 32 total cores and 256GB of RAM that I got for $350. I'm absolutely not going to go messing around with replacing the CPUs on it with something I've purchased from ebay. When it's too old or slow, or I'm tired of having a 500W electrical load in my garage, I'll replace it with another thing that's come off a 3-4 year lease cycle.
So in the future I’ll likely have a smaller bin of CPUs to choose from. If firmware keys get more specific than per-vendor, it could be potentially a very small bin. And small bins typically mean higher costs. The cheapest cpu is typically the biggest bin, not the highest specced.
As a person that's formerly worked for a server manufacturer for a number of years I would say that the mid to upper performance range of the CPU market is 80%+ of the servers by volume. The other 10% is either the very low power models, and the top 10% of the units sold by volume are the very most expensive CPUs available at the time.
If you buy a used 1U Dell R610 with two six-core CPUs and 64GB of RAM, nobody should be surprised that a 120VAC watt meter at the wall shows it idling at 150W power consumption, with cpu load at 0.00... [surprisedpikachu.gif]
Likewise for me. I AM building a $20,000 HPC because simply put, no one will sell us one for anything close to what we can actually afford and when it affects the speed and capability of my research and publications personally, it feels like a waste to leave extra performance on the table.
They've become a bigger concern with UEFI since it has a massive attack surface compared to legacy BIOS.
For a processor sitting in AWS / Azure, they want guarantees, and they're the ones EPYCs are designed for.
The responsibility has to rest with the processor, since it's the only thing executing code prior to UEFI. What it's doing is validating that UEFI was cryptographically signed with the correct key prior to running any UEFI code.
When it's first used, it is saving the key for the vendors UEFI implementation and won't allow it to proceed if the root signature ever changes (think something similar to root certs for HTTPS).
It's only relevant to Secure Encrypted Virtualization insofar as they are both implemented inside the PSP which is a separate ARM core that runs at a higher privilege level than the x86 cores (and is the core that actually initializes the x86 cores).
This is how all phones have worked for many years, but apparently it's now becoming a thing in servers too.
The motherboard just loads BIOS/UEFI into a predefined memory address and then starts the CPU
This is a pretty good explanation
> In a multi-processor or multi-core system one CPU is dynamically chosen to be the bootstrap processor (BSP) that runs all of the BIOS and kernel initialization code
These days, the "bootstrap processor" is a separate core that your OS can't see. On Intel it's the IME (running Minix) and on AMD it's the PSP (ARM TrustZone)
If one segment needs to worry about UEFI rootkits, it's cloud vendors. Very dedicated (nation-state sponsored) attackers could burn/use a zero-day hypervisor escape to installs a UEFI rootkit that tampers with the processor's integrated HSM (as said in the article, tampering with it has already happened and the exploits have been patched by AMD). As I understand it, If a vendor uses full memory encryption, the above exploit could lead to decrypting and exfiltrating other customers' data.
*Jokes aside, I think Intel created UEFI (for Itanium?), not Microsoft?
Because otherwise it's really hard why the website would claim that every end user would be enthused about these lock-ins. Sort of weird statement.
"HPE does not use the same security technique that Dell is using for a BIOS hardware root of trust. HPE does not burn, fuse, or permanently store our public key into AMD processors which ship with our products. HPE uses a unique approach to authenticate our BIOS and BMC firmware: HPE fuses our hardware – or silicon – root of trust into our own BMC silicon to ensure only authenticated firmware is executed. Thus, while we implement a hardware root of trust for our BIOS and BMC firmware, the processors that ship with our servers are not locked to our platforms. (Source: HPE)"
You couldn’t just fail to that state (it’d be inappropriate for its primary use-case), as long as there’s some way to get there.
If you want to know where to start, search GitHub for 'KaveriPI', if you unpack AMD BIOSDBG.EXE you can find a complete list of processor registers. This is all from 2015 but the PSP is documented in there.
There's also a Microsoft Access database which has all the JTAG registers, but I don't have the time to decode the meaning of the fields... It is likely that things have changed since then but it still might be enough for a start.
Should the JTAG interface be protected then some kind of laser(?) fault injection might be required to open it up. I guest some of the eFuse bits can be overwritten, maybe there's a combination which can remove the lock. An innovative recycling company could work on making a jig to automate this somehow...
Some PSP JTAG stuff here (publicly available material from GitHub in 2015, fair use applies):
AMD is unlikely to sue anyone trying to reverse engineer the JTAG interface, especially if it's for an open source project to unbrick CPUs! If they do the EFF is very likely to step in and defend you.
The SMC ROM contains code to initialize the hardware before the PCIe links are brought up. One of the first things the SMC does after boot is read out the eFuse contents and program various 'write once' lockdown registers which are used to disable features within the chip. Once these registers have been written to they cannot be modified until a hard reset occurs. So you write to these before the SMU gets a chance to. Or you can halt the SMC itself, then write whatever registers you want and reboot it as nothing ever happened. That way you can override many of the eFuse related settings.
The above techniques might also work on PSP based CPUs/GPUs - so you need to access the JTAG interface ASAP after bringing the chip out of reset. I'm unsure if the SMC is still present on the PSP-based CPUs and GPUs, as I don't have any spare to test.
Hell, next step might be ransomware that fuses your CPU and unless you pay them they will reboot them so you can't use them any more until you buy their signing key.
It also won't necessarily work in other Dell motherboards, just ones using the same key as the first.
It's strange Dell would blow the fuses by default, though.
This will greatly complicate the future second-hand market, though. Buying used Epyc CPUs off of ebay in 5 years will become very sketchy for example.
Used SGI to not pick a real vendor.
As in for your example there isn't anything stopping you from buying a CPU from anyone, including US retailers, and using it in an SGI EU motherboard. The CPU itself isn't locked when new, this signing key locking isn't baked into the CPU at the factory. It happens when you plop it into the socket & fire it up for the first time.
I can't buy a used cpu from an SGI US customer and put it in an SGI EU motherboard. I can buy a new CPU from anyone though, but then I can only sell it in-region.
Correct, but that's less a region thing and more this just poisons all used CPUs.
As in you don't even know if an SGI US CPU will work in a different SGI US motherboard. There's no particular reason to assume all SGI US motherboard models will have the same signing key. Within the same model that'd almost certainly be the case, but if it's a different model, especially different chipset, I don't know why they would necessarily strive to keep the key the same across different firmware branches.
> I can buy a new CPU from anyone though, but then I can only sell it in-region.
Er, why? Nothing about this stops you from re-selling CPUs however you want. Or are you still talking about the used market here?
Intel has Boot Guard, AMD has this.
Either one may have seemed the better choice at one point in time, but it's clear they're really going down the same path.
If they do, lots of people, whether they will buy it or not, will complain and make a big fuss about it. If they are going with Vendor lock they might as well go back to Intel.
Looks like AMD just cant Win.
> AMD PSB Vendor Locks EPYC CPUs for Enhanced Security at a Cost