News Lenovo Using PSB on Threadripper and EPYC Systems To Reduce CPU Tampering

velocityg4

Illustrious
That's horrible. Old CPU's pulled from three year old servers and workstations was a great way for people to do powerful DIY workstations and servers on the cheap. Just more ewaste. Because manufacturers don't believe people own the products they purchased. Nor do they have the right to tinker with or repair them. They'd all be as locked down as an iPhone if they thought their customers would put up with it.

Lenovo doing this to prevent CPU theft sounds about as plausible John Deere locking down their tractors for the safety of farmers. They did this to sell more servers and to reduce the second hand market.
 
Reactions: Mandark

drtweak

Illustrious
How about they make it in a way where you can unpair the CPU and Motherboard but in a secure way so that you still can't just take them out?

But then @NightHawkRMX had a great point. Like I'm going to take down a server in a rack and then steal the Epyc CPU and just put it back. Unless you have something else to put back in its place and do it fast pretty sure someone would notice.
 

kal326

Distinguished
Dec 31, 2007
1,157
30
19,320
1
For rack servers this is absolutely ridiculous. Nobody is going to break into a datacenter to steal just the chips. Any other along the supply line theft they would just steal the whole unit.

Workstations, again people will just steal the whole thing. It’s not like nobody is going to notice you taking a chip out or taking one somewhere to return back unnoticed.

This is simply to block out second hand sales under the guise of security or theft prevention. Hopefully Dell or HP which would probably have more of the US workstation and rack unit market won’t do this. Or if they do, at least those chassis are common enough that you can find a matching pair. It’s just going to put more work on the recycling and refurbishment companies keeping them all separated.
 

spongiemaster

Respectable
Dec 12, 2019
1,351
629
2,060
0
For rack servers this is absolutely ridiculous. Nobody is going to break into a datacenter to steal just the chips. Any other along the supply line theft they would just steal the whole unit.

Workstations, again people will just steal the whole thing. It’s not like nobody is going to notice you taking a chip out or taking one somewhere to return back unnoticed.
Correct, they would steal the whole unit. But they aren't about to sell a pallet full of stolen Lenovo servers. How easy would that be to track? It's like car theft. The stolen car is usually stripped and sold for parts making it much more difficult to trace and more profitable. If the CPU requires the whole system to work it becomes much less attractive to someone trying to steal the system and part it out.
 

Gillerer

Distinguished
Sep 23, 2013
318
37
18,890
30
I don't think the writer of this piece even read the original ServeTheHome article.

The feature has nothing to do with hardware theft. Instead it is meant to bolster security: A malicious actor can't replace the BIOS with their own concoction if the CPU will only accept firmware signed by the correct OEM.

How about they make it in a way where you can unpair the CPU and Motherboard but in a secure way so that you still can't just take them out?
According to the AMD statement quoted in ServeTheHome's article "AMD PSB Vendor Locks EPYC CPUs for Enhanced Security at a Cost" from Sep 8, 2020:

An OEM who trusts only their own cryptographically signed BIOS code to run on their platforms will use a PSB enabled motherboard and set one-time-programmable fuses in the processor to bind the processor to the OEM’s firmware code signing key.
So it physically alters the CPU and is permanent.

After that the CPU will only work with BIOS signed by that OEM, and therefore only their motherboards. A single POST on such motherboard will permanently lock any unlocked CPU. Any CPU previously locked to another OEM will not work at all.
 

ASK THE COMMUNITY