ServeTheHome has confirmed that Lenovo is using AMD Platform Secure Boot (PSB) to bind AMD processors to its hardware. This means that if a processor has been run once as part of a platform with the required PSB settings, it can't be used on other manufacturers' systems. It is almost impossible to unbind such CPU.
In particular, this feature effectively blocks the possibility to use the CPU on another motherboard or at least on a motherboard that does not belong to the original manufacturer. AMD PSB uses the AMD Secure Processor built into SoC CPUs for hardware Root-of-Trust and management of other security features. PSB is not enabled by default, but each OEM is free to use it as it sees fit. Processors are also unlocked by default and can be used in any platform. If it turns out to be a PSB-enabled system, information about the key used to sign OEM vendor firmware BIOS/UEFI is firmly «encoded into the CPU. This allows you to create a secure chain of trusted boot, starting from «hardware» and ending with the operating system, which not only protects against tampering with the system, but also prevents, for example, the possibility of processor theft. However, if you upgrade your system by installing a different CPU, the old one actually becomes electronic waste unless it falls into the hands of someone who already has a compatible system. If the motherboard fails, the owner will have to buy a new board from the same manufacturer. And this applies not only to servers & ; AMD PSB allows «bind» not only EPYC, but also AMD Ryzen Pro (Renoir and Cezanne) and Threadripper Pro. Dell was the first to use PSB to bind CPUs to its hardware back in the days of AMD EPYC 7001. Lenovo followed suit and started using PSB in its off-the-shelf systems as well. HPE, on the other hand, said it does not use CPU tethering. Other major vendors, as a rule, do not activate CPU tethering by default either, but can turn it on at customer's request.
0 Comments