Vendor Locked CPUs, Restricting and Securing Hardware
Vendor Locked CPUs, Restricting and Securing Hardware
Recently, major CPU vendors, mainly AMD and Intel have increasingly deployed their own hardware-based secure boot systems for processors that intentionally vendor lock these CPUs, limiting their compatibility with other manufacturer's motherboards. Even though these measures exists, we cannot forget that most of the processor market is still based on processors that can still be used in any motherboard.
What Does this Mean in the CPU Market?
In the refurbished and used processor market, a lot of brokers, Systems Integrators, and recyclers often have this products, and it is important to communicate between the client and the company offering these products, that the stock of certain CPUs is either vender locked or not, as many people and entities in the market do not have knowledge that CPU manufacturers such as AMD and Intel offer processors that only work in certain motherboards rather than all motherboards compatible with the specific CPU.
AMDs Platform Secure Boot (PSB)
Modern AMD chips such as EPYC, Ryzen and Threadrippers can have what it is called platform secure booting, which leverages a hardware-based root of trust via the AMD Secure processor. This platform verifies BIOS firmware before booting to ensure compatibility between CPU and motherboard, if CPU contains this platform; once again not all processors contains this platform. When enabled on OEM platforms such as Dell, or Lenovo, PSB permanently burns one-time fuses in the CPU binding it to that vendor's BIOS signing key. And once theses fuses are set, that CPU in question will only boot in systems signed by the same vendor, and it will fail to boot in any other vendor's motherboard. For example, if CPU is vendor locked to Dell (CPU burns its fuse to a Dell motherboard), that processor will only work on Dell systems with Dell motherboards, and swapping it to a Gigabyte systems, that system will not boot. Many users recieve no disclosure that PSB is enabled, nor that the lock can be reversed. Once CPU is locked there is no current way to reverse.
Consequences of Vendor Locking
User and secondary market harm: Vendor-Locked processors lose portability, as users cannot move CPUs to third-party motherboards for topics like infrastructure upgrades. This CPUs wil lose resale value and contribute often to E-waste as they cannot be reused to other manufacturers as the market shifts in systems preference.
Benefits of Vendor Locking
Security: PSB (AMD) and Intel's Boot Guard platform, can establish a robust chain of trust, helping in defense against firmware-level malware and ensuring only vendor approved motherboards have BIOS loading enabled and correctly set up.
Intel's Boot Guard: Similar, But Different
Intel provides a comparable functionality through Intel Boot Guard, implemented via fuses programmed in the platform controller hub (PCH) and enforced through the Intel Management Engine (ME) subsystem. Boot Guard prevents unapproved firmware from booting, ensuring that the BIOS is signed to an OEM's public key locked to the PCH hardware. The difference from AMDs PSB to Intel's Boot Guard is that the root-of-trust is in the chipset rather than the CPU itself like AMD's solution.
Intel's Boot Guard however, allows the CPU to be swapped between enabled motherboards of the same OEM, or potentially across vendors, as long as the firmaware signatures match, although Boot Guard can still prevent custom firmware like coreboot from allowing the CPU to work in said system.
Consequence: Intel's solution has been criticized, as the Management Engine is a closed, always running subsystem that introduces the possibility of privacy risks or "backdoors" for malware to be injected. And while Boot Guard restricts firmware replacement, the CPU itself remains physically interchangeable,while AMDs PSB locks CPU to the platform permanently.
Conclusion
In an ideal industry, strong hardware-rooted security would coexist with user choice and upgradability while maintaining bes security possible. Until then, vendors, manufacturers, and consumers alike must weigh the trade-offs between protection and freedom - especially as these solutions become more and more widespread. Fortunately Cloud Ninjas offers both solutions and we make sure the client knows what processor they are getting, with thorough tests over refurbished parts and guarantees over new CPUs being vendor-locked or not. Check below our CPU catalog and upgrade your system with the best CPU pricing.