Supplier Lenovo locks down Ryzen-based systems via AMD Platform Secure Boot in the client PC segment
Serve The Home recently revealed that Lenovo uses AMD Platform Secure Boot, also known as AMD PSB, for its desktop platforms, especially AMD Ryzen PRO based systems to lock down the processor on their branded lineups. . The website has run a few features on the vendor lockout process, and a recent video from the site on YouTube explains the purpose of AMD PSB and the pros and cons of the process.
Lenovo vendor locks down AMD Ryzen PRO-based systems with AMD Platform Secure Boot
In the recent Serve The Home video, they show off a Lenovo ThinkPad desktop computer, the Lenovo M75q Tiny Gen2, with the integrated processor. The processor is found to be specifically vendor locked on Lenovo systems. Yet, looking at the processor, the user would not distinguish it from an identical processor located on a separate system. The process uses AMD’s Secure Boot platform, and in the video below, the hardware site goes into detail about why Lenovo would lock down the processor on its systems and not others.
Patrick Kennedy, owner of YouTube and website Serve The Home, covered the impact of AMD PSB on AMD EPYC processors in 2020. The specific AMD EPYC processors mentioned by Kennedy are used on server-level systems, Dell initially adopting the provider. locking for their designs.
AMD explains its PSB technology in a security white paper from 2021, “AMD RYZEN™ PRO 5000 SERIES MOBILE PROCESSORS, DEFENSES MATTER: DESIGNING FOR SUBSTANTIAL DEPTH,” written by Akash Malhotra, Head of Product Strategy and Security Group for AMD.
AMD Platform Secure Boot (PSB) provides hardware root of trust (RoT) to authenticate initial firmware, including BIOS, during the device boot process. When a system powers up, ASP executes the ASP boot ROM code, which then authenticates various ASP boot loader codes before initializing the silicon and system memory.
After the system memory is initialized, the ASP boot loader code verifies the OEM BIOS code, authenticating the other firmware components before the operating system boots.
PSB enhances platform integrity by providing enhanced protection against malicious or malicious firmware, automatically denying it access upon detection. AMD PSB helps ensure a seamless and secure transition from low-level firmware to the operating system.
Vendor lock can be inconvenient for users since the original company has unmarked the processor and does not indicate that it can only work on the corresponding platform. The process inculcates the processor for singular use on the particular brand’s platform and not on a competing company. It also prevents any user from swapping out the processor with a different processor that costs less but offers more efficiency. Let’s say someone buys a used AMD processor, like the one in the Lenovo M75q Tiny Gen2 in Patrick Kennedy’s video. In this case, a user attempting to place the processor in a non-Lenovo system would find the component unusable.
Serve The Home published an article in April 2021 about Lenovo using AMD PSB technology to lock down AMD Ryzen Threadripper PRO processors for use outside of the server market. It currently shows that vendor lock-in is present in AMD EPYC based processors and AMD Ryzen PRO series on Lenovo platforms.
The vendor lockout on Lenovo devices was revealed by a Serve The Home viewer on Twitter.
— Dee (@FedsAgainstGunS) December 22, 2021
The viewer adds that vendor lockout can be changed to not use AMD PSB in Lenovo devices in response to the tweet above.
Forgot to add that on the consumer platform it gives you the option to disable that for future CPUs but the OEM CPU is definitely vendor locked, swapped the 4750GE for a 4650G to get this message, but 4750GE would not post in 4650G motherboard pic.twitter.com/8JhnyXoJ5j
— Dee (@FedsAgainstGunS) December 22, 2021
Kennedy comments extensively on vendor lockout and highlights several points and issues. First, users should be aware that vendor lockout is not a standard feature of systems. Most vendors don’t lock down their processors to specific scenarios. Lenovo has chosen to implement this feature across its lineup on both server and premium Threadripper Pro workstations, such as the Lenovo ThinkStation P620.
If a user has a vendor-locked processor, it can be installed on another Lenovo system, but not on another brand’s motherboard. Kennedy introduces that sellers of vendor-locked processors should indicate or mark somewhere on or with the processor that it is locked to a specific vendor so that buyers do not face problems in the future when trying to purchase them. ‘implement the processor on another system. It continues the warning to eliminate the possibility of e-waste that would appear due to the sale of a locked processor. Finally, Kennedy notes that
Some online said the lock was between a specific motherboard and CPU. This clearly presents challenges when a motherboard needs to be replaced, especially in the server market where one motherboard can cost $600 and the two processors can cost $10,000. As a result, AMD PSB locks to a vendor’s firmware signing key, not a specific motherboard.