‘AMD Platform Secure Boot of EPYC CPUs is bad for the second-hand server market’

Spread the love

If manufacturers use AMD’s Platform Secure Boot for EPYC processors, the processors will only work on systems from those manufacturers. The function frustrates the market for second-hand servers and creates more e-waste, claims Serve The Home.

Serve The Home found in a recent review of a Dell EMC PowerEdge C6525 that the AMD EPYC 7002 used no longer worked in other test systems after testing. The cause turned out to be the AMD Secure Processor, an Arm co-processor that is part of the EPYC-soc and that runs its own operating system, among other things.

At the first start of a server, the Secure Processor executes its firmware and thereby establishes a root-of-trust by authenticating the bios. The chip therefore first verifies that the bios has not been tampered with. This is done by checking that the firmware is signed with a key by the server manufacturer. With the Dell EMC system, the CPU stores an ID for that specific system on the chip. According to AMD, this is done with one-time programmable fuses and this ID links the CPU to the Dell EMC server.

If another CPU is placed in the server, it will not start up and vice versa, if the relevant EPYC chip is placed in a server of another manufacturer, the boot process will not be started. Because the check is done on the basis of signature by the manufacturer, it may be possible to use the CPU in other systems of that manufacturer. However, the link with the manufacturer’s firmware cannot be reversed.
AMD calls this hardware validation system Platform Secure Boot, or PSB, and it is not specific to Dell. Other server manufacturers can also enable PSB. Nor is it a new feature. Serve The Home itself already experienced in 2018 that a Dell EMC PowerEdge R7415 was linked to an AMD EPYC 7251 during a test.

According to the site, the vendor lock-in remained under the radar because systems with PSB activated are still relatively new and AMD had a smaller market share than Intel. Along the way, HPE, Dell and Lenovo have started to advertise that their EPYC systems are more secure than Intel Xeon alternatives, the site claims, which therefore wants to draw attention to the topic.

According to Serve The Home, PSB can give resellers in the gray market for servers serious headaches. The site also states that servers are often reused without CPU and ram for companies that want to purchase systems at a low cost. The publication also emphasizes its position that the function will increase electronic waste.

You might also like