Yikes! Lenovo is vendor-locking AMD Ryzen CPUs via PSB

Thanks for the nudge on doing this video. You were the big driver for it.

Thanks for the heads up about the 4750GE on an Asus board. Right now, I have a Ryzen 5 Pro 3400GE that I took out of an M75Q Gen1 and it works perfectly in an ASRock X570m Pro 4 board (with ECC memory). I was thinking maybe in the future of the possibility of getting a Pro 4000 or 5000 series GE to upgrade, but now it sounds like it's going to be a challenge if I happen to come across the M75Q Gen2 system 🙁

@@ServeTheHomeVideo And thank you for doing it, i got to see some perspectives that i didnt even consider, not just from ServeTheHome, but also the community.

@@nighthawkvc25a Interesting, i'll have to try to get permission to swap our Lenovo Pro 3400GE into our Alienware computers(would have to temperarily take it out of the esports room). It was my understanding that all of the Pro series came with this emabled by default(starting with the 2000 series), but maybe lenovo made this change with the 4th generation.

@Denis go back to TikTok if you can't handle it

I’m surprised Lenovo did this before apple

@@Ironapple09 pretty sure Apple products' CPUs have been paired to other components for years... also they're soldered not socketed

@@QualityDoggo The Xeon e5 v3s in the system I'm building right now allegedly came out of a mac.

if i buy something i pay it and its mine and i can do whaterver i want with it , even set in on fire if i so wish , so i dont see why i have to be forced to use what i buy only as they see fit ............if i want to reuse the cpu i paied on another mobo why shouldt be i be able to ?

@@cts006 A Mac that is a 2013 design at the very latest.

Sir, the manufacturers are just following governmental directives. The government isn't going to help you, because it's in their interest if no one owns any type of computer but a phone. You can't be [easily] tracked if you have a desktop running open-source software, sit behind a VPN, and have no camera or microphone attached. It's also not anti-competitive. You will own nothing and you will like it.

@@timramich got love corptocratic rule!

@@timramich Nice brown pill. Maybe post something actually useful to the discussion someday rather than paranoid ranting?

@@KiraSlith Cool story. You'll see.

@@timramich The industry will collapse before that happens, and I don't think that's exactly in AMD's or Intel's best interest. But please, tell me all about your deep and well researched understanding of buyer-side economics. :-)

And I see that this is a new vector for DoS attacks - brick the computer by changing the conditions for the PSB so that it won't start again and you'd need to replace CPU and BIOS. Basically easier to get a new computer.

@@ehsnils That or a manufacturer pushing a BIOS update that either intentionally or accidentally bricks a whole line of older systems. We thought apple was bad when they started throttling older phones in updates, but you could in theory push an update than auto installs on the next reboot and then bricks the system.

Can still hack and bypass it they are fun but also waste of your time lol

It is, it also cuts off reuse when big corporations are getting rid of their old stuff.
The thing is, the security ideas can be okay, but a) Lenovo should not contol the keys, that should be the enterprise admin adding their key to BIOS and turning the feature on first use, b) have some way to disable it again with that same keypair for decomissioning systems (note I can use the key on a different motherboard if it is in this form) . I can key up every unit with it's own key and have a key store database under a master key as an admin easy enough.
The whole concepts this is based on are being broken, and MS started it with getting them to embed MS keys for the bootloader stage the idea of that feature again was the admin would set it up with their own keys (some DIY motherboards do actually allow this, OEM, well good luck). It is illegal tying and needs to stop.
With this implementation in 5 years time, motherboard gets powersurge and dies, and now the processor has to go with it because lenovo is doing this and no-longer sell those particular boards any more... I would also point out Lenovo has been doing similar with serial number checking of wifi modules in their laptops.

This one actually has 64GB of memory in it for its video :-)

well, you can still upgrade it. But with brand new CPUs (which would become lenovo only after first boot)

@@gorjy9610 True... I also imply (but not specifically) pulling the CPU out and putting it into something else (I often partially fund my upgrades by selling off the parts I'm replacing ;)

@@JeffGeerling Lenovo is brand to avoid for any somewhat advance user, proprietary this, proprietary that. And now locked CPUs. We can only hope that this is end with Lenovo and no other OEMs would do similar thing.

@@gorjy9610 Its probably not just Lenovo, its just that of our new machines, our Lenovo ones are the only ones with AMD Pro series processors. The rest are either Intel, or non Pro AMD. We have some Dell/alienware and HP desktops with Ryzen, they're just not Pro series, so dont support PSB. We do have some HP laptops with Pro series, but, it would be difficult for me to swap these into Lenovo boards, especially without having to fight a possible warranty battle in the futrure.
Of note, i'm not part of the Serve The Home team, i have just been doing my own independent testing

how exactly is it more secure to not have a CPU run in different boards?

i like it, if this was a car, say a expensive mercedes, and i wanted to take the brakes off, and put them on a different mercedes, then this lock would make it so i can not.

Illegal tying under the Sherman anti-trust act.

I think folks will be a bit shocked when they see the SR655/ SR635 video(s). We started working on them, but now are waiting on more parts.

The most anti-consumer thing since Apple starting selling computers!

@@tomkent4656 not quiet there - but on the way

@@tomkent4656
Last time I wanted an apple computer was when they used motorola processors. All that came after was a damn headache to service.

Good. More large buyers pulling out when the pull shit like this is better. Even more so if you tell them that is precisely why you're cancelling their order.

They do use different part numbers... sort of...
that is, I don't think regular ryzen can have that feature enabled, I think it can only be enabled on ryzen pro, hence why they would be OEM only. Then Ryzen pro can have that feature enabled or not. Note that it's not up to AMD to decide whether or not it's enabled.

@@MrPlaneCrashers Only the pro models offer this feature, but me and I think most other users would socket a used 4750g just as readily as any other CPU. That's the problem, at that point it's a gamble.

@@stuartlunsford7556 Yeah, completely agree with you on that.

Kills the market for used Ryzens, even if pulled out of HPs or Dells. Buyer can't know if it came from a Lenovo or not.

@@SuprousOxide market sorted it out pretty quickly. Epic processors on ebay are listed as 'unlocked' or 'Dell locked' and guess which ones are worth less?

You have it backwards. It prevents a malicious firmware from being installed on the motherboard, because the CPU will refuse to boot if the firmware is not signed by Lenovo.

@@lawrence-dol
You do know that if someone has the capacity for firmware attacks, that obtaining manufacturer's keys isn't out of their scope? This doesn't solve jack except the problem of how to make more bank.

@@rockytom5889 Not true. One has nothing to do with the other.

@@lawrence-dol So, at 6:32 in the video the message sure sounds like it's asking for permission to blow the fuses in the new replacement CPU to vendor lock it to the machine. Otherwise what kind of "vendor lock" is it asking to do? Why would a brand new CPU that's never been in the system refuse to boot if the firmware was replaced?

@@iguanac6466 : OK, you are going to have to at least attempt to look at why this feature exists in the first place. Once the CPU has been locked to the firmware key (at the factory) the firmware cannot be altered or replaced unless the updated firmware has been signed by the vendor’s key. Ergo the firmware cannot be altered by malware which is run on the PC.
I’m not saying it’s a great way to solve the problem, but it does solve a security problem. It’s not meant to prevent you from replacing the CPU, it’s meant to prevent unauthorized changes to firmware.

not only that what about when the system becomes EOL and someone at uni wants to use the cpu in a different board or just a server at home, repurpose this is really bad for chip shortage as well as environment such companies should be boycott so they stop.
I will not buy anything Lenovo again.

Yeah agreed this is complete BS. They want to control after sales and this will just screw up the secondary market plus the whole E waste issue. Its deliberate and I'm debating licking Lenovo and Dell from our list of recommended vendors as it will just introduce more complexity in managing assets across the company.

The idea is that it prevents unauthorized firmware to be introduced between Lenovo's factory and where it is deployed. All of the major server vendors are already working on at least some form of this, driven by cloud providers, and now we are seeing it more in endpoints.

the CPU contains the security coprocessor, and is also ensuring that the board firmware isn't compromised. If it's swapped with another CPU where the security processor and/or CPU are compromised, you break the security features of this system and the end user has very little way of detecting this.
Harming secondary market is a very secondary thing, nobody is buying these PCs for harvesting the CPU, in most cases the secondary market users will buy the whole system and use it for what it is.

@@ServeTheHomeVideo This would also prevent a malicious actor from loading their own UEFI microcode on the CPU either through physical access or a virus once the system is in production. It would be very difficult or impossible to detect the malicious code on the CPU and it could be impossible to remove it as well. Hardware based advanced persistent threats have been a topic of concern for years, but haven't necessarily been all that prevalent. I wonder if Lenovo is just being proactive here or have these sorts of threats becoming more common.

@@ServeTheHomeVideo But why wouldn't they just include this in the chipset on the motherboard instead? Surely someone able to intercept systems in shipping could still defeat this system by replacing components on the motherboard, change signing keys, sign their own firmware, put on their own chips to bypass verification etc
Like once you have physical access I feel all bets are off unless the customer has to install some secure element to the server themselves separately once they get the hardware. I feel like this is just a way to lock people into a platform and making more e-trash. I've seen on ebay already how these locked CPU's go for peanuts while the unlocked ones go for 3-4x the price because people can't use the locked ones outside of the same vendors motherboards.

@@zoopercoolguy You are right. Is there an "and" instead of an "or" option?

that should steer you away from dell not a product platform as it's dell's fault not amd's
cause if intel offers that feature what do you do then if intel and amd both offer it then your fucked can't buy a computer if you buy dells only

lol, nope, this will come with a tax break, full depreciation and thrown away. its literal ewaste production, and they know it. they know it cannot be reused, resold, or have parts salvaged. its 100% intentional, and this will likely come with a discount.

It would also discourage security best practices.

I dont think this is intended for the consumer market. It is for the larger companies that buy 10k units at a time. This was probably pushed by some audit firm. I still think it is a bad idea.

@@hvfd5956 yes, its intended for large corporate customers, who then get a massive tax credit for full depreciation of their equipment every 3 to 5 years with computer stuff.

@@chubbysumo2230 That happens with or without vendor part lock in, that is where a lot of the 2nd user market supply comes from, and where most homelabber kit is sourced. I agree though that this will push a lot more hardware to e-waste earlier than it would have :-(

I agree, AMD should sell a unique SKU to vendors/system integrators if they insist on using PSB. But I'd also add: AMD should charge them 3x what they charge everyone else if they want PSB. Fight fire with fire.

Sell any SKU they want and allow it to be locked, but somehow indicate on it externally, that it is a lockable CPU, so when you're buying it second hand you can see it is lockable, and if you're buying 2nd hand in 10 years, most likely has been.

@@kal9001 Here is the thing, ALL cpu sold by AMD allow vendor to sign their own key, so essentially ALL cpu have a chance of being lock down the line, if you put a ''lockable'' warning on all vendor cpu it will render the warning meaningless.

I agree the ability to swap in a new CPU makes the security fuses practically useless. I think a low-level firmware lock would be just as effective by using a hardware write-protected bootblock on the external BIOS flash chip, as is done in Chromebooks.
Where I need to disagree with you is in having POST codes which identify the lock. While it would be great, it actually is too difficult. POST codes are generated by the system firmware and the system firmware isn't run when this problem occurs. The alert system would need to be programmed inside the CPU itself and this is impractical because different motherboards have different interfaces.

Dude, if it's physically compromised it's probably already sitting in the thief's home being taken apart.

What if it's compromised remotely via a vulnerability, and they got root on the system?

@@1mrhamel The same security could be achieved by putting an early-stage bootblock of the firmware inside an external hardware write-protected memory. It may sound like this would add to system cost, but many BIOS flash chips include facilities for hardware locking the first few kilobytes of memory. This is the system used for boot security on Chromebooks.

I'm not sure he said if the system itself blows the fuses and vendor locks any CPU put in it. If it does, then this is SOOOO much worse, and it's already pretty bad.

@@kal9001 It was mentioned that if you put a new CPU it asks if you want to vendor lock at around 6:30 in the video, so yeah it really is that bad.

Seller can remove furniture tags, but not those tags required by law that declares certain content. Its pretty clear, if seller could just remove any labels/tags informing of dangerous content or other tags required by law, the labelling law would have no effect. So basically, its a law protecting another law. Seller CAN remove other tags on furniture, for example tags that prevent the return of the furniture, or manufacturer warranty tags or similiar, to "screw" the customer.
Its basically, a seller is not allowed to paint over the food declaration on a can of food either, because then sellers would just paint over anything that has with fat and sugar to do and just sell it as sugarfree superhealthy fat-free food.
Since the FPF isn't mandatory by law, you cannot pass a law prohibiting sellers from blowing it, because then you could easily construct the lock so it auto-blows the fuse upon inserting it into a system "Marries by the first vendor it sees" meaning same effect would be made - customers power on system for first time and CPU instantly locks to it, meaning it wasn't seller that blew it, it was the customer that did it by powering on the system for first time. To pass a law prohibiting sellers from blowing it, you would need to pass a law how the feature should be implemented first.

@@sebastiannielsen Lets be real, no legislation like this will never come to be.
That said, auto-FPF or FPF preformed by the manufacter or seller could be banned. Just need to say that generalized components can not have irreversible changes made to them by the manufacturer or seller of systems without end user approval.

The point isn't to tie the CPU to a particular motherboard, the point is that the system will only boot firmware signed by a specific vendor.

@@DMStern If one blindly trusts a specific vendors firmware, just because it has their signature. Then what stops an attacker from using firmware with known security issues that has the same signature?
The vendor could update their signature for the new firmware, but then you need a new CPU.
And when do we tend to get firmware updates? Well, when security flaws are found.
Therefor it would have been better if the security system provides its own signature for the BIOS chip to store on the motherboard. Tying the CPU to the specific motherboard, and not to the vendors slew of software that has the same signature, where a fair portion of that software is known to have security issues.
This would however require the CPU to not be a brick if it detects a mismatch in signatures, but rather provide the lack of security up our boot chain.
And a decent way to implement the security would be if the CPU scanned the BIOS ROM, hashed it, and provided a signed hash to the BIOS ROM. The signature here would be some unique encryption key that only our CPU knows. It can be symmetric encryption as well, since it at no point has to leave the CPUs internals.

@@todayonthebench The scheme you describe *is how the PSB works today*. The only difference is that the system vendor programs the key into the CPU. The alternative would be that AMD would have to vet and sign every firmware release for every vendor.
AMD has features protecting against firmware downgrade attacks, but I don't know the specifics of how it's implemented.

@@DMStern I personally think AMD has a poor implementation. It should be the motherboard that stores the proof generated by the CPU.
But most importantly, a CPU shouldn't effectively brick itself just because it finds an untrusted firmware.
Considering that they rely on OTP memory to store the credentials, it isn't much they can do to stop downgrading. Unless they have a lot of extra OTP for such "alterations" over time, but then they still have the issue that the CPU will become worthless junk after sufficiently many firmware updates. (And OTP fuse arrays takes a fair bit of room, so they won't be wasting tons of silicone on this, I am surprised if it is more than 1-2 k bits in total.)
"The alternative would be that AMD would have to vet and sign every firmware release for every vendor." Isn't the only other alternative. There is plenty of ways to ensure security in a larger system.
The system I described won't on the other hand tolerate firmware updates nor downgrades, or any change to be fair. But this is why it needs some secure state where firmware updates can be performed and signed (likely in BIOS).
To start this feature, we likely use a user defined key stored in OTP to open that option. Preferably we should have an 8 or more character, case sensitive alphanumerical key that can only be accessed after x minutes after system start. (The timmer after start is so the CPU's security system only accepts 1 attempt per power cycle, and the timmer is just looking at the 100 MHz system clock, and from there it is a simple 35 bit hardware counter.)
This is to prevent anyone having KVM/hardware access from just flashing in some new firmware and have it instantly trusted.
Though, considering how we also want to be able to make a CPU "unsecure" again, even if we don't know the user password. Then we need some way to validate that the CPU is secured or not. Here simple hashing and checksums is our friend. Just store a AES-256 key in the CPU's OTP array, have it decode something for us, if it does it correctly, it is trusted. If it doesn't, then we can't trust it. (If the security system is turned off, this OTP key should obviously be erased.)
Reason for the symmetric encryption is that any application in need of hardware backed security can just send its data through the validating function to have the "this needs validation" version of it. And symmetric encryption is simpler to handle. And this is safe since the key never leaves the CPU's internals.

@@todayonthebench A system that can sign its own firmware doesn't protect against the attacks these schemes are designed to protect against.

maybe you need special AMD-sanctioned code. not something that cant get into the hands of bad actors, but difficult and I don't know how to monetize that

Hopefully someone actually does that, so we can see the end of this half-assed bullcrap. If a few of these vendors would have to suddenly warranty couple tens of thousands of these CPUs and have their trust shaken, things would quickly change...

the theory is that if you want to deploy this (and it's not enforced) you want your hardware to fail as soon as possible if you get compromised.
But this need to be at the discretion of the company, and it need a way to be unlocked.

@@kharkin0 I highly doubt that, you probably get a vendor ID from AMD that you can hash for each mobo, so the leak would have to occur pretty high up in the chain. I doubt even state-sponsored operations can get at that, and anyway I don't see the motivation for them to do so, if it's bricked it's bricked, and blowing the fuse would probably require a reboot, so it's hard to exploit

They could just implement enabling/disabling the feature with a hardware jumper or a special resetting system that requires taking the CPU out of the machine.This one time programmable bullshit almost feels like intentionally purposed for vendor lock in. Maybe it was the easiest solution to implement in a rush.

yeah well there should be but people are stupid so that wouldn't do much in the long run cause a stupid person could pull it from a dell or lenovo sell it and the buyer puts into a non dell or lenovo motherboard and it's fucked

This will not affect me now but like my dislike for anti-consumer Apple, you have to stand up for consumer rights or eventually it will be your problem too. Just canceled the Lenovo Thinkpad AMD I wanted and switched to a like HP. The similar 15" HP was $200 less anyway and although I love Lenovo and have had 1 Intel idea pad and a Thinkpad over the years the HP is also fine and I sent another HP as a gift to my Mother in law a few months ago and thats working out fine. Also HP's accidental drop and mess up warranty is great when you have a lot of kids around. I worked for a fairly large school district troubleshooting PCs in computer labs and Dells are such junk. It's a shame Lenovo is doing this as I really like their Laptops. I make all my desktops and will continue to use AMDs as I switched from a decade of Intel's after the 3000 series really has it together. I Built a 5700G for my wife and she runs 2 Monitors off it with the built in graphics as she uses it for business not gaming. Used a Asus 570 and it a DP and HDMI connectors on the MB and it configured her vertical monitor and the other perfectly. only 1080 but if she wants new higher res we can always add a card. We run Win 10 and Xubuntu and Manjaro in our various devices.

It's about keeping hobbyists from obtaining these second-hand. They don't want people having desktops, they sure as hell don't want people having their own servers. Do you really think the shortages are because of some alleged pandemic? It's all planned. Windows 11 is crap, no one can make chips. The unintended side effect is that it's affecting auto makers, too. But maybe that is intended, so they can squeeze everyone into cities and take their cars. You will own nothing and you will like it.

Sounds like a very stupid, possibly evil, 'loophole' in the system then. I frankly couldn't care less about a company's depreciation concerns when a). they already dodge taxes and b). this strategy creates more ewaste and makes the world a generally worse place. Fuck 'em.

@@theglowcloud2215 How don't they pay taxes? You think the enterprise just landfills their old gear?

@@timramich amazon paid zero dollars in us federal or state taxes in 2020. And yes, they just landfill their old stuff because they told the IRS it lost its full value to be able to claim its value as a tax incentive to continue paying no taxes. If those parts end up in the second hand market, and the IRS finds out, not only do they lose that tax incentive, but they then get penalties and fees, and then get put under a microscope for other stuff.

@@chubbysumo2230 Okay

this is intentional. this way the company who buys it can get full depreciation value on their taxes after 3 to 5 years and not have to worry about them ending up being salvaged in the second hand market by paying a company to shred or wreck them. they can just toss them ewaste and no one can reuse them. companies do this kind of shit because it makes them more money. this kind of vendor locking would never happen if there wasn't a monetary incentive to do so.

@@chubbysumo2230 there are valid security reasons for doing this, and valid cynical reasons for it too. I don't think lenovo gives a rat's ass about the resale value of amd cpu's, unless they're getting a kickback for enabling the mandatory ewaste feature.
I feel lenovo enabling this, is to sell the security, and AMD not providing a way to kill PSB on a used CPU, is an ewaste for profit choice.

@@chubbysumo2230 Sure about the depreciation? In Germany where I live, the depreciation rules for taxation are fairly simple for such things. Perhaps to limit bureaucracy. After a certain time (5 years?), the device is legally fully depreciated. Even if you don't scrap it. I think you still need to pay taxes if you earn money from reselling the old stuff, but that is money you would not have otherwise at all.

@@tassadarforaiur yeah sure Lenovo paid shill.

It's just 'muh security' as an excuse for planned obsolescence

The later. Several proof of concept persistence attacks via UEFI exist, and it's only a matter of time before they make their way into malware as a service chains. Adding so much preboot complexity was always a dumb idea, but sadly UEFI won out over concepts like coreboot.
The problem is real. This solution is terrible.

@@michaelkreitzer1369 Imagine what would happen if attackters indeed infiltrate the service chain. Or what happens when the signing key gets compromised? Then Lenovo would have to replace their signing key and would brick all systems that do a service firmware upgrade. It would effectively kill the firmware update service chain for existing systems. Yikes.

@@prescan7000 Indeed, this is just all around a terrible idea.

its because the processor has fTPM built-in - a processor-based TPM solution. The processor checks the firmware to prevent a malicious firmware to be jacked in which would capture bitlocker drive encryption keys.

Thank you!

That's not only on lenovo, but at every single OEMs implementing PSB

Ha!

Not Only there. Also Wifi and WWAN often have this kind of vendor lock. Even on Lenovo.

@@RexorProxer it's all started from whitelist of ThinkPads...

There used to be an underground bios modding community .. that removed this bullshit. But signing checks made it harder

@@LiEnby I love motherboard makers that have flashback functionality to flash modified BIOS. That should be industry standard. Only people that know what they are doing would ever even know the functionality existed.

If you have physical access you could just read the drives with... Another motherboards!!! Imagine that! If your PC is physical compromised your security is a joke

@@virtualtools_3021 but there encrypted.

If you keep them within the M75q's they should be fine.

If PSB is enabled on bios but PSB permantly disabled.. don't boot? I guess idk

@@LiEnby right, or there is a slash screen that allows you to disable PSB on whichever part has it enabled, this should require the BIOS password to be entered

Once you replace CPUs from the factory, then you undermine the idea that the system was not modified from when it left the vendor's factory.

I'm pretty sure it is not that simple. These things act like real fuses, essentially a burnt trace.
Same tech is used to internally customize basic ICs (not just CPUs or Microcontrollers) during factory production cycle.

@@RmFrZQ they may act like real fuses, but a real old school Fuse would be huge and take a lot of die space. that's why I am guessing a EEProm type cell is used. But it might lack the charge pump to get the voltage to clear it.

@@LaserFur they are not huge. It is basically a short trace between two points. You can find videos on YT where people dissolve casings of ICs and use acid etching to see how a die looks internally, layer by layer, under a microscope. They usually comment on what is shown on the screen.

@@RmFrZQ I did some reading and you are right. the "elecro migration" and shoring types would be small. I was thinking of the old prom descriptions.

It's not lenuvo motherboards it's specifically boards running a firmware that is signed by Lenovo.

We have had folks report that their 4000 series CPUs are vendor locked.

And write on it in black marker
"This ain't the shit I paid for".

We did not test that, but Dee who has the pinned comment here posted on Twitter that there were issues. That is what we would expect with PSB so it makes sense.

We are going to have a bit of a guide on this system, but then get into some HP alternatives that are going to be eye opening for many folks.

@@ServeTheHomeVideo Maybe the solution is engrave the key on the processor so that users can enter it into bios? Not really possible with the length of a good key, but an idea that still requires physical access to the processor.

From the factory

Lenovo don't have the capacity to disable it. It's in the CPU. It's AMD's feature. Don't get me wrong, Lenovo also deserves a ton of criticism, but this is AMD's spec.

Currently, no. Intel does not have the same set of security features as AMD. On Ice Lake servers, for example, server vendors put an Intel FPGA for Intel's hardware root of trust feature.

PSB is still around. I believe the P910 is Xeon E5 so it would not apply to older generation systems like that

i had the bad experience on even older hardware like the X5690 generation of xeons and the assigned Lenovo systems:( memory was vendor locked, worked with any memory if spec was right just dropped a error message on boot@@ServeTheHomeVideo