Skip to main content

Lenovo Using PSB on Threadripper and EPYC Systems To Reduce CPU Tampering

Data center
(Image credit: Shutterstock)

ServeTheHome has just confirmed that Lenovo is fully utilizing AMD's Platform Secure Boot (or PSB) in its server and workstation pre-built machines. This feature locks AMD's Ryzen Pro, Threadripper Pro, and EPYC processors out from being used in other systems in an effort to reduce CPU theft.

More specifically, this feature effectively cancels out a CPU's ability to be used in another motherboard, or at least a motherboard not from the original OEM. If a thief wanted to steal these chips, they would have to hack the PSB hardware and firmware to get the chip functioning in other hardware.

But that would be super difficult to do. AMD's Platform Secure Boot runs on a 32-bit AMD secure ARM SoC with its own operating system. The hardware isolation is another layer of security for the system, as it's nearly impossible to access FSB since the system won't be able to detect the ARM processor in the main operating system.

In theory, this feature is an excellent idea. It effectively makes these chips OEM exclusive, which can help reduce CPU theft. On the other hand, this feature will prevent current owners of these pre-builts from using the chips in other systems down the road.

It's not much of a problem today, but suppose the system gets a CPU upgrade in the future. The old CPU effectively becomes e-waste, unless it ends up in the hands of someone who already has a compatible Lenovo system. Alternatively, if a motherboard fails, it locks the user into using a replacement motherboard from the original vendor.

Thankfully, this feature has to be enabled by an OEM in the first place, so you can still go out and buy an EPYC, Ryzen Pro, or Threadripper Pro CPU/system that isn't using this feature specifically. Still, this feature can be a double edged sword. Most people buying servers aren't going to be swapping chips out and using them in other systems, so this potential issue should be quite rare.

Perhaps more worrisome is that Ryzen Pro processors from the Renoir and Cezanne families also support PSB. Enabling it on that sort of hardware and the resulting vendor lock-in would limit the ability to part out such PCs in the future.