So this basically seems like the AMD equivalent of Intel Boot Guard, except that the keyfusing seems to be done on the CPU, not the PCH.
What I'm hearing here is that Dell, HP, etc. are designing their firmware to keyfuse any unfused CPU it sees to their firmware automatically, silently, and without any prompting whatsoever. And that AMD apparently has no problem with this.
In no way, shape or form is this a reasonable design. A boot prompt before basically quasi-destroying (for many purposes) a CPU would be the only reasonable thing to do. "This operation is irreversible and will render the CPU unusable in other machines", etc.
I'm wondering if Dell etc. could be sued for this.
>Outside of x86, IBM POWER10 is making a push for enhanced security, so the will need to have a silicon root of trust to enable their security feature set.
If this were true, this would make POWER10 dead-on-arrival in terms of being something Raptor is willing to ship. Comments made by Raptor don't suggest this and suggest they will be able to ship POWER10 eventually, so it doesn't seem likely.
Keyfusing is an excessively brittle technology, can't support key rollover (you're stuck with one key forever, or at best can change it only a couple of times, depending on the size of OTP), and is basically unusable for owner controlled (not vendor controlled) secure boot.
Having such a prompt doesn't really alleviate any of the concerns in this article. I still have to worry about that when buying a second hand CPU, except now I'm even less sure, because sure the CPU came out of a Dell, but maybe the owner never fused it.
If the CPU doesn't perform as advertised you can always return it. The only hope here may be putting enough pressure on Dell and whoever else to make their components worthless on the second hand market.
I've been involved in more than one purchasing decision where the ability to resell the parts was factored into the sticker price.
Well, if the CPU has worked fine for ages but stops working after trying it out in (say) a new Dell server... then the cpu isn't really "returnable" as the Dell server is the one that broke it. :(
Nope, very likely. In Kansas at least it is explicitly impossible to disclaim an implied warranty or suitability for a particular purpose. Most other states are actually de facto the same -- how can you sell something without it addressing some need of the purchaser?
If it doesn't fulfill that need, even second hand, you can get your money back.
Ali Express doesn't care about your local laws. Neither does Craigslist, nor eBay. If you're buying a Dell from Dell, then sure, but that's never been the problem anyway.
If someone sells to you they must operate under your state's laws. You can easily bring suit against them in small claims or real court, but you probably won't even need to do that as you can just get a chargeback.
What you are suggesting is absurd. Craigslist, Ebay, Paypal, and the people selling using those platforms are above the law?
I can see how you'd think that if you'd never tried to do any of these things, but in reality there's what the law says and then there's what you can actually get the law to do. Those are sometimes very, very different things. This is one of those times.
It sounds like you might not be familiar with any of the platforms in question. But no, you can't do either of those things to the kinds of people who deliberately sell defective parts on ebay and Craigslist. Or at least, you won't once you figure out what's actually involved.
I would say beside as opposed to above, but it sums to the same thing.
Manufacturers could also use this to segment their product lines, i.e. prevent you from running a 'server' CPU in a workstation by using different keys or only use different keys for a 'value' line of products.
It makes me wonder if you have a case for demanding a new CPU from Dell, et al, if you unknowingly put a CPU on one of their boards. You do, as far as I can tell.
What I'm hearing here is that Dell, HP, etc. are designing their firmware to keyfuse any unfused CPU it sees to their firmware automatically, silently, and without any prompting whatsoever. And that AMD apparently has no problem with this.
In no way, shape or form is this a reasonable design. A boot prompt before basically quasi-destroying (for many purposes) a CPU would be the only reasonable thing to do. "This operation is irreversible and will render the CPU unusable in other machines", etc.
I'm wondering if Dell etc. could be sued for this.
>Outside of x86, IBM POWER10 is making a push for enhanced security, so the will need to have a silicon root of trust to enable their security feature set.
If this were true, this would make POWER10 dead-on-arrival in terms of being something Raptor is willing to ship. Comments made by Raptor don't suggest this and suggest they will be able to ship POWER10 eventually, so it doesn't seem likely.
Keyfusing is an excessively brittle technology, can't support key rollover (you're stuck with one key forever, or at best can change it only a couple of times, depending on the size of OTP), and is basically unusable for owner controlled (not vendor controlled) secure boot.