Something that I have been working on for the past few days is confirming that Lenovo is indeed using AMD PSB or Platform Secure Boot in its AMD EPYC platforms. One of the key reasons was that we had a user report in the STH Forums that they purchased a number of the Lenovo ThinkStation P620’s only to find that the AMD Threadripper Pro CPUs were being vendor locked to Lenovo platforms. We did not have additional CPUs to test the feature when we did our Lenovo ThinkStation P620 review, however we call the Threadripper Pro the “WEPYC” since it is effectively a workstation EPYC. As such, it has the ability for AMD PSB to be used.
What is AMD PSB? Why Should We Care?
AMD PSB has been a polarizing feature on STH, and for good reason. The feature helps establish a hardware root of trust from the CPU to the rest of the system. When one reads about stories with supply chain tampering, this is the type of feature that is designed to help prevent that. The first company we found using this was Dell EMC. HPE initially confirmed, then said it was not using the CPU vendor locking feature while we were in discussions around our HPE Trusted Supply Chain Servers Built in the USA piece. Now we have confirmation from Lenovo.
The benefit of a hardware root of trust will make sense to many of our readers, but there is another side: using AMD PSB vendor locks CPUs to a vendor ecosystem. If one purchases a system with the intent to upgrade later, then the CPUs that come out of a Lenovo system will be locked to that ecosystem. Likewise, one can use a new tray CPU in a Lenovo system with PSB, but cannot use a CPU that had previously been in a Dell EMC server and vendor locked to Dell in a Lenovo server.
So while a server vendor, like Lenovo, can create more secure solutions, it comes at the expense of enabling a circular economy where chips can be repurposed in the future.
Lenovo typically focuses its server marketing on getting reviews from less independent sources than STH which is likely why this has not been found previously. The company had asked about getting AMD servers reviewed just before we published the AMD PSB piece. We completely understand why this is a sensitive topic for Lenovo since it offers a great security feature while also bringing up the question of increasing eWaste and limiting a circular economy.
Eventually, we expect more vendors to enable this feature, and it will come to more areas of the server market and potentially expand in the workstation market as well. We simply wanted to post this since it was not something we were able to test in our Lenovo ThinkStation P620 review. We can understand the latest user report in our forums on that system given Lenovo confirmed today that it is enabling the vendor locking feature in its server line that uses a similar processor.
Again, since there are implications to the circular economy, we wanted to ensure our readers are aware of this feature from Lenovo.