AMD EPYCs haben Mainboard-Lock wenn die Hersteller es wollen
Wie ServeTheHome und auch einige feststellen mussten, gibt es ein bisher nicht bedachtes “Feature” bei den AMD EPYC CPUs der 7001er und 7002er Serie:
Die Mainboard-Hersteller können die CPUs auf ihren Boards sperren. Es soll der Sicherheit des Systems dienen.
Worum es geht:
Man steckt einen fabrik-neuen EPYC in ein DELL Board und startet das System. Beim ersten Start brennt sich eine Einmal-Sicherung in die CPU und danach startet die CPU nur noch in DELL Boards mit entsprechend signiertem BIOS. Steckt man danach jedoch die CPU zB in ein ASUS oder ASRock Board startet die CPU nicht, die CPU stellt sich tot, bis diese wieder in ein DELL Board kommt. Auch Hewlett-Packard Enterprise soll dies haben.
The AMD Platform Secure Boot Feature (PSB) is a mitigation for firmware Advanced Persistent Threats. It is a defense-in-depth feature. PSB extends AMD’s silicon root of trust to protect the OEM’s BIOS. This allows the OEM to establish an unbroken chain of trust from AMD’s silicon root of trust to the OEM’s BIOS using PSB, and then from the OEM’s BIOS to the OS Bootloader using UEFI secure boot. This provides a very powerful defense against remote attackers seeking to embed malware into a platform’s firmware.
An OEM who trusts only their own cryptographically signed BIOS code to run on their platforms will use a PSB enabled motherboard and set one-time-programmable fuses in the processor to bind the processor to the OEM’s firmware code signing key. AMD processors are shipped unlocked from the factory, and can initially be used with any OEM’s motherboard. But once they are used with a motherboard with PSB enabled, the security fuses will be set, and from that point on, that processor can only be used with motherboards that use the same code signing key. (Source: AMD statement to STH)
Problem daraus:
Solange man die CPUs innerhalb einer Firma wandern lässt (zB innerhalb DELL-Systeme oder HPE-Systeme) funktioniert es. Will man aber eine CPU aus einem solchen System ziehen und diese in andere Systeme stecken (oder weiterverkaufen) starten die CPUs nicht mehr.
Für die Sicherheit des gesamten Systems ist dies gut — für den Zweitmarkt und die Umwelt ist dies nicht gut!
Update 1:
Die EYPC stellen sich nicht tot sondern starten an und hängen mit dem POST-Code 78
Im STH Forum gibt es ein Thread hierzu
DELL schreibt hierzu in der verlinkten PDF:
The first generation of the AMD EPYC processors have the AMD Secure Processor – an independent processor core integrated in the CPU package alongside the main CPU cores. On system power-on or reset, the AMD Secure Processor executes its firmware while the main CPU cores are held in reset. One of the AMD Secure Processor’s tasks is to provide a secure hardware root-of-trust by authenticating the initial PowerEdge BIOS firmware. If the initial PowerEdge BIOS is corrupted or compromised, the AMD Secure Processor will halt the system and prevent OS boot. If no corruption, the AMD Secure Processor starts the main CPU cores, and initial BIOS execution begins.
The very first time a CPU is powered on (typically in the Dell EMC factory) the AMD Secure Processor permanently stores a unique Dell EMC ID inside the CPU. This is also the case when a new off-the-shelf CPU is installed in a Dell EMC server. The unique Dell EMC ID inside the CPU binds the CPU to the Dell EMC server. Consequently, the AMD Secure Processor may not allow a PowerEdge server to boot if a CPU is transferred from a non-Dell EMC server (and CPU transferred from a Dell EMC server to a non-Dell EMC server may not boot). AMD EPYC Generation 2 processors also offer the AMD Secure Processor — for cryptographic functionality for secure key generation and key management. This provides full stack encryption without any overhead for the processor. In addition, for hardware-accelerated memory encryption for data-in-use protection, the security components in Rome processors include the AES-128 encryption engine, which is embedded in the memory controller and automatically encrypts and decrypts data in main memory with an appropriate key.
Update 2:
Hewlett Packard Enterprise ist doch nicht betroffen — HPE löst dies anders als DELL über ihre eigenen BMC Chips statt über die PSP in den EPYC und brennt sich daher nicht in die EPYC rein wie DELL.
HPE clarified that they are doing this in a different manner than Dell after initially confirming that they were using the AMD PSB feature. After this went live, HPE sent us the following:
HPE does not use the same security technique that Dell is using for a BIOS hardware root of trust. HPE does not burn, fuse, or permanently store our public key into AMD processors which ship with our products. HPE uses a unique approach to authenticate our BIOS and BMC firmware: HPE fuses our hardware – or silicon – root of trust into our own BMC silicon to ensure only authenticated firmware is executed. Thus, while we implement a hardware root of trust for our BIOS and BMC firmware, the processors that ship with our servers are not locked to our platforms. (Source: HPE)
Quelle / Links:
STH Artikel dazu (engl.)
STH Video dazu (engl.)
DELL Info PDF hierzu (engl.)