[HHad3]

What threat model does AMD attempt to address by burning vendor keys into the CPU itself? It can't be physical attacks, because a physical attacker could just replace the CPU by one w/o PSB fuses blown and then go on his merry way to patch the board's firmware.

If physical attacks are not an issue, then why is there no separate ROM on the board that provides vendor PSB configuration instead of burning this info into the CPU? Remote attestation as described by the author of this article would continue to work nicely and securely with an out-of-CPU ROM.

A separate ROM seems to be the obvious solution to me, so either I am missing something, or the second-hand CPU market was (deliberately?) ignored to save the cost of a separate ROM chip.

[csdvrx]

> What threat model does AMD attempt to address by burning vendor keys into the CPU itself?

Economic threats: the secondary market prevents price discrimination (just try to purchase a 5750g...), and AMD may be preparing a scheme to pocket the money that currently go to scalpers. But unless they have enough supply to replace these grey market channels + adequate bot protection, it makes no sense.

Still, preventing people grabbing prebuilts to part them out may be the first them of their battleplan.

[reanimus]

My guess is that it's for the firmware TPM? That's the only sort of thing I'd think of that's CPU-specific.