AMD processors are shipped unlocked from the factory, and can initially be used with any OEM’s motherboard. But once they are used with a motherboard with PSB enabled, the security fuses will be set, and from that point on, that processor can only be used with motherboards that use the same code signing key. (Source: AMD statement to STH)I dont think its on the silicon, that would require substantial additional investment.
if AMD uses eeprom cells, its physical enough. your colleague is not under NDA ?I am not so sure that this is a physical thing.
do some remember the UV boxes to erase(logical 1 fill) EEPROMs ?good point. in either case, there is nothing the end user can do once its locked.
the EPYC cryptographic processor validates the BIOS with the key/cert. if the BIOS is not signed with right key/cert that fails.think it is possible to try copy signature from a dell bios/bmc to supermicro, if the boot check only the signature