This method prevents the user from trying to recover with a backed up encryption key, or booting live media. Instead it makes it clear that this motherboard is compromised and cannot be safely used.
And in the current model, what prevents the user from assuming the processor is dead and replacing it with an unlocked one (which will then presumably become permanently locked to the compromised motherboard)?
If you care about this specific attack scenario then make sure you check the keys with a management tool or something. It's not necessary to make the chip unusable for almost every aftermarket user just to make it a little bit clearer that a compromise has happened in that rare case.
Fair point. Though in many large environments the number of people with access to the IPMI console is greater than the number of people with physical access who can swap out a CPU.
I'm just trying to speculate what might be driving demand for this type of feature, since TPMs already exist.
