If this was about actual security, not destroying the secondary market, the obvious solution for this would be providing a way to "factory reset" the CPU using a pin that is normally physically disconnected.
An attacker that breaks into your datacenter to physically reset the CPU could also swap it, so once you have physical access, the security argument doesn't hold. OEMs/recyclers could simply plug each CPU into a testing/resetting jig that has this connected, or mainboards could have a jumper for it.
Disgusting.
Edit: I wonder if this will enable a new category of ransomware. "Pay us (half the current value of your CPUs) to get your firmware signed with the key that we just locked all the CPUs in your fleet to".
An attacker that breaks into your datacenter to physically reset the CPU could also swap it, so once you have physical access, the security argument doesn't hold. OEMs/recyclers could simply plug each CPU into a testing/resetting jig that has this connected, or mainboards could have a jumper for it.
Disgusting.
Edit: I wonder if this will enable a new category of ransomware. "Pay us (half the current value of your CPUs) to get your firmware signed with the key that we just locked all the CPUs in your fleet to".