Domain: tonymcfadden.net
Stories and comments across the archive that link to tonymcfadden.net.
Comments · 10
-
Re:Old and busted: Bill Gates New hotness: Steve J
One company is buckling to industry pressure and including DRM, the other has a fricking Trusted Platform Module in every new computer it makes. The double standard is infuriating.
TPM isn't restricted to the Apple line, so there's no double standard. A quote from https://www.trustedcomputinggroup.org/faq/TPMFAQ/
: Are systems with TPMs available?
Desktop, notebook and tablet PCs with TPMs are available from Dell, Fujitsu, HP, Intel, Lenovo, Toshiba and others.More here and here. In fact, it's becoming more difficult to find a manufacturer that *doesn't* implement a TPM.
Besides, it's not the addition of a chip on the motherboard that's the problem, rather how and where it's used. As far as I'm aware, it's currently unused on Apple hardware; Microsoft however require it for BitLocker in Vista.
-
Re:Macs only?
-
Re:Macs only?
There may still be some controversy about whether TPMs are in all Intel Macs. In any case, there doesn't seem to be any software way to access them, unlike PCs.
TonyMcFadden.net has a reasonably up to date list of systems that have TPMs in them, as well as manufacturers of the chips themselves, software suppliers, etc. -
a lot of intel chipsets do have tcpa/tcg drm
http://www.tonymcfadden.net/tpmvendors.html
You can see that a lot of intel chipsets do have tcpa/tcg.
And yes tcg is used for drm (and remote identification of your hardware aka "remote attestation"):
http://www.informationweek.com/blog/main/archives/ 2006/02/yes_trusted_com.html -
beware of the fritz chip..
the article doesn't say if a specific thinkpad model was chosen, nor could I find the info on the indiana state website. As mentioned here http://www.tonymcfadden.net/tpmvendors.html, lot's of thinkpad models already come shipped with an "atmel", which is a TPM 1.2 chip... a fritz chip... buyers beware!
-
Does your PC have Trusted Computing?
You can find a list of known Trusted Platform Module (TPM) manufacturers and implementations from the TPM Matrix
-
Re:no it doesn't...
Oh I can't help myself.
A treasure trove of Wintel TPM offerings predating the IntelliMac! Featuring, at the very least, the Gateway FX400 home PC, introduced in July 2005. Gateway's having problems, but I bet they've shipped more FX400s with TPM modules than Apple has in the quest for the "broad mainstream consumer market," whatever the hell that is. Feel free to walk through the rest of the list. You need to prove that those machines are only sold to enterprises. Fact is, Dell Latitudes have been and are sold to individuals in bulk. So are half the machines on that list.
Also, just for fun, a review of the best selling computers under 1000 pounds from November 1997. USB galore. Intel introduced USB with the 430 Triton II chipsets, which came out far earlier than the iMac.
I have no doubt that I can keep citing back earlier than you. If you want to feel persecuted, go nuts. I didn't question wireless, I didn't question laser printers. Yet claiming that Apple introduced USB and TPM to the mainstream is nuts. The gigabit ethernet claim is probably nuts as well, but you don't even bother to read the things that you do cite, so I feel like I'm wasting my breath. -
Re:What about switching the root cert?
The relevant keys may be stored in a "trusted platform module", a hardware device that is designed to wall off its contents from the owner of the computer. The TPM requirement (?) for Vista is one of the first steps in the so-called "trusted computing" scheme. TC is deceitfully promoted as "security", but is in fact a vast DRM and remote-control system. When ISPs start requiring it to be present and turned on as a condition of internet access, computers will be "trustworthy" from the viewpoint of the commercial software vendors and copyright cartel, but complete, treacherous trojans from the viewpoint of their owners, not only for music and movies but for communication as well.
-
How is the TPM used?
I know a great deal about TPMs, I have a computer with a TPM. They are very common. Many high end laptops and desktops have TPMs. Here is an up to date list of systems that have TPMs. They include manufacturers such as HP, IBM, Acer, NEC, Dell, Gateway, Toshiba, Fujitsu, and Samsung. You've probably heard of some of them. It's easy to get a computer with a TPM. Probably in a few years it will be hard to get a computer without one.
What does a TPM do? Essentially it is just a crypto chip. It can hold keys, and sign and encrypt data with them. It's completely passive. It never takes control of your system or does anything invasive. It doesn't even monitor the bus or snoop on data flows. It merely hashes, signs and encrypts data, on request from the CPU.
How is it used for DRM? It can't be done today. They way it would be used, sometimes in the future, is to ship the chip with a unique key pre-installed in it, and with a certificate from the manufacturer on that key. Then the BIOS and OS get enhanced to do a "trusted boot" in which every software component gets its hash reported to the TPM. This allows the TPM to send out a crypto-signed "attestation" about the software configuration on the computer. It is signed by the built-in key, and that key is known to be a legitimate TPM key by virtue of the certificate that was created at manufacture time.
This lets a remote server verify that you're running a genuine version of Media Player or iTunes and not some hacked thing that will strip the DRM and put it out on the net. Your system can report its software configuration and that attestation can't be forged, because you don't control a TPM key that has a cert on it from a TPM manufacturer.
It's a complicated system, and no part of it exists today. Manufacturers don't ship TPMs with pre-installed keys, and they don't issue certificates. Nobody wants to touch that stuff with a ten foot poll. I know, I've tried to get a computer with a certified TPM for research purposes, but they're just not available.
How would Apple use a TPM to keep the OS from running on non-Apple PCs? This is the $64 question, but I haven't seen much information about it. If they just look for the presence of a TPM, that won't help much - see above for all the computers out there that have TPMs.
My guess is that it is more likely that the mechanism Apple will use or is using to keep from running on non-Apple hardware is not the TPM. They will probably use a custom chip. The TPM is extremely standard, the Trusted Computing Group has hundreds of pages documenting it. It would be crazy to twist that standard.
Rather, I'm guessing that Apple uses the TPM for crypto purposes, possibly with an eye towards eventual DRM if and when the necessary massive infrastructure ever gets built. Due to its unique position as designer of both the computer and the software, Apple might even be in a unique position with regard to rolling out some form of TPM based DRM, just as they were among the first to create a commercially successful DRM system in iTunes. My speculation is that Apple is not using the TPM to stop hackers porting its software, they're using the TPM because it's useful. It just happens that the hackers don't have many systems with TPMs.
If so, then, it is merely accidental that the use of the TPM is a road block for experimenters determined to run the Apple software on non Apple PCs. It's possible that if they looked at the list they would find some computers lying around that had TPMs in them, and if they tried on those computers, the TPM software would work fine. Maybe the OS would then run in its current form. It sounds like it's worth a try, anyway. -
How is the TPM used?
I know a great deal about TPMs, I have a computer with a TPM. They are very common. Many high end laptops and desktops have TPMs. Here is an up to date list of systems that have TPMs. They include manufacturers such as HP, IBM, Acer, NEC, Dell, Gateway, Toshiba, Fujitsu, and Samsung. You've probably heard of some of them. It's easy to get a computer with a TPM. Probably in a few years it will be hard to get a computer without one.
What does a TPM do? Essentially it is just a crypto chip. It can hold keys, and sign and encrypt data with them. It's completely passive. It never takes control of your system or does anything invasive. It doesn't even monitor the bus or snoop on data flows. It merely hashes, signs and encrypts data, on request from the CPU.
How is it used for DRM? It can't be done today. They way it would be used, sometimes in the future, is to ship the chip with a unique key pre-installed in it, and with a certificate from the manufacturer on that key. Then the BIOS and OS get enhanced to do a "trusted boot" in which every software component gets its hash reported to the TPM. This allows the TPM to send out a crypto-signed "attestation" about the software configuration on the computer. It is signed by the built-in key, and that key is known to be a legitimate TPM key by virtue of the certificate that was created at manufacture time.
This lets a remote server verify that you're running a genuine version of Media Player or iTunes and not some hacked thing that will strip the DRM and put it out on the net. Your system can report its software configuration and that attestation can't be forged, because you don't control a TPM key that has a cert on it from a TPM manufacturer.
It's a complicated system, and no part of it exists today. Manufacturers don't ship TPMs with pre-installed keys, and they don't issue certificates. Nobody wants to touch that stuff with a ten foot poll. I know, I've tried to get a computer with a certified TPM for research purposes, but they're just not available.
How would Apple use a TPM to keep the OS from running on non-Apple PCs? This is the $64 question, but I haven't seen much information about it. If they just look for the presence of a TPM, that won't help much - see above for all the computers out there that have TPMs.
My guess is that it is more likely that the mechanism Apple will use or is using to keep from running on non-Apple hardware is not the TPM. They will probably use a custom chip. The TPM is extremely standard, the Trusted Computing Group has hundreds of pages documenting it. It would be crazy to twist that standard.
Rather, I'm guessing that Apple uses the TPM for crypto purposes, possibly with an eye towards eventual DRM if and when the necessary massive infrastructure ever gets built. Due to its unique position as designer of both the computer and the software, Apple might even be in a unique position with regard to rolling out some form of TPM based DRM, just as they were among the first to create a commercially successful DRM system in iTunes. My speculation is that Apple is not using the TPM to stop hackers porting its software, they're using the TPM because it's useful. It just happens that the hackers don't have many systems with TPMs.
If so, then, it is merely accidental that the use of the TPM is a road block for experimenters determined to run the Apple software on non Apple PCs. It's possible that if they looked at the list they would find some computers lying around that had TPMs in them, and if they tried on those computers, the TPM software would work fine. Maybe the OS would then run in its current form. It sounds like it's worth a try, anyway.