Slashdot Mirror

I believe the conroe 2 chipset has TPM mentioned here. I could be wrong

http://trustedcomputing.org/ , click on products.

Just a note on the GP's post, According to the Trusted Computing Group's website, TC does not directly support and is not intended for the implementation of DRM, and is completely opt-in for the user. Of course, opt-in doesn't mean much if your ISP forces you to use it, and if they build a framework that lets other software implement DRM easily, then it might as well be DRM itself. Stallman calls it "Treacherous Computing." Bruce Schneier's point of view on TC was that it could be bad, but it's not inherently evil, and that the Trusted Computing Group's reccomendations for implementing TC looked alright, but when Microsoft released their own Best Practices documentation, it left them a lot more room for abuse. That's just my 2 cents from what I've read.

With TCPA being proposed as far down as the firmware level; how will you be able to sign/launch your bootloader of choice?

The short explanation:

TCPA hardware will do everything today's hardware does. It adds an extra chip (the Trusted Platform Module) that logs what software has had control of the computer from boot to the current time. You can run any open BIOS, boot loader, or kernel you want, but if you choose software that lets you do whatever you want with your computer, other computers will know and refuse to talk too your computer.

The specs are available for you to read.

Isn't Microsoft looking to create a nasty piece of BIOS (or no BIOS) which would lock down a system beyond the belief of most persons who aren't "well educated" WRT technology; i.e., the people who wouldn't have a need for tinkering with the system.

No. Microsoft and others have created a nasty piece of technology including BIOS modifications which, working with other modifications and additions to standard PC hardware, will not only lock users out of performing certain actions but could be used to allow total control over end user machines by Microsoft or the government (or your personal least favorite organization), regardless of how tech-savvy the end user might be.

Being smart does not make you safe.

Don't reply about how you can always gain complete control of your own hardware with enough technical knowledge and time. Read Ross Anderson's TCPA FAQ too see why that still applicable bit of security wisdom isn't sufficient to throw off the yoke of TC. Go here for all the technical nitty gritty if you're not still convinced.

The DRM + security features are those of the Group formerly known as the TCPA. TCPA has frequently been discussed on Slashdot.

From http://www.intel.com/design/pca/prodbref/253820.ht m>:

"The Intel PXA27x processor family incorporates the Intel® Wireless Trusted Platform that is designed to provide platform trust and robust security services required for today's wireless devices. Built around the concepts developed by the Trusted Computing Group* (TCG) industry forum..."

For a slightly doom-spelling (unforunately Ross tends to be right far too often) check Cambridge University professor Ross Anderson's Trusted Computing FAQ. There is also his Cryptography and Competition Policy - Issues with `Trusted Computing' paper as well.

You can also look at documents at Trusted Computing Platform Alliance, and I recommend reading The TCPA; What's wrong; What's right and what to do about by William A. Arbaugh

I haven't had time to sort through all 900+ replies on this thread but...

Isn't this code leak going to open a huge gateway for M$ and others to promote Trusted Computing and the use of 'fritz chips'?

Trusted Computing scares the living hell out of me...I can see this code leak as the gate to some bad times ahead for all...

Trusted computing is the next big thing in the PC industry. Get in or be left begin in the dust, wondering why all your competitors are making mad cash while you barely keep your family afloat.

I know a lot of people don't want to hear this, but keeping your eyes closed while the industry is wooshing by you isn't quite economically sound behavior.

Mod me down, I have plenty of karma to burn.

That's why Trusted Computing will only allowed signed drivers. Get the picture? When Bill puts "My Computer" on your screen, he means it.

Why wouldn't you just take the 2 GHz computer you already have sitting on your desk? Are you dumb or what?

Trusted Computing home page includes a list of documents.

Direct link to the specs. It is a Zipped PDF. Seriously heavy reading.

I just found two other spec documents on that page. I just downloaded them, but haven't looked at them yet.

-

What TCPA does is sign a hash of the OS that is loaded with an "endorsement key", embedded in the TCPA by the vendor and unaccessible to the user.

This is incorrect; I don't have time to explain what a TCPA-compliant TPM does, but you can find out all you'd like to know here (look at the section entitled Documents"). In particular, this document.

However, although your description of the mechanism is incorrect, your explanation of the potential effect is right. Among other things, the TCPA makes it possible for a user to generate a public/private key pair whose private key is only usable by the system when it's running a particular set of software (BIOS/OS and selected applications), and is never accessible at all. Given that capability, it is therefore possible to get the public key certified by some third party and then to use the private key to authenticate the boot configuration.

After that has been done, it is then possible for someone to send you data that is only decryptable when you have booted into a certified configuration.

But who would do the certification? And how would they know what the system is running when they certify it? Keep in mind that it's not possible for, say, MS to "certify Windows 2005", the certification is specific to each and every machine. There's really only one way for the scenario you described to work on a large scale, and that's for the hardware vendors who pre-install software to have the TPM generate a key pair and certify it for use by third parties, like web sites.

TCPA is a very useful security tool, but it is possible for it to be abused, given collusion between manufacturers, operating system vendors and content providers.

What we need to avoid all of this is strong digital consumer legislation that requires that every digital rights management system include escape hatches to allow for Fair Use, format shifting, platform shifting and copyright expiration. That would prevent the abuse of the technology without taking away the usefulness of TCPA.

Fat chance.

does anyone seriously believe that enough people are going to buy an XBox and use it for non gaming purposes to actually hurt M$ financially ?.

Possibly.

Remember that XBox security is in effect a precursor to MS' proposed new 'trusted platform', the next generation of their OS and of their business model. If what is happening here is that we are developing a cadre of skilled reverse engineers who can find their way around and through MS' security schemes, then they will not be able to lock down the next generation of PCs as they propose, and it's essentially game over for them.

Remember, any business, however big, can come crashing down if the economic niche that it filled disappears. Linux will take away the market for closed proprietary operating systems. Other initiatives, mostly Open Source ones, will erode the market for closed proprietary office software. The same dynamics which made Microsoft dominant in the first place can quickly make them irrelevent.

Microsoft know this and their current strategy to avoid it is to evolve a technical and legal wall around the hardware, so that it's impossible to get 'untrusted' (read 'open source') software to run on it. The XBox hackers, by demonstrating to the world that this does not work, are undermining Microsoft's new fortress. And it's particularly delightful that Microsoft gave them the tools to do it.

Go XBox hackers! Develop and hone your skills. The real test is yet to come, but I have faith in you...

In case you're actually interested in reading what the technologies are about, instead of just FUD. Here is The TCPA and Microsoft's Next-Generation Secure Computing Base (which is what came from the Palladium Project).

Optional as in you won't need it if you don't want to [use any new copyrighted works]

You assume that all authors would switch over to a digital restrictions management system. This may be true of the studios in the Motion Picture Association of America, but there remains a thriving community built around limited free sharing of copyrighted works, especially computer programs.

And if you claim that free software won't be allowed to boot on future computers, I don't find that substantiated. What I've read of the Palladium specification states that Palladium comes into play only when the system is booted with Palladium support turned on in the BIOS, and only for those processes that import palladium.dll. From Microsoft's marketing material: "A 'Palladium'-enhanced computer must continue to run any existing applications and device drivers." And the TCPA TPM FAQ (pdf) states that "The trust model the TCPA promotes for the PC is: the owner runs whatever OS or applications they want".

i want a sandbox (run from un-writeable media, cd perhapse) that automatically checks md5 checksums against every program/dll/library i use every time i use it against some pgp checksums. lets see them get around that! with faster processors/hds/ram this should be feasible without too much wasted time.

You are lucky then.

Or do you?

To understand the TCPA specification the user MUST read the specification. (This use of MUST indicates a keyword usage and requires an action).

Okay, am I crazy, or did Brian not mention that TCPA and Palladium are two different initiatives?

While it is concievable that Microsoft would use TCPA in Palladium, it's also concievable that they would develop their own, proprietary thing and try to force people to use that instead

You don't fully understand TCPA and Palladium then. Palladium is software that requires custom hardware to function, and TCPA is the hardware it requires. TCPA and Palladium are "different inititives" just like monitors and the graphics cards are "different inititives". Palladium on a computer without TCPA works as well as a monitor on a computer without a graphics card (or speakers on a computer without a sound card). TCPA does the work, it's the guts of Palladium. Palladium is the interface between TCPA and the user.

yell at the mobo people, since it's actually them that are "forcing" AMI to implement this.

You're getting warmer, but there's a second step you missed.

You're right that AMI doesn't have much choice in the matter, but think for a minute - WHY are the motherboard manufacturers demanding TCPA? Hint: it's not because consumers want it. Consumers have never even heard of TCPA.

It's because Microsoft is demanding motherboards support TCPA. Microsoft's next operating system WILL REQUIRE TCPA. Therefor any motherboard that doesn't have TCPA is going to be incompatible with the next Windows. Any hardware that is incompatible with Windows is dead-on-arrival on the market.

Palladium cannot do anything without TCPA hardware or some other hardware that does essentially the same thing as TCPA (a rose by any other name is still a rose). And TCPA is extremely specialized hardware that can be used for almost nothing other than Palladium or some other software that does essentially same thing as Palladium (a rose by any other name is still a rose).

TCPA has a definite on-off switch

Yes, and numerous other posts have explained why it will become increasingly difficult to turn it off. For Windows users it will become impossible to avoid, and it will be the ultimate lock-out against non-Windows users. Check this post where I describe how it could potentially be used to essentially "embrace and extend" the internet. Everyone else gets locked out. Don't forget that pretty much all online purchases will use it.

Metaphor: a small microphone... they have plenty of good uses as well.

Exactly, except TCPA/Palladium do NOT have good uses. I am a programmer. I know how it works and what it does. Any "good uses" can be done without TCPA or Palladium. TCPA has one use and once use only - to lock the owner out of his own computer.

To be honest I do see one good use for it - preventing cheating in multiplayer games. But that's just more proof of what I said: the ONLY use for TCPA is to lock you out of your own computer.

TCPA is not for your security. It is not for your trust. It is security AGAINST the owner of the machine.

The problem here is... they aren't seeing the potential benefits

There are none. They (TCPA.ORG and Microsoft) claim all sorts of good uses, but it is 100% smoke and mirrors. Go ahead, name ONE benefit other than locking people out of their own computers. There aren't any. It's understandable that people fall for their deception, it takes a programmer to fully understand how it works.

As far as I can tell by this article

Unfortuantely this article is 100% useless for understanding the issue. He was here defending AMI, and yes, for the most part AMI is just getting dragged along by forces beyond their control.

Question 1 was:
Specifically, could TCPA be used against free OS's like Free/Open/netBSD and Linux to prevent those users from accessing the same content users of commercial OS's can?

He spent several paragraphs NOT answering the question. Ans the answer is yes, TCPA can be used against other operating systems in that manner. Open OS's can "use" TCPA, but they will still be locked out. It is a "useless" sort of use. You need the approval of the impotrand root authorities for TCPA to be usefull, and open OS's won't be getting approval.

Question 2 had nothing to do with TCPA.

Question 3 was about speed (not important here) and:
how will this benefit the end-user?

He did not answer this question. All he did was give a link to the TCPA FAQ. I explain in this post how that FAQ is pure propaganda. Read my post then read the FAQ. The only benefits it lists are Trusted computing, security, and access control, except all of those phrases are really euphemisms for DRM. There are NO uses where you need TCPA to give you security on your own machine. When they say "security" it equals DRM - security FROM the owner of the computer.

Questions 4 and 5 have nothing to do with TCPA.

Question 6 is a valid problem:
Isn't the goal of "trusted computing" to allow entities other than the owner of the computer to control what the owner does with his/her hardware? ...a trusted computer is one that can't be trusted by the computer's owner ...designed to make the computer it is installed in less useful to the purchaser of the computer

His answer part (A) is that it's not our fault and he can't or won't defend TCPA. He says go ask/blame TCPA.ORG.

His answer part (B) is it's not our fault and he can't or won't defend Palladium. He says go ask/blame Microsoft.

His answer part (C) is that their customers are not you and me, the consumers. Their customers are motherboard manufactures. He says they pretty much forced AMI to support TCPA. He's saying blame them.

Question 7 was TCPA related, but it didn't tell us anything about TCPA.

Question 8 was EXCELLENT and insightfull. He wanted to know if software could cheat and use TCPA even if you turned it off.

His answer is "it depends". At the end he implies it would require a reboot, but he's mistaken. If a program is going to cheat and turn on TCPA when you specificly turned it off then they can very well cheat and and skip the power on root of trust step. It wouldn't be according to spec and it may or may not be fully secure, but it would work. If TCPA is not switched off by a physical jumper on the motherboard then software can probably cheat and use it anyway even when you turn it off.

Question 9 What is the difference between TCPA and Palladium?

Answer in 3 parts:
(1)TCPA doesn't mention consealing memory. A minor point.
(2)Microsoft controlls Palladium.
(3)Microsoft owns Palladium.

That's it. That's the big difference.
In other words Palladium is little more than a trademark for TCPA.

And question 10 has nothing to do with TCPA.

He defended AMI fairly well, but he never said a single word in support of TCPA or Palladium and he never denied a single attack on it. It is almost inconceivable this was accidental considering that the title of the article was "AMI Guy Talks About TCPA, Palladium, and Other BIOS Issues". I can only speculate that he doesn't support TCPA any more than I do. He works for AMI and he carefully defended AMI without defending TCPA. His answers amounted to little more than "don't blame us, it's not our fault".

-

But first we need to ask ourselves if this is something we really are against in the first place. All the documentation that I've read at the TCPA website indicates to me that it's nothing more than a hardware-level implementation of the operations that security software such as SSH and GPG do. If that's all it is, then I would have to argue that it's actually a Good Thing(TM).

22. How does TCPA relate to the recent Palladium announcement from Microsoft?
Microsoft is a founding member of the TCPA. Detailed Palladium questions should be directed to Microsoft at this time.

While the press release doesn't specifically state support for TCPA, it does state, "Transmeta said its Crusoe processors (which already feature Code Morphing software) would be slightly altered to tackle security and address requirements for securing sensitive data and intellectual property."

This is actually not surprising, considering that many of the Microsoft XP-based TabletPCs use Transmeta chips. It is a natural for them to want to acquire Palladium hardware support for the whole range of devices their OS runs on.

How can you do this in such a way that makes an audit and/or recount possible?

Oh please don't misunderstand, I understand the difference perfectly well, and I enjoyed the original explanation of the meaning of Trusted, very concise. What I was pointing out was that AMI et al are not promoting "Trustworthy Computing" but "Trusted Computing". I think we already have the latter, but REALLY need the former!

Trusted Computing

Not trustworthy :)

The tcpa spec states that the TPM (Trusted Platform Module) contains hashing (SHA-1), random number generation (RNG) , asymmetric key generation (RSA), and asymmetric encryption/decryption (RSA). What advantages can open source projects such as openssh and openssl take by using the TPM implementation of these algorithims instead of normal software implementations? What potential uses can open source software get out of TCPA?

My question is, although the TCPA 1.1 spec sounds harmless enough, what guarantees do we have that the 2.0 spec will not erode our software liberties, or that Microsoft will not successfully lobby to empower Palladium to take away those liberties completely? And if Palladium becomes the only working implementation of TCPA, doesn't the idea of TCPA holding the high ground on DRM/privacy issues really become a moot point?

Is the TPM based platform limited to a particular operating system or microprocessor?

No. The TCPA specification is designed to be platform and OS agnostic. The TCPA specification is not limited to a specific platform, OS or CPU.

The specifications are available for download free from trustedcomputing.org - Any linux distro should be able to take advantage of them.

Its up to you to decide if you want to trust it or not, but that's what their website states.

Is the TPM based platform limited to a particular operating system or microprocessor?

No. The TCPA specification is designed to be platform and OS agnostic. The TCPA specification is not limited to a specific platform, OS or CPU.

The specifications are available for download free from trustedcomputing.org - Any linux distro should be able to take advantage of them.

Its up to you to decide if you want to trust it or not, but that's what their website states.

Fighting spam is like fighting crime, hackers or piracy. For every measure we put in place some spammer somewhere will find a way around it.

All problems are not the same - some have solutions and some don't. Take spam and piracy for example.

There's a system out there right now for spam blocking (I forget the name or URL at the moment, but it's been mentioned before on slashdot) that maintains a whitelist of people that are allowed to contact you, and when it receives an email from a person that is not on the whitelist, it stores that email in a temporary area and emails the sender asking for a confirmation email in return. If the spam-blocker receives a confirmation email (i.e. the actual person gets the return email, hits reply, and hits send as per the directions) then the original email gets through to your inbox. Right now this is a 100% effective spam-blocker. No good email is filtered out, and no spam is let through because spammers forge their return addresses and therefore never get confirmation emails. It has the added bonus of not requiring the user to look through a "junk mail" folder. Implementing this system universally (1) server-side would solve the spam problem. The only way spammers could get through would be to provide actual "from" email addresses which open them up to lawsuits, and (as they have to check incoming messages and reply to them, meaning they have to either host the "from" account themselves or have fast access to a server that does) it would open them up to all sorts of DDoS attacks. Got a 1KB spam email that slipped through with a from address of from@spammer.dynamicdnsservice.com? Hit that ever so satisfying "Can The Spammer" button and blast spammer.dynamicdnsservice.com with 100KB of data. The more spam the spammer pushes out, the more clogged its downstream pipe gets.

(1) Ok, not this system, as a spammer could always find out who your friends are and put their email addresses in the from: header, but a system based on public key cryptography would do the job nicely. That would mean client-side software updates and a protocol change, but it's still a solvable problem.

Now, take a look at piracy. There is a property of information (or data, or bits, or whatever you want to call it) that is so absolute and inviolable that I would go so far as to call it a law of the physics of information. It is: The only way to control the distribution of information is to ensure that the people and machines that have access to that information all agree to control its distribution. That's it - think about it. It means every technology-based digital restriction mechanism can be broken. (2) Yeah, you could put telescreens in all homes and watch everyone 1984 style, but that's a very poor solution. The best way to deal with "piracy" is to stop thinking along the lines of trying to control information like a physical good and find an alternative business model. No endless wasteful competition between DRM designers and hackers, and no more buying expensive DRM snake oil for businesses.

(2) Yes, even palladium can be broken. Here's an easy three-step process for breaking a palladium system:

(1) De-solder the TCPA components from the motherboard except the CTRM (yes, including the cpu if necessary), attach them to an add-in pci card along with a power connector (again, if necessary) and a pci interface chip that talks to the bus and simulates a CTRM that has "measured" a trusted system.

(1.5) Not really a "step". Design and fabricate the above chip.

(2) Write a kernel level driver for the OS of your choice that diverts calls to the trusted hardware subsystem in loaded applications to calls to the driver itself which simulates the trusted subsystem. Any time it needs a "Yes, I am a trusted system." certificate signed, the driver should call upon the pci card to perform this function. (Yes, you can install your own drivers. You just have to boot your system in untrusted mode [where applications would normally not receive services from trusted hardware])

(3) Download "protected files" and let your trusted applications happily place them (in encrypted format) on your hard disk. When you want to directly access the unencrypted data, snag the decryption key directly from the driver.

Yeah, it's complicated, and not all people have the necessary skills to pull it off, but keep in mind that:
*It only has to be done once to release information from DRM jail and make it available to anyone.
*Once the step 1.5 chip has been designed and the driver written (along with a userspace "data recovery" tool), they can be sold fairly easily as the equivalents of "mod chips" in game consoles.

Two last important notes:

*Yes, I've read the TCPA specs and I know this will work. If you would like to verify this for yourself (a smart move), they're freely available for download in pdf format from the TCPA web site.

*This does not mean palladium can be safely ignored - quite the opposite. When the only legal way to access certain content and services is an attempt to violate the physics of information by a single convicted but unpunished monopoly, everyone is in trouble. I'm sure you can think of other terrible consequences, but here's something to get you thinking in another direction. What will happen when everyone trusts the "Trusted Computing Platform Alliance" enough to put their personal (medical, financial, etc...) information into the system?

Most slashdot post look at this from the "Disney is coming for my computer, and Microsoft is bringing them there" angle but I see no reason for Microsoft palladium to be the only application of TCPA. Much as I would like to point out practical possibilities, I cant make heads or tails of the TCPA spec, but at least a "Asymmetric encryption co-processor" and hardware random generator sound useful for most normal (as in non-disney) crypto projects like openssl, gpg and fast-ipsec. Imagen a gigabit Ethernet ipsec enabled router of of the shell hardware with no extra costs as the extra logic comes with the processor at a "normal" price with development paid for by Disney! Even distributed crypto cracking projects might benefit. Ofcourse fun projects are only possible as long as the security and randomness can be proven, no need to directly trust Microsoft, Disney and hpaq yet. But keeping in mind Disney will not like it when Intel and friends make mistakes, excidental or otherwise, things may go very smoothly ;-).

Also there might be a real political benefit here as well, no politician will go and ask for TCPA power and import/export to be regulated just so worldwide snooping agencies have an easy way in, and even if one does, Disney backed politicians will fight them with Disney money backed campaigns to "safe the future of digital "entertainment""! This might even improve export control on other crypto products. Also by the time normal crypto projects are developing this hardware is likely to be so widespread that fighting it is no longer possible. (A sidenote on the snooping agency thing, if distributed cracking with normal Intel/amd chips is works they will probably be first. [insert tinfoil hat level comment here on the "bania" (low energy x86, perhaps all engery to the crypto part mode is posible in the next chip?) being mostly developed by Intel in Israel, the Israeli government increasing funding for Intel which may or may not be part of the settlement politics and the spooky history of Israeli high tech companies selling stuff with military/spying applications to the civilian market without going bankrupt here, and add an imagen a beowulf of these line])

I don't see all the implications of the whole "protected storage"/"protected execution environment" and these may be the parts that prevent people not trusted by disney from using this stuff. However they may also make cheap certificate authorities possible. TCPA might keep the root cert and signing code secure/temper resistant and make sure nothing funny is going on in the rest of the system (OS and hardware).

woops, TCPA Website. =)

Very good point. Most critical systems are already on custom-made hardware (with custom software as well), and I can't imagine any cruise missiles running stock Xeons ever, but with some of the less critical systems, older proprietary systems could be replaced with newer i386 based infrastructure.
According to the TPM FAQ (PDF document), vendor supplied modules will have to be provided for any specific application to use TPM anyway. Yes, Microsoft will have Palladium enabled on the OS by default, but it's doubtful that your pacemaker will be using Modular Windows anytime soon.
I don't think that it's 100% accurate to say that you will have to log on to the internet to use your computer. Palladium would require a valid digital signature to run some content, but I'm sure you could cache that signature somehow. Any music that you have ripped in WMA format has a signature attached to it, and you don't need to log on to the internet to play those.

Hate to say it but its already too late. Palladium is coming and IBM's TCPA is already here. These computers will function fine except they can not run linux due to legal rather then technical reasons at the moment. I wonder if some legal or technical workaround could be possible like a special card could be installed that could act similiarly as the mod chip for the xbox. Just do not run Media Player 9 under any circumstance. I like my rights and will continue to use winamp or even quicktime if aol-timewarner jumps on board the non fair use bandwagon. If apple ever finally dumps Motorolla in favor of IBM's powerpc chips then I will likely run linux/macosx on that platform which may or may not remain drm free. But at least if no legal remedy could be found I could run MacOSX if drm is ever implemented as a standard.

The RIAA had closed door talks with Microsoft, Intel, and AMD and it turns out they caved in. They have invested billions of dollars already in fair use denial technologies. It will be a cold day in hell if they ever changed their minds due to their heavy investment in it. It looks like the Hollings bill even though it failed, had the same effect as passing. Under the DMCA its already illegal to disable or tamper with the copyright protection devices and they will be standard like it or not in %98 of all pc's!

That's 1.5M, out of a global market of 100M or more.

"sensitivity" is a relative term.

You can't stop it. You can already buy an IBM laptop with TCPA and Palladium. And, Intel's not jumping on board, they're the train engineers.

Instead of spreading the same worthless FUD about TCPA and Palladium, why don't you take a stroll through the TCPA specifications? Here are some good places to start:

http://www.trustedcomputing.org/docs/Website_TCPA% 20FAQ_0703021.pdf
http://www.trustedcomputing.org/docs/TPM_QA_071802 .pdf
http://www.trustedcomputing.org/docs/main%20v1_1b. pdf

Here are some of the highlights:

4. Is the TPM based platform limited to a particular operating system or microprocessor?

No. The TCPA specification is designed to be platform and OS agnostic. The TCPA specification is not limited to a specific platform, OS or CPU.

9. Does TCPA certify applications and OS's that utilize TPMs?

No. The TCPA has no plans to create a "certifying authority" to certify OS's or applications as "trusted". The trust model the TCPA promotes for the PC is: 1) the owner runs whatever OS or applications they want; 2) The TPM assures reliable reporting of the state of the platform; and 3) the two parties engaged in the transaction determine if the other platform is trusted for the intended transaction.

18. Does the TCPA support open source systems?

Yes. The ability to use the TPM functionality is available to all developers of software. An open source project could determine to use TPM functionally today. The concepts of measurement, protected storage and attestation of measurements are fundamental concepts that hold true for any type of OS or application. The platforms that support TCPA today are not limited to only one OS and if open source developers provided applications that used the TPM functionality they would find support.

Instead of spreading the same worthless FUD about TCPA and Palladium, why don't you take a stroll through the TCPA specifications? Here are some good places to start:

http://www.trustedcomputing.org/docs/Website_TCPA% 20FAQ_0703021.pdf
http://www.trustedcomputing.org/docs/TPM_QA_071802 .pdf
http://www.trustedcomputing.org/docs/main%20v1_1b. pdf

Here are some of the highlights:

4. Is the TPM based platform limited to a particular operating system or microprocessor?

No. The TCPA specification is designed to be platform and OS agnostic. The TCPA specification is not limited to a specific platform, OS or CPU.

9. Does TCPA certify applications and OS's that utilize TPMs?

No. The TCPA has no plans to create a "certifying authority" to certify OS's or applications as "trusted". The trust model the TCPA promotes for the PC is: 1) the owner runs whatever OS or applications they want; 2) The TPM assures reliable reporting of the state of the platform; and 3) the two parties engaged in the transaction determine if the other platform is trusted for the intended transaction.

18. Does the TCPA support open source systems?

Yes. The ability to use the TPM functionality is available to all developers of software. An open source project could determine to use TPM functionally today. The concepts of measurement, protected storage and attestation of measurements are fundamental concepts that hold true for any type of OS or application. The platforms that support TCPA today are not limited to only one OS and if open source developers provided applications that used the TPM functionality they would find support.

Instead of spreading the same worthless FUD about TCPA and Palladium, why don't you take a stroll through the TCPA specifications? Here are some good places to start:

http://www.trustedcomputing.org/docs/Website_TCPA% 20FAQ_0703021.pdf
http://www.trustedcomputing.org/docs/TPM_QA_071802 .pdf
http://www.trustedcomputing.org/docs/main%20v1_1b. pdf

Here are some of the highlights:

4. Is the TPM based platform limited to a particular operating system or microprocessor?

No. The TCPA specification is designed to be platform and OS agnostic. The TCPA specification is not limited to a specific platform, OS or CPU.

9. Does TCPA certify applications and OS's that utilize TPMs?

No. The TCPA has no plans to create a "certifying authority" to certify OS's or applications as "trusted". The trust model the TCPA promotes for the PC is: 1) the owner runs whatever OS or applications they want; 2) The TPM assures reliable reporting of the state of the platform; and 3) the two parties engaged in the transaction determine if the other platform is trusted for the intended transaction.

18. Does the TCPA support open source systems?

Yes. The ability to use the TPM functionality is available to all developers of software. An open source project could determine to use TPM functionally today. The concepts of measurement, protected storage and attestation of measurements are fundamental concepts that hold true for any type of OS or application. The platforms that support TCPA today are not limited to only one OS and if open source developers provided applications that used the TPM functionality they would find support.

Is the TPM based platform limited to a particular operating system or
microprocessor?
No. The TCPA specification is designed to be platform and OS agnostic. The TCPA
specification is not limited to a specific platform, OS or CPU.

Does the TCPA support open source systems?
Yes. The ability to use the TPM functionality is available to all developers of software. An
open source project could determine to use TPM functionally today. The concepts of
measurement, protected storage and attestation of measurements are fundamental
concepts that hold true for any type of OS or application. The platforms that support TCPA
today are not limited to only one OS and if open source developers provided applications
that used the TPM functionality they would find support.

Is the TPM based platform limited to a particular operating system or
microprocessor?
No. The TCPA specification is designed to be platform and OS agnostic. The TCPA
specification is not limited to a specific platform, OS or CPU.

Does the TCPA support open source systems?
Yes. The ability to use the TPM functionality is available to all developers of software. An
open source project could determine to use TPM functionally today. The concepts of
measurement, protected storage and attestation of measurements are fundamental
concepts that hold true for any type of OS or application. The platforms that support TCPA
today are not limited to only one OS and if open source developers provided applications
that used the TPM functionality they would find support.

That could actually be done. Using the system layed out by the Trusted Computing Platform Alliance, you could construct a system that would only work if the code is authenticated by the Trusted Platform Module (TPM). All of the code could be open sourced, but only certain implementations would be signed. If your code isn't signed, the computer will refuse to run it.

The protocol could encrypt all communications so no one can 'sniff' the contents. The protocol could also require you to cryptographically authenticate that you are running trusted code before it lets you access content.

I have a problem with this. It means that you have to get permission from whoever holds the master key(s) in order to create a compatible client. The key holder will dictate the terms under which you may develop your client. It's kind of like the british government deciding who may or may not use a printing press.

I always told my friends to "wait till Hell freezes over"to buy Macs. But my tune has changed since the unholy Intel/Amd/MSFT alliace

My point is that according to the Trusted Computing Platform Alliance, only motherboard manufacturers may include binary code in the protected space of a trusted BIOS.

The spec, available here in PDF, prohibits the end user from updating this code. So the question is, whose binary will run in this space? My binary compiled from the publically available shared source? Probably not.

Granted, this is not Microsoft's Palladium, but it is logical to assume that the so-called Trusted PC will be an important part of the actual Microsoft implementation.

Bye bye, Freedom. Hello, Sony.

Obviously, with titles like these, he must be an ignorant Microsoft toady. On the other hand, Thomas C Greene, who has never spoken with anybody involved with the project, knows everything about it and what it is really about.

For Thomas C. and everyone who is interested, there is an interview describing many technical aspects with the chief of Palladium development team at DigitalIdWorld.

How Palladium, or better its clone TCPA, can work with Linux and GPL you can read here .

Cheers, jl