Slashdot Mirror
LaGrande, TCPA, and Palladium
An anonymous reader writes "Intel's Paul Otellini gave a talk to developers where Intel's project called "LaGrande" was mentioned. This project is aimed to create a "safer computer environment", that would consist of an advanced TCPA implementation. Some of the features it has deal with physically "protected execution, protected memory, and protected storage". When talking on LaGrande, Otellini said "it's a core technology that things like the Microsoft Palladium initiative can take advantage of to build much more stable platforms.""
I was as afraid of palladium as the next guy before the details started to come out, but I think we ought to try to avoid the knee jerk reaction and think this stuff through more carefully.
A lot of people are opposed to any scheme that can be used to thwart piracy. But in my view that's an extreme and unreasonable position, even when fair use issues are taken into account.
For a long time it's seemed to me that the thing we ought to be working towards is an open system of distribution, one that can't be dominated by large media concerns, something that gives a guy who makes music at home the same sort of access to the market as the big record labels.
To me, the issue is not whether or not my computer is capable of running some sort of protected DRM system -- the issue is whether or not it's capable of running alternative systems, if the existence of a palladium aware media player will break my mp3, ogg, and divx players, or my entire open source operating system. As I read these proposals, that's not the case, they won't break things.
Microsoft has said explicitly that one of the key design goals of palladium was that it shouldn't break existing software.
In my view, these sorts of services are useful, and we ought to be talking more about "how" then "if" they are implemented.
In particular, we ought to be sure that software that will run under linux can provide the same sorts of services as a palladium enabled version of windows. I know that the applications themselves couldn't be truly open source (or at least you'd have to use a signed snapshot of an application that was developed using open source methodologies). But I don't think that's enough of a reason to pull back from this stuff.
There are useful applications for this stuff.
About a decade ago, one of the hot topics among crypto types was digicash -- cryptographic protocols invented by a guy named Chaum that try to mimic cash, especially its anonymity and security.
One of the big problems was how to make microtransactions work when you're disconnected from the net. Imagine two palm os devices doing a transaction over infrared. Chaum's answer was to use tamper proof chips.
Sure, on some level nothing is tamper proof, but it ought to be possible to make tampering difficult enough, expensive enough, and to cap the size of the transactions possible and the rate at which they can be made, in a way that would give people reasonable security. The NSA could hack the micropayment system, but they'd have to spend a million bucks, and all they could get back would be $50, or something like that.
It seems to me that this kind of hardware could be seen as a more flexible kind of tamper proof chip.
I think the goal should be that whatever hardware comes out should work with arbitrary operating systems. The trust chain should be decentralized.
In other words, if I develop an electronic music distribution system, I should be able to develop apps for whatever OSs I choose to support, and I should be able to make my system recognize whatever signatures I feel are trusthworsthy. It ought to be possible for *anyone* to develop such a system, and to use the hooks into the hardware.
The thing that worries me is that if all we say is "no, palladium is the devil" we won't have any voice in this stuff.
1) Fair usage writes on media
- The media that will most likely be restricted is media that is not available at all right now (legally) because the media producers fear piracy. Fair usage is a pretty muddy area, anyway.
2) The right to copy and email many types of files on my own system
- In general, you do not lose this "right". The cases where you do lose it, it is not legal to copy the file anyway.
3) The right to use international software without running it in a virtual environment (i.e. international software is unlikely to get certified)
- Certified by who? The user still decides what software is trusted or not.
About privacy:
Each palladium system has a unique 2048 bit public/private key pair. However, the public key is protected by hardware and cannot be tracked by a third party because of a system of nonces (outside parties will never see the same public key twice for the same system). Therefore, privacy is maintained.
"The defense of freedom requires the advance of freedom" - George W Bush
Im actually looking forward to TCPA and Palladium. No, really i am. It will lighten the load of my job, being a support engineer.
What im saying of course is it will have its place, on the business desktop, on the childs computer, on public accessable computers etc etc. They have already stated that there will be a option to turn it off, and to be honest all of those who say "Well yes, but what about when they remove that option?" are just scaramongering. Yes true they can remove it in the future, but will it be that easy? I dont think so, there will be too a big outcry, and there will still be large numbers of eastern computer manufacturers making PCs as we know them now.
As i said at the beginning of my post, i am looking forward to this. Especially if systems administrators will be able to control it (and i bet they will be able to), as this creates a whole new set of security barriers to wouldbe theives etc. Imagine what the outcries were like when the first user account was created on an OS which didnt have full rights to all the system. This is jsut the same.
One component that seems to be missing in the whole Open Source realm is hardware control. I wonder if it would be viable or even possible for the Open Source community to co-develop, or at least be able to provide specifications to hardware manufacturers.
Many hardware vendors are finally waking up and embracing Open Source, e.g. (3ware, Adaptec, Intel, AMD), but it seems as if the community is always fighting with hardware. If worst came to worst, we could all boycott a particular vendor and pledge as a community to buy non DRM (Digital Restrictions Managemet) devices from a competitor in volume.
After all, DRM is NOT LAW! (Well at least not until Microsoft donates $20,000 to a couple of congressional campaigns).
Open Source should have Open Hardware!
Also, I am not worrying too much about Palladium or other "copy protection" type devices. They will be defeated just like every other type of "copy protection" that has ever been invented. In fact reverse engineering Palladium in compliance with the DMCA will probably be a sourceforge project.
With Palladium, etc. it will become possible for programs to keep especially sensitive data safe from malicious programs operating on the same machine. Now an attacker will have to not only subvert one of the programs that I have trusted, it will also have to defeat the Palladium system.
Yes. This is a very good thing.
However, the problem becomes when Palladium is the de-facto standard. When you need Palladium on to run pretty much anything, including seeing grandma's last e-mail, because her system uses Palladium by default, then we have a problem.
Palladium is a bad company's wet dream. Enron's accounting books could be completely unreadable to anything except for the computer they were created on -- "Oops! It got wiped.. sorry sir.." Those pesky e-mails that pointed out exactly how MS was trying to lean on other companies? You certainly wouldn't be able to get hold of them under a Palladium system.. even the copies over at the Netscape office could be set to "expire" and auto-delete themselves after a certain amount of time.
Or here's a fun one, EULAs that automagically update themselves from headoffice with no warning whatsoever to the user. It's bad enough now when to download a *required* security update, you are forced to accept a change in licensing. If you don't download the update, you lose the ability to obtain support, but at least right now you have the choice. Palladium gives the content owners, (which in this case is the folks who presented the contract) the ability to change the content at any time. Do you really believe that every company out there will be willing to resist temptation?
Plus, when it's the defacto standard, you start losing the widgets and API's that allow new software to be built without Palladium. After all, if MS can simply discontinue support for W98, what makes you think that they can't discontinue support for non-palladium equipped systems?
"Your trying to use what API? Oh.. that was before Palladium. We deprecated that a while ago, just use our new Palladium enhanced version now. It provides better security and support. Open source developer? No problems with that. Just so long as you cough up a nickel for every person that tries to use your program, we'll be happy to set up a key for you."
Which brings us to a point where *all* software has to be licensed through a key provider - and also a point where if the key provider decides they want more money (name me a corporation that wouldn't) they simply increase the charges and/or invalidate current keys.
Of course, the answer for all this is, "Well don't use it! Use Linux or something." Unfortunately, this assumes that we'll have the choice. The first attack on that choice is coming in the form of legislation. When hardware manufacturers are mandated to have security protocols in their hardware. The second attack is the weight of network effects. As I said, when even grandma uses Palladium, when every major company from here to Timbuktu uses it for the "security advantage", you really lose any choice to not use it. Oh I suppose you could try and be like those die-hards who still make use of FIDO, but beyond hobbyists, you completely lose the ability to connect to the world. This can go even further when major routing points start to use it to increase the security of the entire internet. Prevent DDOS attacks from those nasty non-Palladium machines out there by dropping their packets at the first router. Only Palladium Approved Packets will be accepted, thank you. At that point, even the die-hards will be forced to move to Palladium (or I suppose they could ressurect FIDO).
Now, will things get this bad? I don't know, this is kind of a worst case scenario, and we all know that it often doesn't get to the worst case. Unfortunately, I really don't see anything that would stop this scenario from happening.
Finally, on a side note, if you have even a minor knowledge about proper security precautions for your computer then your banking information is likely safer being on your computer than it is being in your wallet.
Kwil
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
When companies invest R&D money into bigger hard drives, faster CPUs, video gizmos, and slicker GUI interfaces, we all understand the motivation -- increased sales.
From what I have heard about "LaGrande" and "Palladium", there are benefits for the "gatekeepers", but no benefit for end users. Nobody is projecting increased sales because of these lovely DRM "features". Indeed, many are wondering if people will buy this stuff at all. This would be like McDonalds working on a way to make greasier french fries, because it would help the lard industry.
So my question is this: "Who is bankrolling this operation?" If Intel/AMD/M$ are really spending their own money on this, it's a mass outbreak of corporate stupidity. Is Saddam Hussein attacking our tech industry with some kind of "dumb-down" bio-warfare weapon?
My conspiracy theory is that the "LaGrande/Palladium" boxes will be blown out at firesale prices, subsidized by someone who really wants this stuff to be deployed -- kind of like Xbox on a massive scale. The payback will have to come from the victims^h^h^h^h^h^h^h^h customers -- endless fees and hidden surcharges built into everything they do.
From what I understand, all that will basically happen (besides a few hardware changes to accomodate) is that new commands will be added to the Intel CPUs to allow a portion of memory to be designated as "protected", and I assume possibly even only accessable with a public key perhaps? So, a program can allocate a hardware-locked portion of RAM.
This would not stop Linux from running. Linux would simply not utilize the feature (or, it could even be added to Linux), and run it's own memory management scheme with software as it does now.
It will not stop your MP3s from playing. They'll just play in a protected address space. Or maybe they won't depending on your player software.
This will not stop your DVD ripper from ripping. An alternate driver and ripping program designed to simply not use a feature designed to provide hardware security for applications is not a violation of the DCMA (even if the ripping of a DVD is, which is a different question).
This will stop someone from using an external program to cheat at a game (the game locks off its memory, the cheat program cannot change the data).
This will prevent someone from, say, running a malicious program which essentially "core dumps" your RAM at a specific time, maybe when opening your e-mail reader?
This will possibly stop things like Outlook viruses, as Palladium/LaGrande-aware applications are hardware-isolated into their own address/execution space and cannot interefere with other applications.
Did I miss something? Should I really believe M$ is dumb enough to make a move which will cause outcry and backlash from the most tech-savvy of users all the way down to the e-mail granny, at a time when the DOJ, along with every man, woman, and l33t-preteen on the planet is breathing down their necks in anger?
C'mon people, I hate MS too, but they where smart enough to get this far, even if they did hire Balmer...I think that's an obvious move to NOT be making, if they value their asses (assets?) at all.
Please correct me if I'm wrong, and please post links.
CAn'T CompreHend SARcaSm?