AMI Introduces 'Trusted Computing' BIOS

An anonymous reader writes "American Megatrends announced its 'trusted computing' Palladium BIOS on Jan 6. It seems that the encrypted BIOS' integrity will be verified by a special chip or flash ROM, and will in turn verify the 'authenticity, integrity and privacy' of the boot loader and the operating system. Does that mean such machines may refuse to boot any other non-'trusted' OS? After all, the list of supporting corporations include AMD, Intel, IBM, and HP, of whom we heard quite favourable statements about Linux (just for example -- *BSDs will be equally affected) so far."

Comment removed

[account_deleted]

Comment removed based on user account deletion

It will enable you to get DRMed content.

[Kickasso]

That's it. A remote site can know whether or not you're running a trusted (IOW "unhackable") OS/apps. If you do, they'll send you decryption keys for playback and be reasonably sure you won't intercept them, store them permanently etc.

Re:What isnt stated

[harlows_monkeys]

What benefits? Best I can tell, trusted computing provides me, a consumer, no benefits over what exist today

How about better online games? Consider MMORPGs. To prevent cheating, they have to do various things server-side that would actually make more sense from a resource allocation point of view to do on the client.

For example, DAoC has to handle stealth on the server, calculating who should be able to see a stealthed character, and only sending that character's positions to clients that should see him, so that people with DAoC's equivalent of ShowEQ won't see them. However, those people can still see people who are hiding behind trees or hills or buildings--it would be too much work for the server to do the visibility calculations for everyone.

With a trusted client, they could just send the data on everyone in the area, and trust the client to not show what the player is not supposed to see.

Or how about monster AI? The monsters could be a lot smarter if they could run the AI on the client, instead of on the server.

Read the TCPA / Palladium FAQ

[vinsci]

Ross Andersson at the University of Cambridge has written an excellent introduction to TCPA / Palladium, which explains both sides of the story.

Read it here: http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html

The two last sections are worth repeating here:

24. So why is this called `Trusted Computing'? I don't see why I should trust it at all!

It's almost an in-joke. In the US Department of Defense, a `trusted system or component' is defined as `one which can break the security policy'. This might seem counter-intuitive at first, but just stop to think about it. The mail guard or firewall that stands between a Secret and a Top Secret system can - if it fails - break the security policy that mail should only ever flow from Secret to Top Secret, but never in the other direction. It is therefore trusted to enforce the information flow policy.

Or take a civilian example: suppose you trust your doctor to keep your medical records private. This means that he has access to your records, so he could leak them to the press if he were careless or malicious. You don't trust me to keep your medical records, because I don't have them; regardless of whether I like you or hate you, I can't do anything to affect your policy that your medical records should be confidential. Your doctor can, though; and the fact that he is in a position to harm you is really what is meant (at a system level) when you say that you trust him. You may have a warm feeling about him, or you may just have to trust him because he is the only doctor on the island where you live; no matter, the DoD definition strips away these fuzzy, emotional aspects of `trust' (that can confuse people).

Remember during the late 1990s, as people debated government control over cryptography, Al Gore proposed a `Trusted Third Party' - a service that would keep a copy of your decryption key safe, just in case you (or the FBI, or the NSA) ever needed it. The name was derided as the sort of marketing exercise that saw the Russian colony of East Germany called a `Democratic Republic'. But it really does chime with DoD thinking. A Trusted Third Party is a third party that can break your security policy.

25. So a `Trusted Computer' is one that can break my security?

Now you've got it.