Slashdot Mirror
AMI Introduces 'Trusted Computing' BIOS
An anonymous reader writes "American Megatrends announced its 'trusted computing' Palladium BIOS on Jan 6. It seems that the encrypted BIOS' integrity will be verified by a special chip or flash ROM, and will in turn verify the 'authenticity, integrity and privacy' of the boot loader and the operating system. Does that mean such machines may refuse to boot any other non-'trusted' OS? After all, the list of supporting corporations include AMD, Intel, IBM, and HP, of whom we heard quite favourable statements about Linux (just for example -- *BSDs will be equally affected) so far."
This could as easily be for military computers as well as the great unwashed. So I don't think we will be seeing these in home PC's just yet.
Not only that we don't know yet what OS they will work with. So lets not start doomsaying until the first of these are out and there is proof they refuse to run certain operating systems.
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
It seems that the encrypted BIOS' integrity will be verified by a special chip or flash ROM, and will in turn verify the 'authenticity, integrity and privacy' of the boot loader and the operating system.
Going by the above statement, one could interpret it as meaning you need a digitally signed bootloader... is this going to be a problem? (OSS that is).
The original Palladium spec calls for a trusted machine to only allow trusted access by trusted operating systems. This means Palladium-encrypted code won't run except under a Palladium-rated OS. If the OS isn't trusted, then no Palladium-enabled programs can run.
This will mean that WINE will be useless for many future Windows apps, especially those dealing with multimedia. It also means future versions of Windows will be written specifically to defeat applications like VMware, so as to not violate the security.
These are bad, though they don't prevent one from booting a non-Palladium-enabled OS and using alternative applications. What I keep worrying about is the TCPA *2.0* specification. The original spec allows an alternative to a "trusted" platform, but future specs may require a PC boot a Palladium-enabled OS -- or none at all.
No lilo/grub/whatever for you! Unless distro vendors will somehow manage to sign their binaries. For dual-boot you'll need to resort to diskettes or other such sillyness.
What benefits? Best I can tell, trusted computing provides me, a consumer, no benefits over what exist today. It does, however, provide many benefits to large corporations and media control companies.
So 'trusted' here means that the companies can finally trust 'all us thieves' with 'their' media property.
Explain to me again, why on earth would I want any machine like this as a general computing platform?
I've heard predictions that as the price of computers drop, the general use PC will be replaced with many specialized computers that do specific things like play media, run office type applications, E-mail etc. They can be user-friendly, but are not as flexible as a PC. I think we are already seeing this a little with TIVO, PS2, x-box, some of the net-appliances.... I think most PC enthusiasts won't want to accept this, but non-technical people might. And these products will lend themselves more toward a trusted-computing model
Jumpers?
The whole thing will be a BIOS option, just like the P3 serial number was.
This thing will probably stay in the corporate/military domain forever. I see a ton of added complexity to the OS that Joe User wouldn't deal with.
There's a potential for abuse in pretty much any new technology, but I can also see when and where a 'trusted OS' will be a huge step forward.
'Untrusted' hardware will exist so long as there's a market for it. I see no reason to get too worked up over it.
I don't need no instructions to know how to rock!!!!
Provided you only use Palladium-approved hardware. And applications. And operating system. And you don't want to make your own software. Or MP3's.
Also, conceptually, this will still not solve the trust issue, as someone could still open up their case and replace their BIOS chip.
:-)
Ever tried to replace a BIOS that is soldered directly to the board? if so, please let me know how it went.
"See, we plan ahead! That way, we never have to do anything now."
That's one type of motherboard I won't be buying.
Malike Bamiyi wanted my assistance.
BIOS starts...addressing the TPM chip that verifies the authenticity of the BIOS.
What good is it for the BIOS to verify itself?
If it's not authentic (i.e. compromised), would it really bother to address the TPM chip at all?
"It's a very tangled subsystem." --Windows kernel guru
Comment removed based on user account deletion
Just like it is so difficult to buy a PC from a major vendor that does not already have Windows, they will also eventually try to make it impossible to buy one that does not have DRM on it which only allows you to run a policed DRM OS, read: Microsoft Windows.
Fight this all the way. Intel didn't get it when they put the ID on their chips until we decided not to buy it. In the same vein, AMD won't get it that we don't want DRM until we (unfortunately, since I actually like them) tell them to go to hell.
The minute Palladium is up and running on these boxes, watch for manufacturers to go "WinModem" only: meaning BIOS's that only boot Windoze.
Want to boot FreeBSD, so you played around with the BIOS? DMCA days "Go Directly To Jail, Do Not Pass SourceForge, Do Not Collect $200"
No, you aren't dense...just fooled by the doublespeak that Microsoft and the like use when describing this type of Digital Restriction Mechanisms. You aren't supposed to trust the hardware or software - this system is not being created to protect the user from anything. The intent is to protect developers (of software or media) from the users.
Think of it as a way for Microsoft to write an OS - however buggy and insecure you like - and, supposedly, have the ability to run programs and display media with the knowledge that it is secure from being manipulated or used by the user in a way that Microsoft does not want.
I run OSX and Linux on PPC machines. I do not miss the world of the paranoids in Redmond.
I don't need a 4 gig chip to type a paper or Photoshop a picture of Rumsfeld and a goat.
Frame rate for games? Got my PS2 for that.
photosMy Photostream
I will never buy one of these systems in my lifetime.
The government has a defect: it's potentially democratic. Corporations have no defect: they're pure tyrannies. -Chomsky
'Untrusted' hardware will exist so long as there's a market for it. I see no reason to get too worked up over it.
Right, because the PC market is governed by pure capitalism. There are no monopolies out there abusing their power and causing the market to do things it wouldn't otherwise do. Good, I guess there's no reason to be worried at all. (shudder)
Life is too short to proofread.
No. I'd make the same remark, but it would be a bitter sarcastic remark instead of a humorous sarcastic remark.
And illegalizing drugs eliminated that market quite effectively.
Microsoft is not interested in your security. Microsoft doesn't even much care about their own security, as long as the license is already paid for. They only want to make money and lock you into long term deals. The massive and drastic tactics by Microsoft to lock consumers into their platform indefinately is because there is actual competition (Linux, and an invigorated Macintosh) now. It is so plainly obvious that it stuns the senses.
History should already be telling the world never to trust anything from Microsoft.
Ok, reading through all of these posts, there seems to be a lot of agreement that people just don't like TCPA or Palladium (which, are not the same thing). But we can't fault AMI for adding this (or any) feature to their BIOS.
1) TCPA is not a technology that AMI has developed on their own. It is a movement by several large companies in the computer industry. AMI sees this as an upcoming technology that it needs to develop for or else get left behind. As far as AMI is concern, this is really no different than adding support for ATA hard drives larger than 137GB.
2) Just because AMI supports a feature/technology, doesn't mean that OEMs and motherbard manufacturers are going to use that technology. I'm sure that AMI supports Serial ATA, but if a motherboard vendor doesn't need it, it doesn't get included into their BIOS build.
3) AMI cannot force this (or any BIOS feature) on it's customers (OEMs/IHVs/etc). If I am a motherboard manufacturer, and I wan't features X and Y but not Z, I don't get Z. Period. I have the final say as to what goes into my BIOS.
If you a really concerned that this will limit your choices, bring it up with the OEMs and motherboard vendors. Push them *NOT* to use this feature of their BIOS. Only buy boards for which this feature was not included or can be disabled. Don't fault AMI for trying to stay current with industry initiatives, no matter how they are perceived by the public.
Just like it is so difficult to buy a PC from a major vendor that does not already have Windows, they will also eventually try to make it impossible to buy one that does not have DRM on it which only allows you to run a policed DRM OS, read: Microsoft Windows.
Given the current number of non-US governments (various South-American, Japan, Germany, UK ?, Malyasia, China, Tiwan, South Korea, Isreal, Pakastian, probably others I've forgotten in the frequent Linux Today announcements) jumping on the open source bandwagon...
Given the Chinese governments' interest in developing their own microprocessors (Dragon? recently on Slashdot)...
I don't think that the forces of evil can force every PC everywhere to have DRM.
As long as some PC's can freely run any software, there will always be ways to defeat DRM. Or said differently, without total control, they control nothing.
Given that there will always be somebody powerful enough that doesn't want DRM, or at least, wants Free software, the DRM folks will never get total control.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
sure they can, that is what Billy boy is trying to stop with this new inititive.
Paying taxes to buy civilization is like paying a hooker to buy love.
"One file slips out and bamo - no one is paying for it anymore."
Well, high-quality digital media with no copy protection has been sold for over 15 years and the people selling it made record profits last year.
Its called the "compact disk". Perhaps you've heard of it? Phillips invented it, and it turns out that not only can you make copies for under five cents, you can compress them digitally to make files to store on any device.
It may catch on.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
How many of the recent big viruses have been binary programs? Nearly all the viruses are macros and scripts infecting installed applications (and those are already supposed to be sandboxed). Nearly all remote cracks are by buffer overflows which means the code runs as if it were part of the attacked application, which presumably is signed. Nearly all computers that are broken into are used only as zombies for DoS attacks - something that requires only normal, installed, user applications.
Taking away users control of their computers can only make the situation worse - soon, even those of us who normally know how to protect ourselves will be beyond hope.
Ultimately, the entertainment industry will only be able to control individuals who allow themselves to be controlled.
Sure. And the rest of us are going to legally become criminals for hacking our own machines (see: DMCA). Wanna go to jail? I'll be dead before I put out a penny for any type of hardware that contains DRM. Go milk someone else...
Right on. And even if you live in the US... remember that there are such things as soldering irons and oscilloscopes. Hey, you mastered Linux right? Comparatively speaking, the laws of Ohm and Kirchoff are n00b material. Even an AOL luser could learn! (Ok, that might be stretching things.)
--K.
Sig: Bad people happen. Try to avoid being one of them.
1) Is this "Fawlty Towers Joke Week" or something?
2) Am I correct in thinking that a "Fawlty Towers joke" is a dim-witted non sequitur followed up by an indignant denunciation of the person who failed to recognize the "Fawlty Towers joke"?
To transform this trolling post into a truthful statement, replace the words, "the" and "the", as follows: "Humanism is a religion of some atheists."
Thank you.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
Ahh, if you don't want DRM, don't run DRM based software. The hardware only does what the software tells it too do. There is nothing in the atricle claiming the BIOS will refuse to boot non trusted OS software.
Vote for Pedro