Slashdot Mirror
AMI Introduces 'Trusted Computing' BIOS
An anonymous reader writes "American Megatrends announced its 'trusted computing' Palladium BIOS on Jan 6. It seems that the encrypted BIOS' integrity will be verified by a special chip or flash ROM, and will in turn verify the 'authenticity, integrity and privacy' of the boot loader and the operating system. Does that mean such machines may refuse to boot any other non-'trusted' OS? After all, the list of supporting corporations include AMD, Intel, IBM, and HP, of whom we heard quite favourable statements about Linux (just for example -- *BSDs will be equally affected) so far."
This could as easily be for military computers as well as the great unwashed. So I don't think we will be seeing these in home PC's just yet.
Not only that we don't know yet what OS they will work with. So lets not start doomsaying until the first of these are out and there is proof they refuse to run certain operating systems.
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
The original Palladium spec calls for a trusted machine to only allow trusted access by trusted operating systems. This means Palladium-encrypted code won't run except under a Palladium-rated OS. If the OS isn't trusted, then no Palladium-enabled programs can run.
This will mean that WINE will be useless for many future Windows apps, especially those dealing with multimedia. It also means future versions of Windows will be written specifically to defeat applications like VMware, so as to not violate the security.
These are bad, though they don't prevent one from booting a non-Palladium-enabled OS and using alternative applications. What I keep worrying about is the TCPA *2.0* specification. The original spec allows an alternative to a "trusted" platform, but future specs may require a PC boot a Palladium-enabled OS -- or none at all.
Provided you only use Palladium-approved hardware. And applications. And operating system. And you don't want to make your own software. Or MP3's.
Also, conceptually, this will still not solve the trust issue, as someone could still open up their case and replace their BIOS chip.
:-)
Ever tried to replace a BIOS that is soldered directly to the board? if so, please let me know how it went.
"See, we plan ahead! That way, we never have to do anything now."
BIOS starts...addressing the TPM chip that verifies the authenticity of the BIOS.
What good is it for the BIOS to verify itself?
If it's not authentic (i.e. compromised), would it really bother to address the TPM chip at all?
"It's a very tangled subsystem." --Windows kernel guru
Just like it is so difficult to buy a PC from a major vendor that does not already have Windows, they will also eventually try to make it impossible to buy one that does not have DRM on it which only allows you to run a policed DRM OS, read: Microsoft Windows.
Fight this all the way. Intel didn't get it when they put the ID on their chips until we decided not to buy it. In the same vein, AMD won't get it that we don't want DRM until we (unfortunately, since I actually like them) tell them to go to hell.
The minute Palladium is up and running on these boxes, watch for manufacturers to go "WinModem" only: meaning BIOS's that only boot Windoze.
Want to boot FreeBSD, so you played around with the BIOS? DMCA days "Go Directly To Jail, Do Not Pass SourceForge, Do Not Collect $200"
No, you aren't dense...just fooled by the doublespeak that Microsoft and the like use when describing this type of Digital Restriction Mechanisms. You aren't supposed to trust the hardware or software - this system is not being created to protect the user from anything. The intent is to protect developers (of software or media) from the users.
Think of it as a way for Microsoft to write an OS - however buggy and insecure you like - and, supposedly, have the ability to run programs and display media with the knowledge that it is secure from being manipulated or used by the user in a way that Microsoft does not want.
I run OSX and Linux on PPC machines. I do not miss the world of the paranoids in Redmond.
I don't need a 4 gig chip to type a paper or Photoshop a picture of Rumsfeld and a goat.
Frame rate for games? Got my PS2 for that.
photosMy Photostream
Microsoft is not interested in your security. Microsoft doesn't even much care about their own security, as long as the license is already paid for. They only want to make money and lock you into long term deals. The massive and drastic tactics by Microsoft to lock consumers into their platform indefinately is because there is actual competition (Linux, and an invigorated Macintosh) now. It is so plainly obvious that it stuns the senses.
History should already be telling the world never to trust anything from Microsoft.
Just like it is so difficult to buy a PC from a major vendor that does not already have Windows, they will also eventually try to make it impossible to buy one that does not have DRM on it which only allows you to run a policed DRM OS, read: Microsoft Windows.
Given the current number of non-US governments (various South-American, Japan, Germany, UK ?, Malyasia, China, Tiwan, South Korea, Isreal, Pakastian, probably others I've forgotten in the frequent Linux Today announcements) jumping on the open source bandwagon...
Given the Chinese governments' interest in developing their own microprocessors (Dragon? recently on Slashdot)...
I don't think that the forces of evil can force every PC everywhere to have DRM.
As long as some PC's can freely run any software, there will always be ways to defeat DRM. Or said differently, without total control, they control nothing.
Given that there will always be somebody powerful enough that doesn't want DRM, or at least, wants Free software, the DRM folks will never get total control.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!