Slashdot Mirror
Discuss BIOS and Palladium Issues With an AMIBIOS Rep
After this Slashdot discussion about the relationship between BIOS biggie American Megatrends Inc. (AMI) and Palladium appeared, we got an email from AMI sales engineer (and former Linux.com contributor) Brian Richardson, who wrote, "I am a bit concerned that the information you provided misled your readers into thinking AMI was promoting Palladium or taking some sort of anti-open-source stance. This might be due to the fact that TCPA was mistakenly equated to Palladium, or questioning how Linux would run on a TCPA-enabled system ... or by the horde of angry Slashdot readers telling us they would never buy an AMI product because we were forcing standards on them." Brian offered himself up as (his words) a "Slashdot interview victim" to clear things up.(Update by RM: And, says Brian, he's happy to answer other BIOS questions as well.) So ask, already, and let's get things cleared up. (Usual Slashdot interview rules.)
I understand that there should be no problems running Linux systems on these new bioses but can you promise that there will be no nasty wordings that are likely to frighten off users who are trying Linux for the first time?
Matt Thompson - Actuality - Insert product here.
Will Linux and other alternative operating systems continue to install and function properly on computers containing AMI BIOSes?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
What sort of future do you see for TCPA? Do you see it as inevitable, or is it just a fad thing that will pass?
Assuming it does catch on, what form do you see it taking? What we all fear (only signed apps will run, non-signed apps can't access system data/data from signed apps), or some lesser form?
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
Okay. So what precisely are the differences between Palladium and your product, and what assurance do we have that it will not act as crippling ware for open source and other similar free (as in free speech) software endevors? Any thoughts on backward compatibility modes?
"It is a greater offense to steal men's labor, than their clothes"
Perhaps you can clarify the differences between the two (TCPA & Palladium). After reading up on both of them, i still find that they seem to be pretty much the same, just marketed differently.
Don't waste time... procrastinate now!
Will it be possible to disable on future motherboards which will implement DRM techniques ?
A few related questions:
a) Isn't the goal of "trusted computing" to allow entities other than the owner of the computer to control what the owner does with his/her hardware? For example, "trusted computing" applied to music implies that the music publisher gains control over what the computer owner can do with the music data files. Isn't this the exact opposite of "trust" as that word is normally used - a trusted computer is one that can't be trusted by the computer's owner to perform the tasks asked of it, because other entities have veto power over the computer's actions?
b) Companies like AMI have repeatedly claimed that they aren't part of Palladium. However, isn't it true that without AMI's trusted BIOS (and all the other components necessary to build a "trusted computer"), Palladium wouldn't work? Why does AMI think they shouldn't be held responsible for enabling Palladium and similar schemes?
c) In what way does AMI benefit, financially or otherwise, from introducing a BIOS designed to make the computer it is installed in less useful to the purchaser of the computer? Please avoid saying that this is "optional"; AMI wouldn't create this BIOS if it wasn't intended to be used.
d) What is a "sales engineer"? Is your job primarily public relations, or primarily engineering, or primarily product sales?
currently if you try to install vendor drivers on windows, the OS tells you things like "are you sure you want to use these untested third-party drivers, which will no doubt ruin your computer because you're a bad boy for not using windows." Can you assure us that linux, bsd, and all other "alternative" operating systems will be treated as _equals_ of microsoft products? Can you assure us that there will be no preferential treatment for any os, and that there won't be any "are you really sure?" messages?
Will OS manufacturers have to pay to get an "unlock code" that allows them to run their OS on the BIOS.
That would be terrible as it would kill many under funded open source OSes that aren't as big as the Linux big players.
Arc
I suppose that I like reading Slashdot interviews as much as the next person, but I must ask myself "Why?" Wouldn't it be simpler to just post corrections to what was he considers misleading and/or post AMI's offical stance on Palladium?
Is it (will it be) possible to use TCPA to effectively lock-out certain operating evironments from various services (software, media, etc) solely because the operating environment is not backed by a company, and has no mechanism for paying certification fees and licenses? Specifically, could TCPA be used against free OS's like Free/Open/netBSD and Linux to prevent those users from accessing the same content users of commercial OS's can?
I actually think this feature could be useful, if done "right". Along the lines of my idea of right... will I be able to, say, install my own set of public keys in the BIOS so that I can have a system that will only boot the software that I have signed?
As the title says:
Do you think Palladium is a good thing? Whether your answer is "yes" or "no", please explain.
Knowing that Palladium is a Microsoft Technology, do you think AMI is making a smart move by adopting it? Again, please explain your position.
Are you afraid that Microsoft may use its position to control, not just 90% of the software used on PC, but also the overall architecture of modern machines?
Many thanks in advance.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
I actually like the concept of trusted computing quite a bit. So long as the user selects which code will be trusted, it has great potential for good. My question is, from your position, do you foresee trusted computing being more like web-browser applet signing applied in hardware (where the user can add and remove trust for certain companies) or more like the media industries idea (where the OS/hardware manufacturers select which code is trusted under penalty of DMCA)?
Karma Clown
But does your company have any plans to implement a "security measure" similar to Palladium?
And what if Microsoft releases a software that needs it, won't AMI need to adopt it so it can run the "DRM features"?
How will Linux, or any other "non-trusted" software run on your hardware?
Buy a Nintendo DS Lite
Cheers,
Ian
Do you have any funny acronyms for AMIBIOS?
Are you going to release the source? Will the BIOS be auditable? Will the BIOS code contain some sort of monitoring code? Will the BIOS contain spyware? All of these questions are important... and how will we be able to confirm your answers to them?
Can we really take the word of a conglomerate? Will you be able to ensure that what you are saying is accurate?
Modern conglomerates usually misrepresent their products if they think it will generate more customers. How can we be sure that you wouldn't be doing this to us?
How many hours will it take after the first Palladium boards hit the market for someone to crack it and have linux running on it? Should I have put an 's' onto hours?
AMIBIOS or NOT?
Be truthful. Is there even the slightest chance that someone other than me will be able to say what will run (or more importtantly will NOT run) on a PC that contains this technology? I'm not talking about purchased software that locks me out directly in one way or another due to licensing issues. But can this technology be used to stop me from exercising fair use rights if I decide to get around those blocks in purchased software? Or will they hinder me from writing my own code to do what I want, or downloading and compiling/running someone elses code?
If ANY of these CAN be a side effect of this technology, it is bad. There are stumbling blocks, of course, but no one will have ultimate say over what does or does not run on my own computer.
.
Digital is, by definition, imperfect. Analog is the way to go.
What is the advantage to me, a Linux using consumer, to buying your product over those of your competitors?
Isn't AMI afraid of many many people boycotting any products of TCPA-friendly vendors? In the near future, "voting with their money" will be the only chance for millions of PC users to fight against TCPA.
Given the existence of The LinuxBIOS Project and the fact that the Linux kernel does not require a ROM-BIOS once the kernel is up and running, what will be AMI's position on refunds if a significant fraction of the Linux userbase starts installing LinuxBIOS and returning the BIOS chips. Will AMI make the refund, or will they give us the runaround that Microsoft and the hardware OEMs did on the question of Windows refunds?
utter rubbish
How do you sleep at night?
No, I have not RTFA, I'm just taking the piss, ok?
Invoicing, Time Tracking, Reporting
Will TCPA compliant machines make it more difficult for a user to updgrade CPUs or change computers? Do you see users having to re-confirm their identity with external sources because the identity of their computer has changed? (I know this already happens, I just see it becoming more pervasive in the future and am afraid more software vendors will begin to license by specific computer).
I assume that data pathways with be signable or encripted in some way. What performance hit will the [operating system] take when using trusted system? e.g. How much extra data is added to form a signiture, what methods are used for signing. and how will this benifit the end-user.
thank God the internet isn't a human right.
Would AMI disclose that such pressures were being placed on them, or would this type of fact be kept hidden from consumer groups or individuals, etc. until it was too late for us to effectively respond?
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
Will AMI (and the TCPA) allow owners of these "trusted" computers to turn off or disable the features that are being discussed? Will we as users of our hardware be able to control what features are on and what features are not, or will these choices be up to Microsoft and its partners(TCPA)? How is AMI addressing these issues of choice and control?
Will there be any DRM in the near future that will actually reduce the functionality of hardware, ie. keep it from doing things that non-DRM hardware could do? Or will it only add features to use DRM'd content?
So maybe you can set me straight: do you think your customers want TCPA? If so, why? Who are these customers? If this a case where customers are not the same as users?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Do you intend to require some sort of a per-operating system licensing fee to operating system companies, in order to profit on the inclusion of these "features"? E.g. Will Microsoft be giving you royalty payments for each machine that includes this AMI BIOS and gets their OS installed with these supported "features"? What position does this put your company into in terms of trying to also force open source OS companies (like RedHat) into paying these licenses?
Will you be able to tell the truth in your answers or will your answers have to be 'cleaned up' by the AMI PR dept first?
Isn't one of the "Usual Slashdot Interview Rules" "only one question per comment, please"? Or do the rules not apply to you, Michael?
Will I, as the OWNER of my computer, be able to turn this crap off, or is it that I am not the one that should be trusted?
Setting his threshold to 5, Sparky eliminated most of the trolls on /.
One of the operating systems I use is FreeBSD. Will that still be usable, or will it be forced to deal with substandard or non-existant drivers (think NVidia until recently). I also use QNX. Will that work? How about a new OS that will be created sometime in the future?
I can't say that I don't give a fuck. I've just run out of fuck to give.
(not intended as an interview question, more as a comment in the form of a rhetorical question)
... is, who is doing the "trusting"? In Microsoft's vision of it it certainly isn't the end user, it's them. Or other copyright owners.
TCPA is fundamentally a sound technological concept, but wide open for abuse. If it could be used for the user's benefit to prevent against viruses etc, then that's great.
What I'm saying is that the owner of the computer should be able to override the trust relationships - assert that the code is trusted (by them). The owner of the computer should have the ultimate veto. After all, it is theirs. Does AMI's plans for a TCPA implementation have this in mind?
Aside from all the DRM stuff, these new technologies are advertised to "prevent hacking". If I'm running redhat (or some other "signed" OS) on my server, will your product or Palladium keep me from getting HaXx0r3d?
How will I be affected by TCPA? I run several machines at home some running NetBSD, FreeBSD, Linux, and Windows. I generally build my machines, unless they are given to me by my employer (or its a laptop), and even then I reinstall the OS or install my own OS of choice. (Whatever I'm in the mood to run at time of install or what works). If I buy a new Motherboard from AMI with TCPA will I stil be able to do this? Will I have to do special tricks to get this done or will it be just like it is now?
Only 'flamers' flame!
You had, in your writings for linux.com, ventured out on a road of discovery to find the linux email client that best suited your needs. This was in pre-1.0 versions of Evolution.
I was wondering if you ever found one you liked, that scartched all your itches, or are you still looking?
So really what makes you think myself as a customer want's even anything close to that on one of my motherboards?. The possibility of future misuse is to great for me to even consider it. I can tell you as both a corporate and private customer that it is not wanted in any shape or form. The mere mention of supporting it frankly makes my skin crawl with disgust. If this is how you choose to release your products I choose not to participate with my dollars.
Got Code?
Can you address why you think it is that the open source community has taken Palladium as _such_ a scary proposition?
Then, building on the above answer, can you explain why the open source community has only yelled and screamed about how evil Palladium is, rather the doing what they preach others should do? (Which is, of course, create an open source, trusted architecture (i.e.: TCPA) which protects/promotes consumer rights over and above the rights of corporate media groups.)
Or (if the above is not possible) can you at least explain why building an open source TCPA structure is not possible?
If you knew in advance there was going to be confusion, and possibly controvery over this, then why even undertake it at all?
In Other Words, what is to be gained by this?
So rise up, all ye lost ones, as one, we'll claw the clouds.
No matter how many DRM technologies AMIBIOS does adopt, can you promise that AMIBIOS will continue to offer DRM-free BIOS products?
Why can't we have two versions of the BIOS?
K901 (Trusted Computing enabled)
K901B (Trusted Computing disabled)
And enable users to crossship the chips if they want a different version...
I want my rights back. I was actually using them when our government stole them after 9/11.
I think the idea that most of us our missing is this. Most PC users buy their computers from Dell, Gateway, or some other big vendor. These vendors will ultimately sell TCPA/Palladium enabled computers. So, the real question should be: In the future will those of us who build our own systems be able to escape the issue of having TCPA/Palladium on our systems courtesy of the big players?
N/T = No text.. move on..
My question is, although the TCPA 1.1 spec sounds harmless enough, what guarantees do we have that the 2.0 spec will not erode our software liberties, or that Microsoft will not successfully lobby to empower Palladium to take away those liberties completely? And if Palladium becomes the only working implementation of TCPA, doesn't the idea of TCPA holding the high ground on DRM/privacy issues really become a moot point?
Since a BIOS is only part of a motherboard: what steps will hardware vendors have to take, in order to incorporate your BIOS? Will they have to adhere to certain hardware design rules or controls in order to maintain the TCPA? Is there going to be a licensing procedure for hardware manufacturers?
...
What will you do to prevent people to just buy other, non TCPA enabled hardware, which will obviously not be from you? But, hey, I guess you just don't need the million GNU/Linux geeks to have good income, do you?
As we all know, technology can be used for the purposes of both good and evil. Here are things that I consider good about where TCPA is going, along with the evil.
Good
Evil
There are many advantages for the hardware/software/content vendors if this is realized, but few of them seem consumer driven: the erosion of fair use, the control of speech, taking a cut of every e-commerce transation, eliminating standards and competition.
Undoubtedly, your shareholders will push you to cooperate with the software/content vendors because it means big money for them and anyone who plays ball, but for us, it means we lose a lot. PR will say that it stops pirates from raising music/movie prices, and that it means ISVs can produce software that can't be warezed, no more cheating in online games, no more child porn, ad infinitum, and it's all for our own good.
Unfortunately, the potential for abuse is extraordinary, and the last thing I want to see is more of my friends being locked up because they do something with their computers that some company doesn't agree with. And right now it looks like AMI wants just that to happen.
Yes, right now your BIOS may offer choice, but hardware vendors seem committed to building an infrastructure that one day can make it very easy to eliminate this choice.
Please explain why we do want TCPA, why we should support your company, and how we can be assured that our colleagues don't go to jail just for believing they still control systems they bought. Also, please explain why the system we have now is so inadequete.
Thank you.
If I understood the prior articles correctly, TCPA should provide a basic keystore, an authentication mechanism, and enough checking to insure that the boot sector is signed.
If I want to install a new boot sector, do I generate my own key, install that, and self-sign the boot code? Or do the LILO or GRUB teams have to get a key issued and then sign things themselves?
Who has ultimate control over the keys? CAN I install my own, or is it centralized somewhere? Who does TCPA *ultimately* trust? How can I be *certain* that it doesn't trust anyone I don't want it to? If I screw up and lose my key, how I recover access to the system?
I assume there must be some master, uneraseable keys in TCPA; I just can't imagine that you'd ship it without implicitly trusting Microsoft, and I distrust Microsoft very much. And if there are recovery keys in there, do I have to ship my machine away to some lab to replace a lost key, or can I do it myself? And if there IS a master, unerasable key available for recovery purposes, why can't virus writers just sign their code with that key instead?
How do you feel about having to correct editors that are so lazy and complacent that they don't feel the need to explain or even to link to an explanation of what "Usual interview rules" are? Further, do you see this as a sign that Slashdot has accepted that it can expect no new users, and that from now on it's just a sad slippery slope of sliding standards and shrinking, shrieking subscribers?
If you were blocking sigs, you wouldn't have to read this.
Will there be specs and/or drivers to access the functionality of the BIOS and TPM.
Basically if the TPM can process generate keys and execute crypto algorithms, can it also be used to speed up SSL, etc?
I would like a BIOS that prevents niggers from using a computer.
Given that the point of TCPA is to allow content-owners to control how that content is used, isn't it likely that any system that doesn't support TCPA would become effectively useless once TCPA is widely adopted? If you can't access content or information, then you're not going to get very far. And since open source software is not compatible with TCPA (in the sense that nobody would trust it since it can be easily modified), wouldn't that marginalize Linux and other open source OSes and allow Microsoft to further entrench its monopoly?
Only load trusted os?
I don't trust MS os, so that means I can tell Bios never to load that os, and only load Linux ?
In what way do I as a Linux user benefit from using a Palladium Bios motherboard? If not, why should I buy such a Motherboard?
Let's see the AMI spin doctor try to come up with believable answers to those questions! Thumbs up.
So Brian... when you bent over and took it in the ass for AMI with Bill Gates, did you actually feel it? I head his member is pretty small and flaccid (Micro Soft).
Will you refuse to give M$ a key until their OS is trusted?
I want my rights back. I was actually using them when our government stole them after 9/11.
An open-source TCPA BIOS might go a long way to alleviating the fears of the open source community, since we could see exactly what it is you're forcing on us. And hey, no doubt you'd get a few bug-fixing patches in return for your efforts.
So, is an open-source BIOS a possibility? (TCPA or otherwise)
-- Bob
1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
http://www.freiburg.linux.de/OpenBIOS/
Here is s solution for those not wanting to give up theyre hardware control.
An anonymous reader writes "American Megatrends announced its 'trusted computing' Palladium BIOS on Jan 6. It seems that the encrypted BIOS' integrity will be verified by a special chip or flash ROM, and will in turn verify the 'authenticity, integrity and privacy' of the boot loader and the operating system. Does that mean such machines may refuse to boot any other non-'trusted' OS? After all, the list of supporting corporations include AMD, Intel, IBM, and HP, of whom we heard quite favourable statements about Linux (just for example -- *BSDs will be equally affected) so far."
Perhaps this should have been posted in the Ask Slashdot section instead of News. Or maybe it's time to create a new section: Unsubstantiated And Potentially False Rumors That Might Damage Reputations Of Companies And Individuals.
Oh, and don't forget to browse the article with a +5 threshold. Let's hear it for informed, focused opinion floating to the top of the pile.
A bit more editorial responsibility would have been called for here because this sort of thing is essentially libel, not to mention pure and simple FUD. Now AMI has to subject itself to a Slashdot interview so that the record can be set straight. Does anyone else find this slightly troubling?
Brian,
P A-goodnbad.pdf
I sure would hate to be in your shoes right now. Putting yourself in front of a firing squad voluntarely takes guts.
I sent an e-mail to marketing complaining about AMI supporting TCPA, and got the standard reply in return. My answer is below, and I am still waiting for a reply.
Umbertina E. Vezzani wrote:
Hello Laars,
You can already find TCPA-enabled products on the market but they have a different BIOS.
I am perfectly aware of that, and that is why I don't buy IBM laptops any more.
The Security subsystem is intended for those users who want an extra security protection that is valid even outside the OS.
The motherboard and system manufacturers will specify their system features, so I believe you will certainly be able to choose the features you want. I really don't think you will buy a motherboard with a hidden feature or "fritz".
I am not afraid of hidden features. TCPA is merely the scaffolding which enables building "trusted applications"/"trusted clients". What I am afraid of, is how software vendors and the content industry will (ab)use TCPA.
As for the reference to "fritz" - I think Ross Anderson went a little bit over the top in his critisism of TCPA. A much better overview of some of the technical problems with TCPA can be found here (I fully endorse Mr. Arbaugh's suggestions):
http://www.cs.umd.edu/~waa/TCPA/TC
TCPA is meant to answer to a demand of security from users, not something else.
What demand exactly? TCPA doesn't solve any of the major security problems.
TCPA only answers the question "has the basic components of this system been changed?", and makes it possible for 3rd parties to verify the state ("trustworthiness") of a system.
The majority of security problems are on the OS or application level - macro/scripting vulnerabilities, virii, buffer overruns and similar. TCPA doesn't provide a solution for any of those. In fact, a software sandbox like Java or running certain applications in vmware virtual machines provides better protection against those real world problems.
What exactly is TCPA supposed to solve? Don't give me some marketing fluff about "enhancing security for the user". I want cold, clear, technical examples of real world security problems that TCPA is supposed to solve.
Also, which users are demanding TCPA? Users want protection against virii and similar, but TCPA doesn't solve those problems. Who are the end users that demand something like TCPA?
I also believe that, if there is a solid foundation to the concerns for privacy people is expecting, the TCPA itself will improve its specification to address those concerns.
So there is a real chance the next revision of the TCPA spec will include proper anonymous certificates a'la Chaum instead of the current "please trust the privacy CA" solution?
It must be noted that AMI has not announced support for Palladium. Palladium is an initiative by an OS entity that is slated for the future.
I know that. I also know that there is considerable disagreement going on between the Palladium and the TCPA proponents.
To be honest, TCPA is a better specification than Palladium. However, TCPA does provide the scaffolding required for building "trusted systems" - i.e., that a 3rd party can control what is happening on my computer. TCPA is a Pandora's box - if abused, it could have a devastating effect on both innovation, privacy and consumer rights.
Regarding the limitations of a system with TCPA I would offer the link below to the public specification for further information on compatibility with different OS's, and hardware. Based on that spec we can tell you that it does not limit the ability to run Linux (or any other open source solution).
How is that supposed to make me feel good? I know that it is possible to disable (most of) TCPA. I know that my computer will continue to work even if the TCPA subsystem tell other computers out there that my computer has zero "trustworthiness".
However, once digital commerce, streaming media and other online content start demanding TCPA enabled clients you are effectively a second rate citizen on the 'net and are locked out of a lot of content if TCPA is disabled on your computer.
So:
1) TCPA does not provide true anonymity (you have to trust the privacy CA).
2) The scaffolding provided by TCPA can be abused by those who want to disable the Turing completeness of computers and instead turn them into locked down interactive content delivery platforms.
3) The market effect will force people to use TCPA and TCPA enabled "trusted clients" even if they don't want to.
4) TCPA is advertised as a security solution, but does not solve most of the real world security problems.
With kind regards,
Lars Gaarden
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
Since microsoft is kind of vague on details about Palladium, I will hit you with a TCPA question. In the TCPA FAQ, it states that "Platform Owners" will decide which software runs on their platform. Who exactly is a "Platform Owner" and does microsoft have a simmilar "feature in palladium"
People who think they know everything really piss off those of us that actually do.
What I'd like to know is why something is called a "feature" if the users don't need it/want it. It's pretty clear that TCPA is only going to benefit media companies that want to control digital rights and that the hardware makers are buckling for fear of regulation. It's obvious what Microsoft's interest is in this. Eventually they could become the only usable (by the common man) OS that was "certified" to run on TCPA hardware. So why should I not go by my "last computer" and vow never to buy from you again? Please convince me to change my mind, because as it is I'm considering the x86 computer world dead and blood is on your hands in part.
Who does AMD see as it's customer? Is it end users or computer manufacturers? Do end users care about DRM? What about computer manufacturers?
$G
-- $G
What is the authentication scheme for palladium? Is it something like MS passport? How does the motherboard gain authentication from the OS?
People who think they know everything really piss off those of us that actually do.
Once (and if) Palladium and TCPA go into effect, and become mainstream, what's to stop large companies forcing upgrades by not allowing 'trusted' computers to access their networks and so on? For instance, say I'm still hooked on Win98 and see no reason to upgrade -- could my ISP, in cooperation with Microsoft, tell me that I can no longer use their service unless I upgrade my machine to Palladium-enabled hardware and OS?
This is it, in the fewest words. Others have danced around the question, but IMHO this is really it.
I understand that if I want to play MPAA or RIAA content, I may need to have a DRM OS, probably Palladium, and it will need to be on a system with a TCPA BIOS.
But what if I want to just boot Linux (or trusty old Win98SE) to program or play games?
Will I be permitted to run an "untrusted" computer, or is it only a matter of time until the only new computer is a trusted computer that will only run a trusted OS?
The living have better things to do than to continue hating the dead.
It plainly is anti open-source.
TPM has no benefit to end users. All it does is give Microsoft an argument to use with ISVs as to why they shouldn't develop products for open source platforms. They can say: "If you ever release your product for Linux, some people will disassemble it. But with our "trusted" OSes, you'll never have to worry about crackers, because we don't let our customers control their own machines".
It's a powerful argument. There may even be a few ISVs stupid enough to fall for it. (Most ISVs don't go out of business from cracks, they die when Microsoft itself uses its monopoly power to sieze the market the ISV developed.)
But it's all a moot point. Why shouldn't we be trying to nip this in the bud? Why shouldn't we be spreading the word to everyone we know that people who buy AMI will very soon have to accept whatever draconian "Clickthrough" is on the software package, giving up their legal rights for no consideration whatsoever?
In short, why shouldn't we be trying to drive AMI out of business?
Sounds like a plan to me.
What steps, if any will be taken to insure that any OS, not supporting Palladium will be marked as inferior in some way?
Or what steps will be taken to inform comsumers of what Palladium will and will not allow them to do?
Is the registrations scheme for Windows XP the base method which will be used to implement this, where any hardware changes are tracked?
I used to work in the smart card business. And the "trusted" computer concepts seem very related to the way things worked there.
Please tell me if these things would be true.
As a developer, in order to deploy an application so it can read trusted data, it would be necessary to have your app specially signed?
if so, who would control the tools needed to do the signing and how much would they cost?
will an application need to be resigned every time it is modified and recompiled?
How do you expect to accommodate the need for people to do multiple re-complies daily but still be able to test and see if the applications they are working on can read trusted data after they have been changed?
Do you envision a system where the key issuer has an NDC signed by everyone who develops programs that deal with trusted content as is standard in the smart card industry?
most smart card models are based on the idea that the vendor / bank controls what applications are loaded onto your card.
Do you think that most users would find a model like this ( where vendors control content and functionally of there computers) acceptable?
Vendors ARE the ones who have keys correct?
how does this differ from trusted computing control of data?
Will there be specs and/or drivers to access the functionality of the BIOS and TPM?
If the TPM can generate keys and execute crypto algorithms, can it also be used to speed up SSL, etc?
(Usual Slashdot interview rules.)
Ahh crap.
(Hides rubber hose, lubricant, and yak.)
Excellent question.
sulli
RTFJ.
I dual boot my box to run a couple different flavors of Windows and Linux. (removable hard drives). Will the BIOS auto detect something that supports the Palladium and turn it on, or will I have to drop into the BIOS and change the 'enable palladium' settings every time. I expect a future cut of Windows to require such a thing to be enabled before it runs.
In short, if the boot sector is not 'trusted' by AMIBIOS will the default behavior be boot with a warning or not boot until the BIOS changes?
(Disclaimer: For the record, this is a feature I want to see die the same way Intel's CPU identification did. I'll be one of those dragging my feet making existing hardware and software last longer than I usually do hoping the market corrects the situation.)
+++ UGUCAUCGUAUUUCU
Here's a simple one... (Score:5, Redundant)
by Sheetrock (152993) Alter Relationship on Mon January 13, 09:06 AM (#5073396)
Why should I buy your products when you are conspiring to hobble future technology to limit us?
I will help with the development of an Open BIOS to drive people like AMI out of business.
GJC
Gregory Casamento
## Chief Maintainer for GNUstep
Exactly the same cut & paste from last Palladiumrelated discussion.. Congrats!..
Wow. I had no idea George Orwell had been a DoD consultant.
Life is like surrealism: if you have to have it explained to you, you can't afford it.
Can you trust your computer?
. html). If only a
.
- By Richard Stallman -
Who should your computer take its orders from? Most people think their
computers should obey them, not obey someone else. With a plan they call
"trusted computing," large media corporations (including the movie
companies and record companies), together with computer companies such
as Microsoft and Intel, are planning to make your computer obey them
instead of you. Proprietary programs have included malicious features
before, but this plan would make it universal.
Proprietary software means, fundamentally, that you don't control
what it does; you can't study the source code, or change it. It's not
surprising that clever businessmen find ways to use their control to
put you at a disadvantage. Microsoft has done this several times: one
version of Windows was designed to report to Microsoft all the
software on your hard disk; a recent "security" upgrade in Windows
Media Player required users to agree to new restrictions. But
Microsoft is not alone: the KaZaa music-sharing software is designed
so that KaZaa's business partner can rent out the use of your
computer to their clients. These malicious features are often secret,
but even once you know about them it is hard to remove them, since
you don't have the source code.
In the past, these were isolated incidents. "Trusted computing" would
make it pervasive. "Treacherous computing" is a more appropriate
name, because the plan is designed to make sure your computer will
systematically disobey you. In fact, it is designed to stop your
computer from functioning as a general-purpose computer. Every
operation may require explicit permission.
The technical idea underlying treacherous computing is that the
computer includes a digital encryption and signature device, and the
keys are kept secret from you. (Microsoft's version of this is called
"palladium.") Proprietary programs will use this device to control
which other programs you can run, which documents or data you can
access, and what programs you can pass them to. These programs will
continually download new authorization rules through the Internet,
and impose those rules automatically on your work. If you don't allow
your computer to obtain the new rules periodically from the Internet,
some capabilities will automatically cease to function.
Of course, Hollywood and the record companies plan to use treacherous
computing for "DRM" (Digital Restrictions Management), so that
downloaded videos and music can be played only on one specified
computer. Sharing will be entirely impossible, at least using the
authorized files that you would get from those companies. You, the
public, ought to have both the freedom and the ability to share these
things. (I expect that someone will find a way to produce unencrypted
versions, and to upload and share them, so DRM will not entirely
succeed, but that is no excuse for the system.)
Making sharing impossible is bad enough, but it gets worse. There are
plans to use the same facility for email and documents -- resulting
in email that disappears in two weeks, or documents that can only be
read on the computers in one company.
Imagine if you get an email from your boss telling you to do
something that you think is risky; a month later, when it backfires,
you can't use the email to show that the decision was not yours.
"Getting it in writing" doesn't protect you when the order is written
in disappearing ink.
Imagine if you get an email from your boss stating a policy that is
illegal or morally outrageous, such as to shred your company's audit
documents, or to allow a dangerous threat to your country to move
forward unchecked. Today you can send this to a reporter and expose
the activity. With treacherous computing, the reporter won't be able
to read the document; her computer will refuse to obey her.
Treacherous computing becomes a paradise for corruption.
Word processors such as Microsoft Word could use treacherous
computing when they save your documents, to make sure no competing
word processors can read them. Today we must figure out the secrets
of Word format by laborious experiments in order to make free word
processors read Word documents. If Word encrypts documents using
treacherous computing when saving them, the free software community
won't have a chance of developing software to read them -- and if we
could, such programs might even be forbidden by the Digital
Millennium Copyright Act.
Programs that use treacherous computing will continually download new
authorization rules through the Internet, and impose those rules
automatically on your work. If Microsoft, or the U.S. government,
does not like what you said in a document you wrote, they could post
new instructions telling all computers to refuse to let anyone read
that document. Each computer would obey when it downloads the new
instructions. Your writing would be subject to 1984-style retroactive
erasure. You might be unable to read it yourself.
You might think you can find out what nasty things a treacherous
computing application does, study how painful they are, and decide
whether to accept them. It would be short-sighted and foolish to
accept, but the point is that the deal you think you are making won't
stand still. Once you come depend on using the program, you are
hooked and they know it; then they can change the deal. Some
applications will automatically download upgrades that will do
something different -- and they won't give you a choice about whether
to upgrade.
Today you can avoid being restricted by proprietary software by not
using it. If you run GNU/Linux or another free operating system, and
if you avoid installing proprietary applications on it, then you are
in charge of what your computer does. If a free program has a
malicious feature, other developers in the community will take it
out, and you can use the corrected version. You can also run free
application programs and tools on non-free operating systems; this
falls short of fully giving you freedom, but many users do it.
Treacherous computing puts the existence of free operating systems
and free applications at risk, because you may not be able to run
them at all. Some versions of treacherous computing would require the
operating system to be specifically authorized by a particular
company. Free operating systems could not be installed. Some versions
of treacherous computing would require every program to be
specifically authorized by the operating system developer. You could
not run free applications on such a system. If you did figure out
how, and told someone, that could be a crime.
There are proposals already for U.S. laws that would require all
computers to support treacherous computing, and to prohibit
connecting old computers to the Internet. The CBDTPA (we call it the
Consume But Don't Try Programming Act) is one of them. But even if
they don't legally force you to switch to treacherous computing, the
pressure to accept it may be enormous. Today people often use Word
format for communication, although this causes several sorts of
problems (see
http://www.gnu.org/philosophy/no-word-attachments
treacherous computing machine can read the latest Word documents,
many people will switch to it, if they view the situation only in
terms of individual action (take it or leave it). To oppose
treacherous computing, we must join together and confront the
situation as a collective choice.
For further information about treacherous computing, see
http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html
To block treacherous computing will require large numbers of citizens
to organize. We need your help! The Electronic Frontier Foundation
(www.eff.org) and Public Knowledge (www.publicknowledge.org) are
campaigning against treacherous computing, and so is the
FSF-sponsored Digital Speech Project (www.digitalspeech.org). Please
visit these Web sites so you can sign up to support their work.
You can also help by writing to the public affairs offices of Intel,
IBM, HP/Compaq, or anyone you have bought a computer from, explaining
that you don't want to be pressured to buy "trusted" computing
systems so you don't want them to produce any. This can bring
consumer power to bear. If you do this on your own, please send
copies of your letters to the organizations above.
Postscripts:
1. The GNU Project distributes the GNU Privacy Guard, a program that
implements public-key encryption and digital signatures, which you
can use to send secure and private email. It is useful to explore how
GPG differs from treacherous computing, and see what makes one
helpful and the other so dangerous.
When someone uses GPG to send you an encrypted document, and you use
GPG to decode it, the result is an unencrypted document that you can
read, forward, copy, and even re-encrypt to send it securely to
someone else. A treacherous computing application would let you read
the words on the screen, but would not let you produce an unencrypted
document that you could use in other ways. GPG, a free software
package, makes security features available to the users; they use it.
Treacherous computing is designed to impose restrictions on the
users; it uses them.
2. Microsoft presents Palladium as a security measure, and claims
that it will protect against viruses, but this claim is evidently
false. A presentation by Microsoft Research in October 2002 stated
that one of the specifications of Palladium is that existing
operating systems and applications will continue to run; therefore,
viruses will continue to be able to do all the things that they can
do today.
When Microsoft speaks of "security" in connection with Palladium,
they do not mean what we normally mean by that word: protecting your
machine from things you do not want. They mean protecting your copies
of data on your machine from access by you in ways others do not
want. A slide in the presentation listed several types of secrets
Palladium could be used to keep, including "third party secrets" and
"user secrets" -- but it put "user secrets" in quotation marks,
recognizing that this is not what Palladium is really designed for.
The presentation made frequent use of other terms that we frequently
associate with the context of security, such as "attack," "malicious
code," "spoofing," as well as "trusted." None of them means what it
normally means. "Attack" doesn't mean someone trying to hurt you, it
means you trying to copy music. "Malicious code" means code installed
by you to do what someone else doesn't want your machine to do.
"Spoofing" doesn't mean someone fooling you, it means you fooling
Palladium. And so on.
3. A previous statement by the Palladium developers stated the basic
premise that whoever developed or collected information should have
total control of how you use it. This would represent a revolutionary
overturn of past ideas of ethics and of the legal system, and create
an unprecedented system of control. The specific problems of these
systems are no accident; they result from the basic goal. It is the
goal we must reject.
Copyright 2002 Richard Stallman
Verbatim copying and distribution of this entire article is permitted
without royalty in any medium provided this notice is preserved.
Will AMI pledge not to make DMCA claims against Open SOurce projects? If you do not, why should we believe a word you have to say?
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
Mod this one up!! Although not being able to run Paladium on my latest 5.3GHz Athlon XP2-64 home-built, water-cooled system wouldn't make me cry, I would like to at least have the choice to do so.
Just what problem is this trying to solve?
Why can't my computer be trusted?
Is this trying to fix a fundamental flaw in operating systems?
1) What does it take (steps,costs including any IP licensing fees) to make OS Foo boot on a TCPA computer?
2) What does it take (steps, costs including licensing fees) to make application Bar run on Foo? On any other OS?
Ignoring rampant paranoia, these are the questions that will actually affect open source development. It comes down to how much will it cost for us to run our programs?
If I have been able to see further than others, it is because I bought a pair of binoculars.
But we might have to buy imported hardware components on the black market.
My question is about the relationship between TCPA and Pallidum adn your company and the DARAP BIOS porject with similar aims..
Where does AIMSBIOS stand as far as getting a root certificate to run any Opensource OS or program under this new BIOS.. I believe under the DARPA project which btw already has run linux and BSd under its bios that youc an get a free root certificate to run any OS...
Does AIMSBIOS believe inthe same poplicy or are we going to see OpenSource held hostage!
Don't Tread on OpenSource
It seems like everyone is missing the point. Yes you will be able to run Linux etc. However even if your version of Linux is signed it doesn't mean that say Time Warner will work with it. Time Warner would say 'Yes we know exactly which pieces of software are running on your system and yes they are secure, however since your OS doesn't implement Time Warners set of consumer restrictions you will not be allowed to download our movies.'
Linux user would be frozen out because content providers simply will refuse to work with software unless they both 'trust' and that the software also implements the consumer restrictions that the content providers want.
Dont mod me up, I have enough karma.
If I run an alternative OS (Linux, DOS, etc.) will I have complete and unfettered access to MY HARDWARE on the PC that I OWN? This includes access to motherboard peripherals as well as total access to ALL peripherals on the PCI/Video/other bus.
If the answer is no, or if I get a wishy-washy "well, sort of, but..." then please enumerate those components I will not be able to access and WHY I CAN'T BE TRUSTED TO ACCESS MY OWN HARDWARE.
this is a damm good question.
Why?
(Hides rubber hose, lubricant, and yak.)
OK, I figured out the rubber hose and the lubricant. But the yak? WTF were you going to do with the yak????
Disclaimer: This disclaimer provides compliance under the Americans with Disabilities Act. For the humor impaired, yes, I know it's OT, but it is a joke.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Have you guys ever considered pushing the PC into the modern age by giving users the option of Open Firmware? Obviously the OS needs to expect it, but don't you think it'd be in the industry's best interest to finally break ranks and not boot a machine in 8086 mode?
Surely you could do this and still provide basic fallback for when people want to run their old DOS boot disks and whatnot. Perhaps a menu where the user could check 'boot in legacy mode' where the CPU would drop back to 8086 mode before loading that first bootsector? At any rate, it's high time that this gets fixed and since you're one of the few organizations that could spearhead that, what are your thoughts on it?
You can't intellectualy accept a company's published "stance" because said company has the ultimate option of misleadingly rewording, or even omitting, information that the public would find unappetizing. In a popularity-based publication, asking a specific list of questions usually attempts to lock them down into responding with a very narrow range of answers. Some political talk shows go so far as to re-ask the question if they didn't get the answer they want. (This is what they call "playing hardball.")
While you have to take what is said with a grain of salt in any case, some organizations, such as Republicans, Democrats and Microsoft, are in high enough positions to reword questions to a less damning, or even advantageous form. As an example, have you ever heard an interview where the interviewee was asked a piercing question, and he made it sound like the interviewer was a foolish idiot?
What's this Submit thingy do?
Since you are not running a "trusted OS", whenever you try to listen to a copyrighted song from CD, the BIOS shuts down the hard drives and CD-ROM drives. When you ask the BIOS manufacturer they will say "It works, as long as you don't try to open copyrighted material on an untrusted OS".
I want my rights back. I was actually using them when our government stole them after 9/11.
It does make logical sense - if a system can't harm you, it's not trusted because it's not *anything*, it's not part of the equation at all.
To say that something is 'trusted' says that it does in fact have the power to harm *but won't do so*.
That is the definition of "trust", whether you like it or not. It's not entirely a 'positive' connotation.
Do you suck cock for cash?
>Is there a migration path of I have decided to move my components from a DRM enabled machine to another vendor's bios ?
:
Sure is
0. Linux hacker. -- you are here.
1. Unlawful combatant.
2. Indefinite detainee.
3. Federal Pound-Me-In-The-Ass Prison.
Glonoinha the MebiByte Slayer
perhaps.
... way back in the days of Windows 3.1, I noticed that my AMIBIOS code for interrupt 9 (I think it was that... keyboard direct hardware service, anyhow) was byte-for-byte identical to significant sections of Windows' keyboard.drv code.
Now, I used that similarity to find a gap, where I could put special codes in my notebook computer's keyboard code to disable the keyboard while my scanner took data [it was a bug workaround]. But to this day, I wonder: did AMIBIOS know about this? Did they license it to Windows? Or was this just a case of "no, we didn't know, but they stole it"?
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
There's another lurking evil, and I really think this is the big one. Microsoft wants to protect their MS-Word near-monopoly (near? who an I kidding?) and TCPA+Palladium is a way of locking people into MS Office forever. Want to read that document that you converted to Palladium Office? You'll have to use a Microsoft product, because Office will require TCPA and it just used your motherboard to encrypt that file so that no other office software can read it.
.DOC files? Forget it. They're encrypted with a key, and obtaining that key without Microsoft's permission is a DMCA violation. Oh, but you can license the ability to read those files, for a huge fee. What? You want to edit them too? Prepare to pay a king's ransom.
What? You work for Sun and want to get StarOffice to read the new, improved,
Want to edit documents on your Palm(tm)? You must buy Microsoft Office for Palm, as Documents to Go won't work any more. Or maybe MS will tell you to go pound sand and buy a nice, new pocket PC that's running a Microsoft OS. Flip a coin on that one...it depends on how bad MS might want Palm out of business.
IMHO, that's the real purpose of TCPA+Palladium. Anti-competitive tactics on steroids.
I'm a hobbyist who builds his own computer, writes his own software, and (on rare occasions) will build hardware components (as in: with solder and chips). What assurance do I have that your "Trusted Computing" initiative won't interfere with my projects? Interference here is defined as reducing the operational capacities -- including networking features -- of the computer or reducing my ability to develop to my needs. In a way this is four separate questions: how software, Trusted vendor hardware, pre-Trust vendor hardware, and home-built hardware integrate into the "Trusted Computing" architecture.
Do you like Japanese imports?
Does your BIOS essentially take instructions from a TCPA-enabled OS that could disable certain hardware on the motherboard (any hardware) on command? In other words, if an untrusted DVD player was installed and the OS told your BIOS to disable the video and audio cards until that program was terminated... would your BIOS comply? If that is so (a lot of ifs, I know), what prevents a new generation of viruses from sending fake TCPA messages to the BIOS causing damage to your hardware and making all your software unable to be used by you?
How will it all work when you are running multiple diffrent OS from one machine? Specifically when one OS is protected and signed and the other isn't required to.
Will there be any affect on bootloaders?
And doesn't the availability of that feature place the security of the whole TCPA platform in question?
The thing about things we don't know is we often don't know we don't know them.
If Palladium is designed to provide a secure environment then how come it lets the user run Windows?
I have been doing research on BIOS settings for many years, and I have found good articles on what the settings do, and how to tweak them for the best performance/stability mix. But, I would like to know if the BIOS manufacturer itself would be able to provide an in-depth manual of all the BIOS settings, and what exactly they do. All the manuals that come with motherboards are very short on explanations, and I would like to see someone within the company actually explain to us hardware enthusiasts the down 'n dirty, nitty gritty, dirt under the rug, needle in a haystack type of information that we could use to make our computers run the absolute best they can. Because, as we all know, optimizing software and firmware is a lot cheaper than upgrading parts.
-Jay
-- Liberalism is a mental disorder.
Will the next computer you personally buy implement these features?
Who will you give access to your machine (Microsoft, RIAA, MPAA, Homeland Security)?
When the thought police come to round up us 'Criminals' that will not give up our 'untrusted' systems will you be able to sleep at night?
SD
âoeWho knew something as harmless as willful ignorance could end up having real consequences?â
What does the term "Trusted Editor" mean? An editor who breaks his trust?
any comparison with the events that we are strarting to see, and the facts previewed in the Apocalipse book.
If I remember well, the book written several thousand years ago, says that near the end, the evil master will implement many technical ways of controlling people, using a number in the right hand (finger print) or in the head (eye iris).
The book also says that it will be impossible to buy or sell anything without using the evil word.
When I read this I think about what things like Palladium and Passport, might turn in the future.
Palladium and any other DRM-enabling doodad are products that are inherently designed to enable vendors who do not trust their customers to exercise some degree of control over how those customers use the vendors' products. At the same time, those vendors expect customers to trust that the use of DRM products will not result in side effects that may be detrimental to users' freedom to use legally obtained products as they see fit provided such use is within the law.
Since AMI appears to be taking the side of those vendors who feel they cannot trust their customers, why should we as customers trust AMI to create products that do not infringe upon our rights as customers? Why should we not take our business to vendors who are willing to trust that we will not do anything illegal with their products, instead of assuming up front that all customers have some sort of illegal intent?
The poster partially answers his own question:
> Who are these customers? If this a case where customers are not the same as users?
AMI sells to motherboard manufacturers, not to end users. But the question still stands, who are these companies that are asking AMI for these features?
[PowerPoint] is a tool for capitalist presentation
Firstly I'm not familliar with the implementation details however I'm noticing that there is a fear that what is "trusted" to run on a person's PC will be choosen by companies who sell software and not the PC's owner.
What is the feasability of adding a mechanism such that the PC's owner will be able to generate a key pair and sign thier own programs (or even programs they download from the net)?
Either
a) It's signed by you
b) It's signed by someone you trust
I don't see this BIOS as being a major problem if it allows for self-signing with a), and for you to choose who is on your b) list.
i.e. if Sourceforge has a signing authority, can I add them to my list of trusted software sources? Or must all software be signed by Veri$ign?
retrorocket.o not found, launch anyway?
I had no idea George Orwell had been a DoD consultant.
Shouldn't it be obvious? After all, it's called the Department of Defense despite the fact that almost all of its budget goes not into defending the US but rather into attacking others. It should be called the Department of Offense.
Palladium claims to have the freedom to choose whether you want to connect to another palladium machine. This freedom is at an individual level, in the same was I can choose to use Abiword.
If Palladium achieves mass market how will my freedom not to use Palladium be possible? Will it be like having the Freedom to speak Esperanto?
--Giving to trolls for the benefit of us all
Or, maybe rephrase that as "Why shouldn't the average Linux user respond as if AMI just declared war on us?"
The thing about things we don't know is we often don't know we don't know them.
The TCPA organization does not make its membership publicly available. Why is that? How was that decision made? Was there a vote? Did AMI participate in that decision? If so, how did AMI vote? What are the benefits to AMI in being a member of the TCPA? Can you give us a list of members?
These are mainly regarding privacy issues and
valid for TCPA ( ie. no palladium involved )
Introduction from the page below linked below:
We are all aware of the criticisms that the TCPA has received. Ross Anderson did a good job of explaining the problems in an abstract fashion, but I felt that there were some things left out (Privacy concerns). I also wanted to see if the TCPA could provide the good things- mandatory access control, integrity protection, and secure storage without the bad things. What I found will appear in an article in my security column of IEEE Computer next month. However, I wanted to briefly mention the findings before hand.
http://www.cs.umd.edu/~waa/TCPA/TCPA-good nbad.html
And it ends with:
The TCPA as it stands now is unacceptable. But, technology such as TCPA offers great promise for improving information security. I hope that the TCPA technical committee listens to these suggestions and/or others, and takes action to improve the specification so that we can have the good, but not the bad.
/mi-ke
I would know my woody isn't signed anyway, no problem there. But I'd rather have bios telling me my new ArkLinux 4.2 is really signed or not.
Gentlemen, you can't fight in here, this is the War Room!
Who cut your hair?
What I find most interesting is how Palladium is advertized as having features like letting content creators (e.g. a person sending you an e-mail) control what you can do with it (automatic deletion, no forwarding, no printing).
However, we never get a say in this, we never agree to any such "contract". If your company is producing a product as part of a system designed to disempower me in favor of a machine, does it really surprise you that I don't like it?
TCPA/Palladium has never been about how I, the end user can come in control of my machine, because I am already in total control (up to the limitations of my tools). TCPA can for me, at best, be a hardware version of a "sandbox", where I control what resources are availible to a given program. But such programs already exists in software and has no need for hardware backing.
Many people have compared TCPA to being a program running in Ring -1 (Ring 0 being the OS kernel). The only thing it can control in addition to what the OS already can control, is what runs in Ring 0. So why do you need to control what runs in Ring 0? Answer me that.
Because you can't trust me, isn't it?. Isn't that what it's all about? Having a trust chain that I can't break. So the content, and my machine can negoiate a deal, without me ever getting a say. So that they two can decide, regardsless of rights granted by law (like fair use and first sale), when, how, where and what I can see, hear, use and do. And you don't find that offensive?
Kjella
Live today, because you never know what tomorrow brings
My questions are:
Who owns the keys?
How much do the keys cost?
How much will it cost to verify another user's key? (Will this be a subscription service?)
When whoever owns the keys decides they don't like me or what I am doing, can they turn the keys off?
What happens when the lock breaks or gets frozen in the winter?
Hang on a second - I'm not 100% sure but I strongly suspect that you license you bios software from AMI (much like any other software you never actually buy it).
This is no different than when a manufacturer only ever supplies a machine with windows preinstalled. I think some people have actually had refunds because they never used the installed os.
Should be interesting to see if AMI abuse their monopoly position to try and stop manufacturers supplying machines with alternate bios's
Despite much criticism of Palladium, I do think there is a need for a trusted security function built into hardware (so it will resist Trojan horse programs and kernel compromises).
If your children ever found out how lame you are, they'd murder you in your sleep
...I don't even proofread my own headilnes. Also, "regardsless" should be "regardless". What? You mean there's a preview button?
Kjella
Live today, because you never know what tomorrow brings
My question is how you would believe that enabling these features in your BIOS promotes open source. So to phrase it in a form of a question: Are there any ways an AMI TCPA enabled BIOS will promote open-source software? My gut tells me no way, but I am curious if you see any benefits of TCPA to open source software.
I'm sure a lot of people with much better technical knowledge than I will be raising some very valid points here. My question is, will you be reporting back these to your managers? Will AMI be taking these points into consideration or is this just a temporary public relations excercise towards the geek comminity.
Jeremy Paxman wins a Royal Television Soceity Award for his grilling of Michael Howard when in 1997 he asks Howard [the incumbent Home Secretary] the same question 14 times over the Derek Lewis prison affair, complete with interruptions and increasing impatience in his voice. I was watching it myself at the time with glee.
.
.
.
.ram format
MH: I was entitled to express my views. I was entitled to be consulted.
JP: Did you threaten to overrule him?
MH: I was not entitled to instruct Derek Lewis and I did not instruct him. And the truth of it is . .
JP: Did you threaten to overrule him?
MH: And the truth of the matter is Mr Marriott was not suspended. I did not . .
JP: Did you threaten to overrule him?
MH: I did not overrule Derek Lewis.
JP: Did you threaten to overrule him?
MH: I took advice on what I could and could not do . .
JP: Did you threaten to overrule him, Mr Howard?
MH: . . . and I acted scrupulously in accordance with that.
and so on
The BBC web archive of that interview in
They met again in 2002
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Of course. All my answers will be the [...] truth. No editorial input will be applied [unless deemed strictly necessary to guarantee appropriate standards of presentation -- Ed] between the time that [I] write the article and the time that [I] send it to [its recipient]. The PR guys promised. [No, we didn't.]
Come on, who're you kiddin'? Any reply from this guy, or anyone else writing on a subject so obviously controvserial, is going to be screened seventeen times over by PR weenies before it gets out into the wild.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
When someone starts out by claiming "the information you provided misled your readers" there's little hope of getting any honest answers. Rather than offer himself as a "Slashdot interview victim", Mr. AMI Sales Engineer should have simply presented us with an explanation of:
What are AMI's plans and intentions
Why do they think we need or want this
How many consumers who use AMI products are actually asking for this "feature".
I don't think we can expect honest answers from AMI, or any other company pushing Pd. In response to a comment warning about the unfriendly nature of TCPA/Pd on a listserv, an MS employee had this to say:
:-).
l . As you see, it is being seen
Scarey, maybe. Correct, not
There is a lot of speculation here which is not based on facts. PD will
give you the capability to protect some subsets of your system from
damage. Imagine having a fire proof safe in your house. Your house can
still burn down and your safe will still protect your documents that are
stored in there. Having the safe does not enable the people who sold
you the safe know what is stored in there. And if you don't want to
have the said safe, then don't use it! Same is true of PD.
As to the original comment regarding privacy, you are seeing our attempt
to document any and all aspects of the system that could concern anyone.
So you are going to see us telling a lot more about the capabilities of
the player and this can appear overwhelming at first. The good news is
that you have full knowledge of what we do and the choice to turn one or
more of these off if your privacy is more important than the
functionality. Competitors probably do the same thing but fail to warn
you explicitly about them (and burry the detail in long EULAs).
Here is a write-up from CNET on our privacy approach in media player:
http://news.com.com/2100-1023-955514.htm
as a very positive move and not negative at all. Here is one quote:
"If the final build looks like the software (that CNET News.com)
described, the implication is that Microsoft is taking consumer privacy
very seriously indeed and marks a big change for the company," said
Jupiter Research analyst Michael Gartenberg."
******
Microsoft
The "product" and "player" referenced above are the Windows Media Player. This came from a WM-centric listserv.
I expect similarly placating (and untrue) answers from AMI. It is my opinion that the best course of action in this case is to punish AMI as severely as possible for even taking the first step towards creating a component that conforms to either TCPA or Pd. There are two simple things any computer literate person can do to hurt AMI:
1. Don't buy their products.
2. Let them know you bought from a competitor because they dared support TCPA/Pd.
3. Let their competitors know that you're not buying AMI because of their unacceptable actions.
TCPA/Pd requires hardware and software to work. I don't think anyone is going to be convinced to stop using windows because it takes away his or her freedom (at least any more than they have in the past), and I don't think MS is going to be convinced to leave Pd out of its OSs. As I see it, the most effective way to prevent TCPA/Pd from advancing is by setting up a business environment in which hardware manufacturers are terrified at the prospect of producing TCPA/Pd compliant hardware. That, and user education, are the two things that I think have a hope of stopping TCPA/Pd.
I wrote a rather long response to the above comment, so I won't paste it here (Mozilla chokes if I try to paste 18KB into a text box), but I do plan on submitting it to the Pd faq maintainer as there are some important oportunity for MS to abuse it's power in a TCPA/Pd system that aren't covered. (e.g. MS not signing drivers for hardware devices that support competing technologies [OpenGL v. Direct3D, MPEG4 v. WM].)
Here's an interesting scenario:
- Office Palladium will require TCPA
- Linux, as an untrusted OS, won't be able to provide Office Palladium proper authentication, and Office will refuse to run under WINE.
- Windows users become reluctant to migrate to Linux since they can't run Office. (Believe it or not, Office is still the killer app for most folks).
I'm telling ya, the Office division is behind this at least as much as the content industry.
This isn't really a question for the interviewee, but, it seems to me that those of us who have been using Linux/BSD/whatever for long enough will likely have no problem getting around this stuff. Those who will be affected (and this would ultimately affect us all, if growth were to drop off), are new users who are just getting to the point where they can install Redhat, Mandrake, or one of the other desktop oriented distros without too much trouble. It seems likely that if TCPA or Palladium enabled BIOSes become widespread, there will be a hack to get around it. It might not be a hack, it might just be something as simple as disabling some setting in the BIOS - regardless, it will be another frustrating roadblock for a new Linux user to overcome. I fear to see the day when multitudes of people appear on usenet or IRC asking for help getting around their BIOS to install linux. (or the many more who will say "oh forget it" and go back to windows)
Out of curiosity, what benefit do we as customers (both windows and linux users) receive from buying a system with a TCPA-enabled BIOS? What benefit does AMI receive for selling them? Considering the fact that I can't think of even *one* good reason why any PC user can benefit from this, it sounds suspicious to say the least.
I disagree with what you say, but will defend to the death your right to tell such LIES!
Why is AMI doing this?
Do they think people want their OS to be able to lock them out of certain parts of their machine?
You see, I can't really see any application for TCPA / Palladium besides taking control away from the owner of a computer. Any of the other "security" features TCPA/Palladium provides can/have been easily implemented in software. The only application that requires BIOS/hardware level modifications, is one where you are trying to prevent the person who owns the computer from have full control over it.
Lately I've been beginning to notice that some companies have internal conflicts of interest that cause them to do stupid things, which are not what consumers want. (Stupid because, they loose money because consumers go elsewhere to get hardware that isn't crippled and any piracy that was going to happen still happens anyways.)
Sony, for example. Being both a hardware company and a media company, they seem to have an internal conflict of interest: To many RIAA/MPAA types CD/DVD burners are synonymous with piracy, this must lead to internal pressure on the hardware branch of the company to try and control what people can do with Sony hardware. Ex: It's rumored that Sony DVD burners can burn Xbox games but not PS2 games, Sony Discmans have often had sub-par CDR playing ability, Sony Minidisc recorders had an annoying copy protection flag that prevented you from making many digital copies of a minidisc.
This whole thing reminds me very much of the whole CPUID debacle. CPU manufacturer X starts putting unique ID numbers inside their CPU. They claim it will allow increased security for web transactions blah, blah, blah. The problem was there was not good reason why your average computer user would want a unique unchangable serial number for his computer. There was a tremendous potential for violation user's privacy and no good reason why they needed it in the first place. Why? A unique id could be implemented in software. The only reason to have it in hardware is to prevent the owner of the computer from changing
People didn't want them, and CPUIDs failed. Why does AMI think this is any different?
Life is too short to proofread.
Second part, and less important, what is the story with firewire booting? How hard is it to graft additional boot code onto a BIOS and present a device as a reasonable boot device to the rest of the BIOS?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
there is the truth, and much like the dvd codes got out, how long before a certified compiler is found in 'the wild'. Then they will have to either give up the scheme or be constantly re-issuing codes and revoking them. The truth
Now, I've been here a while, so when phrases like 'Usual interview rules apply' are tossed around, I understand the meaning.
But it occurs to me, there's probably many who don't. Why not have a page outlining the usual interview rules, and link to it when saying something like that?
All that factual knowledge, and such a limited ability to express disdain. What a tragic waste of living space.
Comment removed based on user account deletion
As discussed in this comment:0 378
http://slashdot.org/comments.pl?sid=50262&cid=505
The thread discusses loading a virtual machine such as Bochs on a TCPA-enabled machine, which would then emulate the functionality of the fritz chip in software, allowing it to bypass the trusted hardware. Such a method would allow the computer to return any result it wanted for software verification requests. It was discussed that a private key embedded in a tamper proof chip could be used to frustrate such an attack. How would you go about preventing such attacks? A single private key on every chip? Unique private keys on every chip? Please discuss.
I was musing the other day that an MP3 player would be really convenient to own *if* it had pitch control. If player firmware was available, somebody would have likely already written a patch, or I could do it myself.
Similarly, the linuxbios folks have gone to a great deal of effort to write a free PC BIOS from scratch - because nobody had the features they needed (like serial console support).
What will it take to get companies to start releasing firmware as Free Software?
--Just the place for a snark!
Instead of the refund avenue, the question of if you can install your own replacement IS a good question. On both techincal and legal grounds, can we? Or are we FORCED to use the bios ( ie 'trusted' ) that is supplied to us.
---- Booth was a patriot ----
I'm curious how the BIOS upgrade/flash process works with TCPA. With TCPA enabled, will the user have to be booted into a TCPA-compatible OS to be able to do this via a proprietary utility of some sort? Will there be some kind of public/private key exchange method available for floppy-based flashing if desired?
On a related note, if a TCPA-enabled BIOS gets corrupted (eg, no longer functions properly and can't be re-flashed using available methods), will it be possible to forcibly re-flash the BIOS to a clean state (also possibly non-TCPA enabled)?
The tcpa spec states that the TPM (Trusted Platform Module) contains hashing (SHA-1), random number generation (RNG) , asymmetric key generation (RSA), and asymmetric encryption/decryption (RSA). What advantages can open source projects such as openssh and openssl take by using the TPM implementation of these algorithims instead of normal software implementations? What potential uses can open source software get out of TCPA?
Trusted operating systems can be a GREAT thing, it's merely a question of who controls the TORA [trusted operating root authority]. IMHO, if I control the TORA, it gives me power over my computer that wouldn't normally be possible, even with the various mandatory access control systems available across different platforms.
All of these are software, while the TCPA system's hardware-based system, if properly implemented, will be much more resistant to attack than any software-based solution.
If you've ever typed ctrl-alt-delete on a PC, you've used a 'trusted' feature, since it generates an interrupt which cannot be trapped by usermode software. Last time I checked, ctrl-alt-delete didn't present a clear and present danger to the operation of my computer -- merely my sanity.
We should focus on the real issues -- ownership of the TORA, as well as the distribution of simple methods to regain control of your computer's TORA through simple hardware hacking, much like the chipping of games consoles that still goes on fairly freely even in these dark days of DMCA, SSSCA, etc.
[standard disclaimers: not a hardware expert, info above is provided to the best of my knowledge but details may be incorrect...]
If applied across all executables and scripts.
Especially if it could be fine grained down to a per user basis. i.e. a system wide policy of who can run what.
Then you could have root to be only available in single user mode.
Stick that up your rootkit.
hmm it's starting to sound like plan9
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
There is no component in this technology that did not already exist for a long time. If it was so useful (security, etc.), other platforms like servers and mainframes which are usually years ahead of the PC industry would have implemented it long ago. Why is it that only the PC industry is pursuing it?
I copied this sig.
How could TCPA and Palladium NOT be intertwined?
By the various definitions of what TCPA and Palladuim calim to be and what they claim to be able to deliver to "customers" - the hardware and the software must validate each other.
If either the software or the hardware was "untrusted" in a TCPA and Palladium world, then by definition, neither can actually do any of what they claim to be able to do.
If i can run "untrusted" software on a TCPA - then TCPA couldn't be very effective.. and if i could run "untrusted" hardware with Palladium - then Palladium would be just as ineffective.
Rouge hardware and rouge software are not allowable - by the definition of trusted software and trusted hardware.
I guarantee you - much software and much hardware will never be trusted. Either because of who made it (w4r3z d00d, Apple, etc.) or who didn't make it (Intel, Micro Soft, etc.).
This is why these concerns arise.
guns kill people like spoons make Rosie O'Donnell fat.
As flash storage drops in price, especially wrt motherboard costs, and the way i see it, there isn't _that_ much more functionality to add to the BIOS, when will we see a nice bootloader being integrated in the BIOS (from the manufacturer), or why won't we see it?
.... who cares. it would at least be able to include a menu item for it, if it can't hold the 'windows kernel' (however big that is - haven't got a clue).
i'm talking about integrating the equivalent of grub in the BIOS, along with maybe 16MB of flash to hold a few kernels and ramdisks. You'd also (of course) include utilities for changing the menu, loading/deleting files to/from flash, for most OSes (as this would be relatively simple code: do a nice GUI for windows but a simple command-line utility could be written that easily recompiles in linux, *BSD (including OSX), etc. - we'll do the rest and slap a GUI to call the cmdline program).
I would LOVE that, and it really doesn't seem that hard - there are indeed a few projects doing it already, it should be quite cheap for you to do, so we'd see it in motherboards off-the-shelf...
I agree it might not be able to load windows, but
Why stop there? why is it that there still isn't a minimalist linux system with busybox in every modern BIOS, which would allow booting a diskless station into enough functionality to at least re-partition a hard drive? That's a whole single MB of flash!
my question really is: i would have expected that by now, why don't i see it?
(please, don't flame me with "it exists already" - i want to hear the manufacturer on this! most people would never dare re-flash their BIOS with something else - they barely have the courage to flash BIOS updates from the mfgr!)
for a priest to come and exorcise this child of satan (DRM support) from an AMI Bios motherboard?
--- Grow a pair, liberals... stop letting the Republicans bully you!
open source OS companies (like RedHat)
as far as I can see Red Hat is a for-profit company just like any other. If they want to call a tune they have to pay the piper just like anyone else.
The volume of computing means that non "trusted" machines will be available. You don't think people like Yahoo will suddenly switch from FreeBSD to Windows because they can only find motherboards with an AMI bios?
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Will the AMI version of their BIOS (once Paladium is implemented in the hardware/BIOS) allow the execution of an alternative OS (not Linux, not Microsoft) with no changes to the existing OS? What changes will have to be made to the OS to make it boot and execute is it would today but on a Paladium-empowered platform?
In other words, can I just turn the thing off in the BIOS? Or are you changing things so radically that today's I386 OS won't work without change?
http://www.linuxbios.org
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
A user's rights?
OR
A "content provider's" rights?
Please don't bother answering if you're going to waffle.
---
Information wants...you to shut your pie hole.
You've said that AMI has nothing to do with Palladium. Of course, that's true. One is a BIOS, and the other is an operating system made by another company. I have no issue with that.
However, we ALL know that Palladium will run in TCPA trusted mode, and TCPA functions will be active.
So here's the question (ahem):
If:
- I, as a Linux user, want to BUY the next version of Microsoft Office(tm) and run it on my Linux box under WINE, and:
- said version of Office requires that it be run on a trusted platform (i.e. it requires TCPA authentication),
WHAT WILL HAPPEN?
I'm sure you think this is a loaded question. It is, and it isn't. It is in the sense that I suspect what the answer will be, but I want to hear you answer it. It isn't, in the sense that this is a very serious issue and has enormous ramifications for the entire industry. You see, I think that TCPA+Palladium are really schemes for killing Linux by denying it the ability to run Microsoft applications. To that end, I don't consider you accomplices, but perhaps dupes. I ask you the above question in all seriousness, and I challenge you to prove me wrong.
The proper way would be a reverse class action suit, for all the media, software, etc. on my computer that isn't paid for, I should be forced, including court costs to buy what I have used. There are a few ways to do this and do it cheaply but my disposition inclines me to withhold.
These laws that were bought out of ignorance are/and will become an assault on every american within their own home. These laws can and will be used to stifle any home start-ups, as well as keep hollywood in hollywood. I shudder to think they're applications when the 'digital age' acutally begins. This response go far and beyond what is remotely necessary.
Think long and hard to what you're doing: a few weeks ago I heard a comedian make some cracks about a sleeping giant being awaken, not yet, but your closer to doing that then bin laden or saddam ever could.
"The first internet virus could be described as The Declaration of Independance" --a modest mis-quote, Project Gutenberg
Dear AMI BIOS Developer
At first, I was going to ask you about how you have cooperated, if at all, with the Linux BIOS project. After all, you often have historically cooperated with Microsoft and Novell. What are you doing to help Linux?
But then it occurred to me, if Linux BIOS was successful, it would put AMI out of the BIOS software development business. Linux BIOS is a competitor of AMI.
What is your personal perspective about Linux BIOS, and what does AMI think about it?
Thank you
The LinuxBIOS Home Page
http://www.acl.lanl.gov/linuxbios/
Slashdot | Linux BIOS
http://slashdot.org/articles/00/06/14/21102
# Jesse Molina
Could someone out there be kind enough to explain what exactly "Trusted Computing" is, or point me to some information on the web. I understand it will be used somewhat to limit the playing of pirated music/video files, but beyond that I am clueless. Any information would be greatly appreciated. Thanks
Grass-roots web hosting.We are poor colleg
How much *does* a soul fetch on the open market nowadays?
The TCPA standard talks a lot about the "Owner" of the system, and how the "Owner" can initialize a new system so that it will begin generating keys and such using a password set up during the "ownership" process (See Section 2.6 of the Standard). My question is: who would the "Owner" of a system normally be in plain english? The actual end-user (or their administrator)? Or would the TPM get "owned" by the hardware vendor (Dell, HP, etc.) Or the OS vendor? Or the motherboard manufacturer?
Second, will it be possible to completely reset the TPM to a non-owned state to allow used hardware to be sold "as new"? Or would the hardware refuse to allow a new owner?
Will you opensource your BIOS so _we_ (so-called users of trusted BIOS) will be able to verify that your product doesn't harm our privacy or infridge our legally own rights (whichever country we come from) ? So that WE can trust YOU ?
I don't understand why companies are supplying something that has zero demand from consumers. I can understand that big companies and bad bad associations (MPAA, RIAA) are also customers. But, in the home-based desktop systems market, does anyone really want this trusted computing business? Who is this for? Does AMI see customers choosing one board over another based simply on the 'feature' of trusted computing? I see myself upgrading my computer to the newest and best that it can be right _before_ this palladium flood begins and sticking with it until the end. I guess that I had better start looking.
--Mark
...exactly why AMI's TCPA cannot be abused by corporations to harm/lock out Open source.
Please explain to us why AMI's TCPA is a good thing for Linux.
Let's cut the marketting double-speak. We all know that Palladium will not enhance the ability of consumers to secure their systems. It will only raise the barrier to entry for small and free software developers. What reason do I have to buy such a system? I have heard of nothing similar to this BIOS from your competitors and as someone who often doesn't use Microsoft products and has the financial means to buy a high end PC, why should I buy a motherboard with your new Palladium BIOS? Like most educated, principled people I am not willing to sacrifice freedom for a little security. So what overwhelming advantage would your product really be giving me?
Click here or a puppy gets stomped!
dns host spoofing, and redirection to your own personal key server (which unlocks all media flags) that was written by a 15 year old in russia. just seeding ideas...
One of the most interesting posts I've seen regarding this subject was found at Microsoft.com
I'd love to hear how you'd address some of the points he brings up in the article.
In case the site goes down, or is changed, I've mirrored it at sq7.org/media/ms.html
Colin Davis
WTF is a "sales engineer"?
autopr0n is like, down and stuff.
So, they'll basicaly be saying: "set of data is verified as secure by HP, we won't cover any modifications, run them at your own risk."
It seems totaly resonable to me, and you can still share bit-perfict copies with their signatures.
autopr0n is like, down and stuff.
I disagree - strongly. Operating systems are already "trusted" in this sense. They already implement "user owned" TORA. That's what the permissions system is there for - which your "CTRL ALT DEL" example illustrates admirably. If I'm running Linux as a normal user, download a virus, and run it, at most all it can do is screw up my account - not the OS, not my configuration, nothing else.
The only reason why anyone would want this kind of permissions placed into the BIOS (including, quite tellingly, implementing on-chip encryption) is if you were trying to remove the user's ultimate ability to control his own machine. Period.
I don't need this I don't want it and it does not in any way benefit me, it will however, benefit corporations once this type of hardware takes hold.
It will not benefit the end user in any way that I see as worth while.
"If any question why we died, Tell them because our fathers lied."
Palladium/TCPA/etc have 2 fundamental flaws that its supporters will not admit:
1. They must be mandatory and you must not be able to defeat them or turn them off, otherwise what's the point.
2. They are based on a lie. The Lie being used to sell this crap is the claim that content providers must be able to secure their content form "theft", "piracy" and other evils. This is a blatant lie.
The true purpose is to eliminate Fair Use and, even worse, the eliminate the private ownership of property.
I don't see how that could possibly be the case. It would be great for security, IE preventing breakins and the like, but it wouldn't really give anyone any DRM protection, because you could just install the public keys of cracking teams.
autopr0n is like, down and stuff.
Can TCPA be used to the benifit Open Source software? How?
Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it. ~A. Perlis
That one's a laugh riot...
autopr0n is like, down and stuff.
Say I'm an average user who knows what I'm doing on a computer. I've read enough to know that I don't like the idea of a company deciding what I can and can't do on my own system, whether it be Windows or Linux based. What specific benefits will your new BIOS give me without forcing me to do anything I don't want to that I can't get from a non Palladium-enabled/DRM capable computer?
The TCPA consortium currently tries to enforce the chips by not telling the people (is the TCPA chip marketed in the IBM notebooks sold?)
First of all how do you thing things will not backfire as soon as TCPA is enforced
a) Users dont really like to have taken away what they are used to
b) Developers (and Im talking about the myriad of developers working outside of the 150 TCPA companies) dont really like being pushed out of the market by not being able to develop anymore without having to pay possibly ridiculous amount of money for a developers key
c) How do you plan on getting new developers by closing the whole thing down so that only a handful of people in the worst case are allowed to develop on the machines, you basically drive out the next generation of people working for you.
d) If TCPA currently can be turned off, how do you ensure that in next gen machines TCPA will not be enforced strictly by having it turned on all the time
e) How do you prevent the desaster a full blown attack on the central TCPA/Palladium servers with all the keys stolen can cause?
f) With 90% of the worms currently being scripting worms using security flaws in a well known email client, how do you prevent that without closing every third party programming? So you want to sell the stuff over security? How does that fit into the scheme?
what u think about the international issues of enabling tcpa in your products ?
;)
i know that if senator fritz hollings bill is accepted by america u (ami, n other vendors) have to incooperate tcpa in your products.
when u dunnot wanna get in jail.
so what u think will be the reaction of the rest of the world, let's say europe,asia-pacific. i don't think ( just me ) it could be a great value to your company cause the laws in europe are totally different. and i don't think it's an goal of european. asia-pacific goverments to switch to an trusted enviroment, as long as the trust isen't in their own control.
i can understand that palladium and tcpa are two different technologies, and palladium is more on the drm/licencing (thnx lucky green) side as on the trusted site.
but i dunnot see an advantage over an pki solution
i don't think european home-users are very enlighted about this step.
as home user u don't need that security, for what ( that 4 letter's and some porn site u surf, no never )
for small-medium company's @least in europe it MAY be a way to go.(cause pki is sooo difficult), and maybe the buy the 10 new server's which is their infrastructure.
for big company's there's is no way to migrate such a thing, cause u're mainframes won't be trusted ( in the palladium sense )
so maybe some r&d departments ( which allready use pki ) could make something out of it. but if whinWhatever ( longorn ) uses external trust , why should they do it ?
so wth...
so the copyright protection laws are also slighty in an other sense than america.
i personally think it will be a win-win situation for linux here ( cause of palladium (winWhatever, migrating trusted data when it's encyphered with trusted private key on the f#### chip and you'r os NUB )
how u wanna migrate such stuff, if that box isen't trusted anymore, n u're os key is on the blacklist ? )
and u don't even have the os NUB when by accident some box is untrusted and u must recover the data.
i think it should be a cash cow for mickey-clickey s,iira,dmca and other stupidity's
i mean
as european im very delighted about that, that tcpa is soo secure , but its illegal for americans to patch the red-hat security patches
instead u'll have too enable tcpa, u're data will be harder to migrate, the drm stuff will make live much more easyier, we have no dcma so we do not get in jail if we programm interoperable programm's.
and maybe, maybe the next big software distro will not be red-hat , maybe it will LSB ( suse , mandrake , connectiva ) , but this may be illegal for u too use (just joking , but u never know )
C'mon folks, they _made an OS_, one that is better in many ways than Winblows. They cracked an Xbox (MS-ware) and ran Linux on it. Seriously, they will look at Palladium, TCPA, and DRM and collectively annouce "wtf!?! lmmfao!"
Now watch this drive.
Does this mean that MS will have to 'prune' their OS and applications as well to make them secure enough to be signed?
If the powers that be at AMIBIOS are hellbent on doing this, will users of your company's BIOS be able to upgrade/update without being forced to include the Big Brother "features"?
Most importantly, will a system admin be able to sign code as trusted (whether his or another coder's) for all machines in his control? By extension, will an individual be able to do the same for machine(s) under their control? Or will only Verisign, Thawte, etc. be trusted?
I truely hate the entire TCPA/Palladium concept, and the direction it's going. I've hated microsoft years.. back in the days when the term "It's not done, till lotus wont run" was coined. They are a bunch of evil bastards, and we all know it. Most users don't though. They just don't care enough to look at the company that makes thier computers work. TCPA/Palladium is the perfect tool to bring that dark infected core out into the open where even the most disinterested user can see it. After seeing the near universal hatred that the messages on the boards have brought to light I now belive that this move will do more for putting Linux, and an open source BIOS, on the desktop than anything else that has come before. I can see the dicussion now... MotherBoards R us V.P. - "So how many boards have we rolled off the assembly line with the new TCPA features?" Lacky - "6.7 million sir!" MotherBoards R us V.P. - "Fantasic! How many do we have sales orders for?" Lacky - "umm... Seven"
It would be nice to have this option for certain cirumstances, say online gaming,or maybe electronic voting, but the loss of control far out-weighs the potential gains, and to top it off NO MATTER what assurances I was given by a for profit corp. or the current elected/appointed official we all know that given a penny potential for profit they'd sell their own children.
errr....umm...*whooosh* *whoosh* Is this thing on ?
It's obvious every computer user with a clue does NOT want this "feature" in their hardware. So why on earth would AMI or any hardware company add support for TCPA? Why add ANY feature your customers do not want? Secondly, don't you think it's in everyone's best interest (hardware manufacturers, developers, end users, and even AMI's best interest) to keep the PC open, the way it is now? Why do anything that could potentially help Microsoft increase its control and power in the PC industry?
You do have a trust relationship with other drivers on the road. It's not 100% reliable, but law enforcement is supposed to ensure that everyone is: insured, licensed, sober, and driving a reasonably maintained car. In the cases where this is likely to break down (early morning new years, cities with high rates of uninsured drivers) I tend not to drive.
I feel the same way about computing. No, I don't have to trust every other machine and every piece of code out there, but I don't run random code or let random machines connect to mine.
Why not release the source code to earlier BIOS versions (e.g., from motherboards before 2001 or 2000)?
...will this allow Microsoft operating systems to actually install???
And what about Internet Explorer? How will it check if IE has a nasty hole in it that will allow someone to format my hard drive just by visiting a webpage?
And Microsoft Office? Will it let me install that?
Will it let ANY Microsoft software be installed at all?
I have to wonder:
.DOC files to disk (thus making it impossible for 3rd party apps to read them) or, if a judge won't allow it, obfuscate the file format as much as possible and use patents+legal threats to protect them (once again, to lock out 3rd party apps). The point here is to make the new version of Office indispensible. It is important to note that, even if there is a lawsuit over this against Microsoft, it could take 8 years or so for it to come to a head, and the judge may side with MS in the end anyway.
.DOC file format.
.DOC later, the damage will have been done as the original .DOC formatting would have been damaged or lost.
- Introduce a new version of Office that introduces a new default file format. This is key, since in five years this file format would be ubiquitous, and the new version of Office would be required to read these files. Forget about sticking with Office 2k/XP. It isn't an option.
- Either use TCPA to encrypt the new
- Make this shiny new version of Office require a "trusted" platform (i.e. TCPA mode) to run with full functionality. You've just locked out Linux+WINE and made it very hard for vendors to sell or offer PC's without Windows, since they will not only be unable to run Office, they won't even be able to read the new
Voila! You've managed to use your Office software monopoly to preserve your OS monopoly. Switching to Linux+WINE a few years from now will make it impossible to read documents in the new Office, without perhaps exporting those documents to some other format (which would of course by design lose some vital formatting information). It makes it really hard for companies to switch, and dissuades people from migrating since they'll have to not only leave Office behind, but their Office documents as well. It also totally breaks the ability to share documents between the Linux and Windows worlds, without first changing to a (likely inferior) common format first. While you could probably convert back to the new
I wish I felt wrong about this, but I really believe that this is Microsoft's strategy to kill Linux. IMHO TCPA really is that dangerous--the whole thing about online music and movies is trivial by comparison (maybe it's a smoke screen).
When the article came up, I suggested that you guys would wind up plugging this in as an option set to "On" as a default. If (God forbid) Palladium were implemented, or as far as our current TCPA bit, would this be implemnted as said option that one could turn off or on as needed, to avoid conflicting with hardware?
This sig no verb.
Presumably, the TCPA-specific parts of your new AMIBIOS8 will be intellectual property that your company will guard closely, and if not, working around it to get a LinuxBIOS/OpenBIOS working will surely be a violation of the DMCA. So how will this affect the LinuxBIOS and OpenBIOS projects?
http://ward.vandewege.net/blog/
Is this an attempt to prevent motherboard manufacturers who have, in the past, pirated your BIOS, from continuing to do so?
[ If so, kudos to you! ]
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
I'm missing something, what are you after? Why not just use the bios password feature? This would prevent the causual attacker from say booting off a floppy. If someone else already has your machine physically, they can do anything they want with the disk. If what you are after is simply to restrict code from being run, why not just use chmod? What exactly do you wish to acheive that you don't already have?
Friends don't help friends install M$ junk.
Will AMI, for the forseeable future, be producing only TCPA-enabled bioses, or will a TCPA-free (as in without TCPA) bios version be available to companies who want it? If, for example, a motherboard manufacturer says, "We would like to produce this motherboard. There will be one revision called the K8-XVG-T which will have TCPA and one just called K8-XVG which is normal." would you be able to provide that or would they have to go a different route?
:) I wish I hadn't gotten here so late...
I'd also like to ask when a major visual overhaul of the ami bios is due, because I'm getting tired of seeing that same old menu setup, but I have a feeling the answer will be never
Maybe I'm missing something, but as far as I can see, TCPA is lending itself to interpreted languages.
A signed binary (the interpreter) is running the code.
A compiler could do the same thing, compile your c/whatever code to a library, and then jump into the library, effectively running your application.
if say, and ELF loader was signed, isn't it effectively able to run any application with unlimited permissions? How would other applications over the network know that you aren't running a signed application?
Please explain what i'm getting wrong because folowing this line of thinking TCPA seems pretty useless.
Lets say you work for microsoft and its your job to think of ways to abuse all this technology, both technologicly and legaly. Given that, what abuses do you see as possible?
Can you describe what the atmosphere was like at your company after the initial post on Slashdot? Why has your company chosen Slashdot as your forum of choice? Does this mean we're your demographic?
This guy is way out there
Fortunately, I can and do believe in the products and services I do SE-type work on :-), and to a reasonable extent, I've got a good understanding of their limits. I wouldn't do it otherwise. Ethics are a critical part of engineering. The alternative to "moral flexibility" is that you have to understand your products, and your business, and your industry, and your customer's needs, and sometimes be creative about finding solutions to problems that aren't a close match to what you'd like to sell.
That doesn't mean I think our stuff is perfect, and when there are limitations that affect the performance a customer will get from them, I'll be happy to tell them; most customers that have their engineers at meetings appreciate this, which is why the sales people bring me. Sometimes it means telling the customer's engineer "Yes, we don't handle the third left-hand flow-control-bit the way you'd like, but that's really only a 1% performance difference, and you can have your purchasing guy haggle with our sales guy over whether to buy a bigger circuit or give you a bigger discount on the price, but remember that we're handling the right-hand flow-control bits in ways that give you N% better performance than the old network did."
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
why do bios's help files suck so bad? (e.g. when you press F1 to get information on parameter X with options A and B, the "help" is "parameter X: option A or B") i understand memory constraints but daaaamn have i seen some crappy "help" strings...
I took a look at the TCPA and TPM faqs and from the looks of it, the trusted computing features can be turned off so it functions like my current system? Am I mistaken that Linux could run with out having to be signed? And Apps running under Linux could be programmed to use the TCPA certificate?
Since it is possible I could be secretly copying and distributing illegal copies of music CDs do you think it would be reasonable for law enforcement to search my house without a warrant to see if this might be so?
Folks don't be fooled. This is what Palladium and TCPA is all about! Asking users to *continuously* prove they are (a) not doing something illegal (as defined by the content creator) and (b) do this without there first being any evidence of a crime being committed (the potential is *good* enough!).
Think hard about what freedom means -- it means we tolerate the potential for criminal activity lest we infringe on the rights and freedoms of law abiding citizens.
I just want to know why motherboard manufacturers refuse to document all the damn BIOS settings!
If Pallidium isn't equated to DRM, then why are they always associated together. When one is talked about, why is the other. Apparently if you are promoting DRM then you are promoting its software extension Pallidium. The thing is both can be turned off, on with hardware, one with software(probably a registry entry :) )
Please post a response as soon as you have one from AMI.
Om, nomnomnom...
Have you now, or have you ever been, a member of the communist party?
I can see this system being abused in this
unusual manner, and more. Image.
Can't you just run it under wine with TCPA turned off? who cares if the application is signed if TCPA is turned off. This is actually an advantage for linux. We can run any software we want. The problem is the internet enabled software that connects to servers requiring TCPA enabled verification/certification.
Whilst most of this debate is driven by American laws, not all countries are quite so rabid in terms of rights management. For example, in both France and Australia, DVD region coding is illegal.
Do you intend to release standard versions (ie. without any trust/DRM features) of your BIOS if you are compelled to do so by the laws in a given country?
It is not whether TCPA is Palladium but whether it will be abused in the same way and gives the same power over products we own to Microsoft as Palladium does. Can you provide a contrast and comparison of the two and, in plain factual statements why TCPA is different and why we should trust it in the hands of Microsoft and Intel?
We all heard about the "legacy-free PC" concepts from wintel, or how to dump functionnal, documented and supported ports such as RS232 and centronics from the PC in favour of supposedly newer and incompatible, undocumented, licenced (= $$), patent-encumbered ports (USB, but also this "debug" connector which will take some years to be itself debugged and which you don't know how to wire a vt100 on).
Now what I would call legacy is really this TCPA thingy...
So the question is:
Will you provide legacy-free BIOSes to custommers who ask/need them ? (That is the version without TCPA) Will this version be available directly to customer at shops ? or will we have to ask you for a replacement flash file ??
Will we even be able to flash our own (and owned !) BIOS ??? (and flash it again with the TCPA-enabled once we want it without loosing any signature ?)
Finally put in a simpler way will we still be able to _own_ the things we buy ???
1) Does TCPA essentially consist of a group of routines which the kernal may or may not call. Once it does call these routines, the os cedes by the encryption and related functionalities within these routines. Whoever has these keys then has effective control.
2) Assuming the answer to the first question is yes, and that TCPA thus doesn't force linux to do anything, isn't there still a hidden problem.
TCPA is implementing a functionality which Linux will never call, thus it creates an implied "lack" in the kernal.
How can this be good or desirable for us?
And for that matter, how about OLDER Microsoft OSs? Win95/98 are still in very wide use, and even DOS (both M$ and other flavours) still has a solid user base -- even among people buying NEW systems.
I've always preferred AMI BIOSs for a lot of very good technical reasons, and having an AMI BIOS has always been a prime criterion when I look for a new motherboard. Please don't make me change my mind!!
~REZ~ #43301. Who'd fake being me anyway?
What happens when the OS or apps crash and the user is locked out because the TCPA thinks that something unauthorized is being done from an untrusted source?
Sounds like a can of worms gets opened for troubleshooting: OS support blames the bios manufacturer which blames the application developer which blames the hardware manufacturer which blames the add-on components. In the meantime, your stuck with a computer that has to be wiped clean and loaded from scratch until the same thing happens..... Can't wait!
Does the LinuxBIOS project even show up on your company's radar? That is, is there any concern that x86 BIOS will be (further) commoditized, and hence decrease BIOS profit margins? Where would your company go next if the bottom fell out of the BIOS market?
As an example of the decreased relevance of the BIOS in modern computing, consider how Linux (the kernel) ignores the BIOS wherever possible and goes straight to the hardware, relegating the BIOS to the boot sequence and (usually buggy) power management.
-Paul Komarek
Palladium, M$, TCPA, RIAA, MPAA, and all the other money changing parasites can kiss my ass sideways and go straight to the seventh level of hell.
Screw all of it! I'm going back to my VIC-20!!!
his company is not the one with for the plan --they are merely dragged into it, and I think they can't do squat about it.
The fact that he offered himself up for questions tells me he doesn't understand the issues. His offer sounds like he plans to come back and debunk a bunch of myths. This issue has been debated over and over. It's the TCPA's rhetoric which has been debunked time and time again.
Since this guy doesn't actually understand the issues, his company probably didn't know what they were getting into. Who decides if AMI's BIOS will be signed? I doubt it's AMI. Who decides what conditions AMI must meet before their BIOS is signed? Probably not AMI. Unless AMI has control of the keys, TCPA is just as bad for them as it is for us.
I suspect AMI put their company in someone else's hands without even realizing it.
nooo, oh please why is everyone missing the point ?
: .docs. Well they COULD choose to use something else, they were FREE to use something else. There just wasn't anything else.
The idea is the same as proprietary file formats
you know when a few years ago some people where forced to use word just to be able to read their
Here with TCPA the question is : what will happen after most people start using it ? you know what will happen : you'll be forced to use TCPA too, just to read what these people are producing.
And in that case it'll be useless to have a NON-TCPA bios. You can already disable TCPA options.you CAN choose.
But you'll be forced to choose YES, I WANT TO CONTINUE TO INTEROPERATE WITH THE REST OF THE WORLD
My question is, why do PCs even have a full BIOS anymore? Since most OSes seem to do their very best to completely ignore the BIOS (so many of them being buggy and unreliable), why do we even need them to go and initialise devices, only to have the OS rescan all the busses and initialise everything again?
Surely by now the BIOS can be reduced to something simple enough to kick off whatever bootloader is in use.
Chris "Ng" Jones
cmsj@tenshu.net
www.tenshu.net
For anyone buying computers with this tech enabled- whats in it for us? Beyond not being given the choice (Ie Roll out of TCPA only Mobos etc) - why else would we choose this?
OrionRobots.co.uk - Robots From sol
TCPA is a different issue - it's a set of BIOS features that will only let the machine start up if it's running a certified operating system configuration (which the hardware validates as unmodified), and a set of features that let an operating system and application programs check that the system is running in TCPA-approved mode (that's a bit similar to Palladium, but still fundamentally different), and a set of things that the system won't do if it's not running a certified system. Depending on which version of the spec and proposed followons you're reading and how aggressive the implementation is, there may be things that you'd like to do that you can't do on a non-certified system - like use the sound card, or maybe the _video_, or maybe it won't boot at all, or maybe it just won't let you load kernel modules, plus it obviously won't tell the software that you're running in Trust-Us mode if you're not.
Obviously, an aggressive implementation won't fly for many Linux users, but it may still be usable by Linux _consumers_. The best case is somewhat like having a car with the hood welded shut and a security system that disables it if you mess around; you can paint it any color you'd like, and put whatever you want in the trunk, but you can't start the engine unless your seatbelt's on and you blow in the breathalyzer (which is hard to reach when you're wearing your seatbelt, of course), and if you take the radio out, the radio won't work and the car won't let you put a different radio in, so the RIAA knows you're not playing MP3-CDs in your car, but at least it isn't always tuned to MS-NBC, though if you're playing a non-RIAA-certified CD, it only plays on the tinny little mono speaker in the dashboard, not the four-way tunable woofers or the heads-up display system, and if you do tune to a different radio station, it only uses the right-hand speaker if Rush Limbaugh is on, and only uses the left-hand speakers if it's National Public Radio, and I'm sorry but you can't play Free Radio Berkeley at all...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Fair point. My issue is really that these protections implemented in software can always be screwed up. Properly implemented, hardware can't be without interference with the hardware itself.
Without the trusted components, I can never be certain which level of my computer's systems I'm interacting with.
Besides. TCPA will happen. Best that we concentrate on subverting what will most certainly be put in place!
I have read through the comments and over and over again see the question of why is AMI doing this and what does this do for the end user?
No answer given on this technology has answered that question for people. Until that is answered without untruths a large section of the community is not going to even look towards this technology.
So can you sum up what the benefits/drawbacks are of this tech for AMI and contrast and compare with the benefits/drawbacks for the users.
I was thinking of the immortal words of Socrates, who said: "I drank what?" - Chris Knight (Val Kilmer)- Real Genius
ROTFL!
Esli epei etot cumprenan, shris soa Sfaha.
Someone with the technical experience that they can answer questions relating to sales, like whether something can or can't be done with a product, and to provide advice.
If I understand right, they keep the market-droids in line, so that the product sold actually kinda meets the customers needs, rather than just causing the largest windfall for the sales team.
Thus, while a sales engineer will work in the sales department, and closely with the sales-people, they are at least partially a techie.
Well, it sounds like we may be getting through to them -- consumers who understand the issues won't stand for it. Why would anyone want "features" that reduce the usefulness of a computer by giving more control to bit content-owning corporations? Send your comments to marketing@ami.com (address on the initial press release web page). Here are mine:
... or by the horde of angry Slashdot readers telling us they would never buy an AMI product because we were forcing standards on them."
Just to clarify my earlier comments: It is in fact TCPA, and not just Palladium, that upsets me. Computers are just fine as they are, and you and I both know that operating systems can already implement the kinds of features ("virus protection") that TCPA claims will benefit consumers. The only use of TCPA preventing a computer user from modifying his *own* system in order to bypass "digital rights management," the software that intends to make it impossible for consumers to exercise their fair use privileges and other freedoms that we currently enjoy. I do not want to be enslaved by content owners!
Therefore, I will always buy from the last manufacturer to sell general-purpose, non-TCP-enabled computers, and I think any consumer who understands the issues will, too. I really hope this turns out to be the marketing disaster that it deserves to be.
Spinmeister Brian Richardson wrote:
"I am a bit concerned that the information you provided misled your readers into thinking AMI was promoting Palladium or taking some sort of anti-open-source stance. This might be due to the fact that TCPA was mistakenly equated to Palladium, or questioning how Linux would run on a TCPA-enabled system
"I am a bit concerned that the information you provided misled your readers...This might be due to the fact that TCPA was mistakenly equated to Palladium"
Then perhaps I am misled. I was under the impression TCPA and Palladium go hand-in-hand. What features does TCPA provide without Palladium or Palladium-like software? If its function is to merely check the authenticity of any arbitrary OS that I choose to install, of what use is that since I am the one to install it?
Can we still run Linux on a "Palladium" machine without using the "security enhancements" (read shock control belt) of the "Trusted system" (read RIAA/MPAA's trusted system)?
Makes me wonder if all this security stuff actually gets installed and makes everyones computing experience miserable, will there be an initiative to build a sort of "Open Source" hardware community? A resurgence of the homebrew computer clubs of the 80s.
Communities of computer gurus buying (and occasionaly making their own) components to design and distribute computers and OSes to their own liking, circumventing "3rd party" manufacturers who support TCPA, DRM, & Palladium.
I'd buy one. An Open Source computer would be great.
I just received notice that my above comment was moderated down 72 hours after it was posted. Aren't there better things to use mod points on?
Comment removed based on user account deletion
Everyone seems to assume that TCPA/Palladium will become commonplace, and that in that world all consumer/user rights will be lost. That's a really big assumption.
What makes any of these hardware makers (or even Microsoft) think that these egregious violations and restrictions on consumer/user rights will simply be happily adopted by the general public? Why do people on Slashdot assume this will be the case?
In general, the public is willing to accept getting reamed when they are deriving more benefit than pain from the experience. Such is the case with DVD movies -- customers get better quality picture and sound, more special features, longer-life media, etc, etc, which for most people outweighs the minor irritation of having region encodings or being forced to sit through the intro/preview/ad tracks.
But the whole Palladium and TCPA movement won't fly, in my estimation, because it holds absolutely zero appeal to any average person. The only people who derive any benefit from it at all are the hardware and software makers, not the consumers/users. When there's no benefit to be had, then it doesn't even matter if you stop offering current-generation technology completely and offer the public no new alternative but your DRM-managed crap -- people just won't buy it. They'll keep using what they've already got, because it already does what they want and even does it WITHOUT all the ridiculous restrictions.
In short, I think all this panic and paranoia is misplaced. The general public may be composed mostly of ignorant sheep, but when something bad enough is done on a large enough scale, people notice and they don't tolerate it, and it fails pretty darn quickly.
Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
Hi Brian,
...)
Thanks for volunteering to answer some questions.
I am not well versed in the specifics of TCPA and its Palladium implemetation, but I've seen some questions raised in this discussion and I want to focus things if I can, summarize the concerns I see that concern me.
BIOS Specific:
1. Will I be able to boot any OS on an TCPA-enable board if that OS is not cryptographically signed? If yes, I will have to disable TCPA support?
2. Will I be able to sign things that I trust? Personally, I think this may be absolutely necessary is signed code is necessary to do useful work.
3. Will I be able to disable TCPA support on the board?
Larger concerns, and where I'm coming from:
Most people agree that computers are pretty useless without being able to participate on a network. My concern is that I and applications that I write must be able to participate in the network community. I must be able to build, say, a custom OpenBSD kernel, write and run my own code, use a custom-compiled web-browser, and have my system interact with others (intelligent agents doing work in the background, do my banking in my web browser, mount a share from my wife's Windows PC,
I have seen these types of concerns raised here and many people are under the impression that the TCPA spec does not protect against these kind of restrictions. The related questions:
Are AMI and other BIOS implementers such as Phoenix, Award (do they still exist?) going to ensure that your technology will not be used to limit my ability to participate in the community?
Is AMI (or an alliance of the BIOS and mainboard manufacturer) interested in and able to take action and demand the spec be worded so that freedoms be protected forever? (we are a self-regulating industry, right?)
Thanks for your time. Best regards,
David M
Be smart and work to create. Don't ride on the backs of others.
For years, I've seen an option called "Spread Spectrum" in my BIOS. I've looked all over the web on documentation for what it did, but nothing told me. What the heck is it?