Slashdot Mirror
Discuss BIOS and Palladium Issues With an AMIBIOS Rep
After this Slashdot discussion about the relationship between BIOS biggie American Megatrends Inc. (AMI) and Palladium appeared, we got an email from AMI sales engineer (and former Linux.com contributor) Brian Richardson, who wrote, "I am a bit concerned that the information you provided misled your readers into thinking AMI was promoting Palladium or taking some sort of anti-open-source stance. This might be due to the fact that TCPA was mistakenly equated to Palladium, or questioning how Linux would run on a TCPA-enabled system ... or by the horde of angry Slashdot readers telling us they would never buy an AMI product because we were forcing standards on them." Brian offered himself up as (his words) a "Slashdot interview victim" to clear things up.(Update by RM: And, says Brian, he's happy to answer other BIOS questions as well.) So ask, already, and let's get things cleared up. (Usual Slashdot interview rules.)
I understand that there should be no problems running Linux systems on these new bioses but can you promise that there will be no nasty wordings that are likely to frighten off users who are trying Linux for the first time?
Matt Thompson - Actuality - Insert product here.
What sort of future do you see for TCPA? Do you see it as inevitable, or is it just a fad thing that will pass?
Assuming it does catch on, what form do you see it taking? What we all fear (only signed apps will run, non-signed apps can't access system data/data from signed apps), or some lesser form?
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
Okay. So what precisely are the differences between Palladium and your product, and what assurance do we have that it will not act as crippling ware for open source and other similar free (as in free speech) software endevors? Any thoughts on backward compatibility modes?
"It is a greater offense to steal men's labor, than their clothes"
Perhaps you can clarify the differences between the two (TCPA & Palladium). After reading up on both of them, i still find that they seem to be pretty much the same, just marketed differently.
Don't waste time... procrastinate now!
Will it be possible to disable on future motherboards which will implement DRM techniques ?
Will OS manufacturers have to pay to get an "unlock code" that allows them to run their OS on the BIOS.
That would be terrible as it would kill many under funded open source OSes that aren't as big as the Linux big players.
Arc
I suppose that I like reading Slashdot interviews as much as the next person, but I must ask myself "Why?" Wouldn't it be simpler to just post corrections to what was he considers misleading and/or post AMI's offical stance on Palladium?
Is it (will it be) possible to use TCPA to effectively lock-out certain operating evironments from various services (software, media, etc) solely because the operating environment is not backed by a company, and has no mechanism for paying certification fees and licenses? Specifically, could TCPA be used against free OS's like Free/Open/netBSD and Linux to prevent those users from accessing the same content users of commercial OS's can?
I actually think this feature could be useful, if done "right". Along the lines of my idea of right... will I be able to, say, install my own set of public keys in the BIOS so that I can have a system that will only boot the software that I have signed?
As the title says:
Do you think Palladium is a good thing? Whether your answer is "yes" or "no", please explain.
Knowing that Palladium is a Microsoft Technology, do you think AMI is making a smart move by adopting it? Again, please explain your position.
Are you afraid that Microsoft may use its position to control, not just 90% of the software used on PC, but also the overall architecture of modern machines?
Many thanks in advance.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
I actually like the concept of trusted computing quite a bit. So long as the user selects which code will be trusted, it has great potential for good. My question is, from your position, do you foresee trusted computing being more like web-browser applet signing applied in hardware (where the user can add and remove trust for certain companies) or more like the media industries idea (where the OS/hardware manufacturers select which code is trusted under penalty of DMCA)?
Karma Clown
But does your company have any plans to implement a "security measure" similar to Palladium?
And what if Microsoft releases a software that needs it, won't AMI need to adopt it so it can run the "DRM features"?
How will Linux, or any other "non-trusted" software run on your hardware?
Buy a Nintendo DS Lite
Are you going to release the source? Will the BIOS be auditable? Will the BIOS code contain some sort of monitoring code? Will the BIOS contain spyware? All of these questions are important... and how will we be able to confirm your answers to them?
Can we really take the word of a conglomerate? Will you be able to ensure that what you are saying is accurate?
Modern conglomerates usually misrepresent their products if they think it will generate more customers. How can we be sure that you wouldn't be doing this to us?
Be truthful. Is there even the slightest chance that someone other than me will be able to say what will run (or more importtantly will NOT run) on a PC that contains this technology? I'm not talking about purchased software that locks me out directly in one way or another due to licensing issues. But can this technology be used to stop me from exercising fair use rights if I decide to get around those blocks in purchased software? Or will they hinder me from writing my own code to do what I want, or downloading and compiling/running someone elses code?
If ANY of these CAN be a side effect of this technology, it is bad. There are stumbling blocks, of course, but no one will have ultimate say over what does or does not run on my own computer.
.
Digital is, by definition, imperfect. Analog is the way to go.
Given the existence of The LinuxBIOS Project and the fact that the Linux kernel does not require a ROM-BIOS once the kernel is up and running, what will be AMI's position on refunds if a significant fraction of the Linux userbase starts installing LinuxBIOS and returning the BIOS chips. Will AMI make the refund, or will they give us the runaround that Microsoft and the hardware OEMs did on the question of Windows refunds?
utter rubbish
In answering this question, I would ask that our interview victim clarify whether there are any circumstances under which "alternative operating systems" would need to be cryptographically signed by an authority in order to boot, and if so, who is that authority?
As Ross Anderson pointed out last year,
Will TCPA compliant machines make it more difficult for a user to updgrade CPUs or change computers? Do you see users having to re-confirm their identity with external sources because the identity of their computer has changed? (I know this already happens, I just see it becoming more pervasive in the future and am afraid more software vendors will begin to license by specific computer).
I assume that data pathways with be signable or encripted in some way. What performance hit will the [operating system] take when using trusted system? e.g. How much extra data is added to form a signiture, what methods are used for signing. and how will this benifit the end-user.
thank God the internet isn't a human right.
Would AMI disclose that such pressures were being placed on them, or would this type of fact be kept hidden from consumer groups or individuals, etc. until it was too late for us to effectively respond?
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
Will AMI (and the TCPA) allow owners of these "trusted" computers to turn off or disable the features that are being discussed? Will we as users of our hardware be able to control what features are on and what features are not, or will these choices be up to Microsoft and its partners(TCPA)? How is AMI addressing these issues of choice and control?
So maybe you can set me straight: do you think your customers want TCPA? If so, why? Who are these customers? If this a case where customers are not the same as users?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Do you intend to require some sort of a per-operating system licensing fee to operating system companies, in order to profit on the inclusion of these "features"? E.g. Will Microsoft be giving you royalty payments for each machine that includes this AMI BIOS and gets their OS installed with these supported "features"? What position does this put your company into in terms of trying to also force open source OS companies (like RedHat) into paying these licenses?
Will you be able to tell the truth in your answers or will your answers have to be 'cleaned up' by the AMI PR dept first?
One of the operating systems I use is FreeBSD. Will that still be usable, or will it be forced to deal with substandard or non-existant drivers (think NVidia until recently). I also use QNX. Will that work? How about a new OS that will be created sometime in the future?
I can't say that I don't give a fuck. I've just run out of fuck to give.
... is, who is doing the "trusting"? In Microsoft's vision of it it certainly isn't the end user, it's them. Or other copyright owners.
TCPA is fundamentally a sound technological concept, but wide open for abuse. If it could be used for the user's benefit to prevent against viruses etc, then that's great.
What I'm saying is that the owner of the computer should be able to override the trust relationships - assert that the code is trusted (by them). The owner of the computer should have the ultimate veto. After all, it is theirs. Does AMI's plans for a TCPA implementation have this in mind?
How will I be affected by TCPA? I run several machines at home some running NetBSD, FreeBSD, Linux, and Windows. I generally build my machines, unless they are given to me by my employer (or its a laptop), and even then I reinstall the OS or install my own OS of choice. (Whatever I'm in the mood to run at time of install or what works). If I buy a new Motherboard from AMI with TCPA will I stil be able to do this? Will I have to do special tricks to get this done or will it be just like it is now?
Only 'flamers' flame!
So really what makes you think myself as a customer want's even anything close to that on one of my motherboards?. The possibility of future misuse is to great for me to even consider it. I can tell you as both a corporate and private customer that it is not wanted in any shape or form. The mere mention of supporting it frankly makes my skin crawl with disgust. If this is how you choose to release your products I choose not to participate with my dollars.
Got Code?
Can you address why you think it is that the open source community has taken Palladium as _such_ a scary proposition?
Then, building on the above answer, can you explain why the open source community has only yelled and screamed about how evil Palladium is, rather the doing what they preach others should do? (Which is, of course, create an open source, trusted architecture (i.e.: TCPA) which protects/promotes consumer rights over and above the rights of corporate media groups.)
Or (if the above is not possible) can you at least explain why building an open source TCPA structure is not possible?
No matter how many DRM technologies AMIBIOS does adopt, can you promise that AMIBIOS will continue to offer DRM-free BIOS products?
Why can't we have two versions of the BIOS?
K901 (Trusted Computing enabled)
K901B (Trusted Computing disabled)
And enable users to crossship the chips if they want a different version...
I want my rights back. I was actually using them when our government stole them after 9/11.
I think the idea that most of us our missing is this. Most PC users buy their computers from Dell, Gateway, or some other big vendor. These vendors will ultimately sell TCPA/Palladium enabled computers. So, the real question should be: In the future will those of us who build our own systems be able to escape the issue of having TCPA/Palladium on our systems courtesy of the big players?
Since a BIOS is only part of a motherboard: what steps will hardware vendors have to take, in order to incorporate your BIOS? Will they have to adhere to certain hardware design rules or controls in order to maintain the TCPA? Is there going to be a licensing procedure for hardware manufacturers?
...
As we all know, technology can be used for the purposes of both good and evil. Here are things that I consider good about where TCPA is going, along with the evil.
Good
Evil
There are many advantages for the hardware/software/content vendors if this is realized, but few of them seem consumer driven: the erosion of fair use, the control of speech, taking a cut of every e-commerce transation, eliminating standards and competition.
Undoubtedly, your shareholders will push you to cooperate with the software/content vendors because it means big money for them and anyone who plays ball, but for us, it means we lose a lot. PR will say that it stops pirates from raising music/movie prices, and that it means ISVs can produce software that can't be warezed, no more cheating in online games, no more child porn, ad infinitum, and it's all for our own good.
Unfortunately, the potential for abuse is extraordinary, and the last thing I want to see is more of my friends being locked up because they do something with their computers that some company doesn't agree with. And right now it looks like AMI wants just that to happen.
Yes, right now your BIOS may offer choice, but hardware vendors seem committed to building an infrastructure that one day can make it very easy to eliminate this choice.
Please explain why we do want TCPA, why we should support your company, and how we can be assured that our colleagues don't go to jail just for believing they still control systems they bought. Also, please explain why the system we have now is so inadequete.
Thank you.
If I understood the prior articles correctly, TCPA should provide a basic keystore, an authentication mechanism, and enough checking to insure that the boot sector is signed.
If I want to install a new boot sector, do I generate my own key, install that, and self-sign the boot code? Or do the LILO or GRUB teams have to get a key issued and then sign things themselves?
Who has ultimate control over the keys? CAN I install my own, or is it centralized somewhere? Who does TCPA *ultimately* trust? How can I be *certain* that it doesn't trust anyone I don't want it to? If I screw up and lose my key, how I recover access to the system?
I assume there must be some master, uneraseable keys in TCPA; I just can't imagine that you'd ship it without implicitly trusting Microsoft, and I distrust Microsoft very much. And if there are recovery keys in there, do I have to ship my machine away to some lab to replace a lost key, or can I do it myself? And if there IS a master, unerasable key available for recovery purposes, why can't virus writers just sign their code with that key instead?
Will you refuse to give M$ a key until their OS is trusted?
I want my rights back. I was actually using them when our government stole them after 9/11.
An open-source TCPA BIOS might go a long way to alleviating the fears of the open source community, since we could see exactly what it is you're forcing on us. And hey, no doubt you'd get a few bug-fixing patches in return for your efforts.
So, is an open-source BIOS a possibility? (TCPA or otherwise)
-- Bob
1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
http://www.freiburg.linux.de/OpenBIOS/
Here is s solution for those not wanting to give up theyre hardware control.
Brian,
P A-goodnbad.pdf
I sure would hate to be in your shoes right now. Putting yourself in front of a firing squad voluntarely takes guts.
I sent an e-mail to marketing complaining about AMI supporting TCPA, and got the standard reply in return. My answer is below, and I am still waiting for a reply.
Umbertina E. Vezzani wrote:
Hello Laars,
You can already find TCPA-enabled products on the market but they have a different BIOS.
I am perfectly aware of that, and that is why I don't buy IBM laptops any more.
The Security subsystem is intended for those users who want an extra security protection that is valid even outside the OS.
The motherboard and system manufacturers will specify their system features, so I believe you will certainly be able to choose the features you want. I really don't think you will buy a motherboard with a hidden feature or "fritz".
I am not afraid of hidden features. TCPA is merely the scaffolding which enables building "trusted applications"/"trusted clients". What I am afraid of, is how software vendors and the content industry will (ab)use TCPA.
As for the reference to "fritz" - I think Ross Anderson went a little bit over the top in his critisism of TCPA. A much better overview of some of the technical problems with TCPA can be found here (I fully endorse Mr. Arbaugh's suggestions):
http://www.cs.umd.edu/~waa/TCPA/TC
TCPA is meant to answer to a demand of security from users, not something else.
What demand exactly? TCPA doesn't solve any of the major security problems.
TCPA only answers the question "has the basic components of this system been changed?", and makes it possible for 3rd parties to verify the state ("trustworthiness") of a system.
The majority of security problems are on the OS or application level - macro/scripting vulnerabilities, virii, buffer overruns and similar. TCPA doesn't provide a solution for any of those. In fact, a software sandbox like Java or running certain applications in vmware virtual machines provides better protection against those real world problems.
What exactly is TCPA supposed to solve? Don't give me some marketing fluff about "enhancing security for the user". I want cold, clear, technical examples of real world security problems that TCPA is supposed to solve.
Also, which users are demanding TCPA? Users want protection against virii and similar, but TCPA doesn't solve those problems. Who are the end users that demand something like TCPA?
I also believe that, if there is a solid foundation to the concerns for privacy people is expecting, the TCPA itself will improve its specification to address those concerns.
So there is a real chance the next revision of the TCPA spec will include proper anonymous certificates a'la Chaum instead of the current "please trust the privacy CA" solution?
It must be noted that AMI has not announced support for Palladium. Palladium is an initiative by an OS entity that is slated for the future.
I know that. I also know that there is considerable disagreement going on between the Palladium and the TCPA proponents.
To be honest, TCPA is a better specification than Palladium. However, TCPA does provide the scaffolding required for building "trusted systems" - i.e., that a 3rd party can control what is happening on my computer. TCPA is a Pandora's box - if abused, it could have a devastating effect on both innovation, privacy and consumer rights.
Regarding the limitations of a system with TCPA I would offer the link below to the public specification for further information on compatibility with different OS's, and hardware. Based on that spec we can tell you that it does not limit the ability to run Linux (or any other open source solution).
How is that supposed to make me feel good? I know that it is possible to disable (most of) TCPA. I know that my computer will continue to work even if the TCPA subsystem tell other computers out there that my computer has zero "trustworthiness".
However, once digital commerce, streaming media and other online content start demanding TCPA enabled clients you are effectively a second rate citizen on the 'net and are locked out of a lot of content if TCPA is disabled on your computer.
So:
1) TCPA does not provide true anonymity (you have to trust the privacy CA).
2) The scaffolding provided by TCPA can be abused by those who want to disable the Turing completeness of computers and instead turn them into locked down interactive content delivery platforms.
3) The market effect will force people to use TCPA and TCPA enabled "trusted clients" even if they don't want to.
4) TCPA is advertised as a security solution, but does not solve most of the real world security problems.
With kind regards,
Lars Gaarden
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
Since microsoft is kind of vague on details about Palladium, I will hit you with a TCPA question. In the TCPA FAQ, it states that "Platform Owners" will decide which software runs on their platform. Who exactly is a "Platform Owner" and does microsoft have a simmilar "feature in palladium"
People who think they know everything really piss off those of us that actually do.
This is it, in the fewest words. Others have danced around the question, but IMHO this is really it.
I understand that if I want to play MPAA or RIAA content, I may need to have a DRM OS, probably Palladium, and it will need to be on a system with a TCPA BIOS.
But what if I want to just boot Linux (or trusty old Win98SE) to program or play games?
Will I be permitted to run an "untrusted" computer, or is it only a matter of time until the only new computer is a trusted computer that will only run a trusted OS?
The living have better things to do than to continue hating the dead.
Can you trust your computer?
. html). If only a
.
- By Richard Stallman -
Who should your computer take its orders from? Most people think their
computers should obey them, not obey someone else. With a plan they call
"trusted computing," large media corporations (including the movie
companies and record companies), together with computer companies such
as Microsoft and Intel, are planning to make your computer obey them
instead of you. Proprietary programs have included malicious features
before, but this plan would make it universal.
Proprietary software means, fundamentally, that you don't control
what it does; you can't study the source code, or change it. It's not
surprising that clever businessmen find ways to use their control to
put you at a disadvantage. Microsoft has done this several times: one
version of Windows was designed to report to Microsoft all the
software on your hard disk; a recent "security" upgrade in Windows
Media Player required users to agree to new restrictions. But
Microsoft is not alone: the KaZaa music-sharing software is designed
so that KaZaa's business partner can rent out the use of your
computer to their clients. These malicious features are often secret,
but even once you know about them it is hard to remove them, since
you don't have the source code.
In the past, these were isolated incidents. "Trusted computing" would
make it pervasive. "Treacherous computing" is a more appropriate
name, because the plan is designed to make sure your computer will
systematically disobey you. In fact, it is designed to stop your
computer from functioning as a general-purpose computer. Every
operation may require explicit permission.
The technical idea underlying treacherous computing is that the
computer includes a digital encryption and signature device, and the
keys are kept secret from you. (Microsoft's version of this is called
"palladium.") Proprietary programs will use this device to control
which other programs you can run, which documents or data you can
access, and what programs you can pass them to. These programs will
continually download new authorization rules through the Internet,
and impose those rules automatically on your work. If you don't allow
your computer to obtain the new rules periodically from the Internet,
some capabilities will automatically cease to function.
Of course, Hollywood and the record companies plan to use treacherous
computing for "DRM" (Digital Restrictions Management), so that
downloaded videos and music can be played only on one specified
computer. Sharing will be entirely impossible, at least using the
authorized files that you would get from those companies. You, the
public, ought to have both the freedom and the ability to share these
things. (I expect that someone will find a way to produce unencrypted
versions, and to upload and share them, so DRM will not entirely
succeed, but that is no excuse for the system.)
Making sharing impossible is bad enough, but it gets worse. There are
plans to use the same facility for email and documents -- resulting
in email that disappears in two weeks, or documents that can only be
read on the computers in one company.
Imagine if you get an email from your boss telling you to do
something that you think is risky; a month later, when it backfires,
you can't use the email to show that the decision was not yours.
"Getting it in writing" doesn't protect you when the order is written
in disappearing ink.
Imagine if you get an email from your boss stating a policy that is
illegal or morally outrageous, such as to shred your company's audit
documents, or to allow a dangerous threat to your country to move
forward unchecked. Today you can send this to a reporter and expose
the activity. With treacherous computing, the reporter won't be able
to read the document; her computer will refuse to obey her.
Treacherous computing becomes a paradise for corruption.
Word processors such as Microsoft Word could use treacherous
computing when they save your documents, to make sure no competing
word processors can read them. Today we must figure out the secrets
of Word format by laborious experiments in order to make free word
processors read Word documents. If Word encrypts documents using
treacherous computing when saving them, the free software community
won't have a chance of developing software to read them -- and if we
could, such programs might even be forbidden by the Digital
Millennium Copyright Act.
Programs that use treacherous computing will continually download new
authorization rules through the Internet, and impose those rules
automatically on your work. If Microsoft, or the U.S. government,
does not like what you said in a document you wrote, they could post
new instructions telling all computers to refuse to let anyone read
that document. Each computer would obey when it downloads the new
instructions. Your writing would be subject to 1984-style retroactive
erasure. You might be unable to read it yourself.
You might think you can find out what nasty things a treacherous
computing application does, study how painful they are, and decide
whether to accept them. It would be short-sighted and foolish to
accept, but the point is that the deal you think you are making won't
stand still. Once you come depend on using the program, you are
hooked and they know it; then they can change the deal. Some
applications will automatically download upgrades that will do
something different -- and they won't give you a choice about whether
to upgrade.
Today you can avoid being restricted by proprietary software by not
using it. If you run GNU/Linux or another free operating system, and
if you avoid installing proprietary applications on it, then you are
in charge of what your computer does. If a free program has a
malicious feature, other developers in the community will take it
out, and you can use the corrected version. You can also run free
application programs and tools on non-free operating systems; this
falls short of fully giving you freedom, but many users do it.
Treacherous computing puts the existence of free operating systems
and free applications at risk, because you may not be able to run
them at all. Some versions of treacherous computing would require the
operating system to be specifically authorized by a particular
company. Free operating systems could not be installed. Some versions
of treacherous computing would require every program to be
specifically authorized by the operating system developer. You could
not run free applications on such a system. If you did figure out
how, and told someone, that could be a crime.
There are proposals already for U.S. laws that would require all
computers to support treacherous computing, and to prohibit
connecting old computers to the Internet. The CBDTPA (we call it the
Consume But Don't Try Programming Act) is one of them. But even if
they don't legally force you to switch to treacherous computing, the
pressure to accept it may be enormous. Today people often use Word
format for communication, although this causes several sorts of
problems (see
http://www.gnu.org/philosophy/no-word-attachments
treacherous computing machine can read the latest Word documents,
many people will switch to it, if they view the situation only in
terms of individual action (take it or leave it). To oppose
treacherous computing, we must join together and confront the
situation as a collective choice.
For further information about treacherous computing, see
http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html
To block treacherous computing will require large numbers of citizens
to organize. We need your help! The Electronic Frontier Foundation
(www.eff.org) and Public Knowledge (www.publicknowledge.org) are
campaigning against treacherous computing, and so is the
FSF-sponsored Digital Speech Project (www.digitalspeech.org). Please
visit these Web sites so you can sign up to support their work.
You can also help by writing to the public affairs offices of Intel,
IBM, HP/Compaq, or anyone you have bought a computer from, explaining
that you don't want to be pressured to buy "trusted" computing
systems so you don't want them to produce any. This can bring
consumer power to bear. If you do this on your own, please send
copies of your letters to the organizations above.
Postscripts:
1. The GNU Project distributes the GNU Privacy Guard, a program that
implements public-key encryption and digital signatures, which you
can use to send secure and private email. It is useful to explore how
GPG differs from treacherous computing, and see what makes one
helpful and the other so dangerous.
When someone uses GPG to send you an encrypted document, and you use
GPG to decode it, the result is an unencrypted document that you can
read, forward, copy, and even re-encrypt to send it securely to
someone else. A treacherous computing application would let you read
the words on the screen, but would not let you produce an unencrypted
document that you could use in other ways. GPG, a free software
package, makes security features available to the users; they use it.
Treacherous computing is designed to impose restrictions on the
users; it uses them.
2. Microsoft presents Palladium as a security measure, and claims
that it will protect against viruses, but this claim is evidently
false. A presentation by Microsoft Research in October 2002 stated
that one of the specifications of Palladium is that existing
operating systems and applications will continue to run; therefore,
viruses will continue to be able to do all the things that they can
do today.
When Microsoft speaks of "security" in connection with Palladium,
they do not mean what we normally mean by that word: protecting your
machine from things you do not want. They mean protecting your copies
of data on your machine from access by you in ways others do not
want. A slide in the presentation listed several types of secrets
Palladium could be used to keep, including "third party secrets" and
"user secrets" -- but it put "user secrets" in quotation marks,
recognizing that this is not what Palladium is really designed for.
The presentation made frequent use of other terms that we frequently
associate with the context of security, such as "attack," "malicious
code," "spoofing," as well as "trusted." None of them means what it
normally means. "Attack" doesn't mean someone trying to hurt you, it
means you trying to copy music. "Malicious code" means code installed
by you to do what someone else doesn't want your machine to do.
"Spoofing" doesn't mean someone fooling you, it means you fooling
Palladium. And so on.
3. A previous statement by the Palladium developers stated the basic
premise that whoever developed or collected information should have
total control of how you use it. This would represent a revolutionary
overturn of past ideas of ethics and of the legal system, and create
an unprecedented system of control. The specific problems of these
systems are no accident; they result from the basic goal. It is the
goal we must reject.
Copyright 2002 Richard Stallman
Verbatim copying and distribution of this entire article is permitted
without royalty in any medium provided this notice is preserved.
1) What does it take (steps,costs including any IP licensing fees) to make OS Foo boot on a TCPA computer?
2) What does it take (steps, costs including licensing fees) to make application Bar run on Foo? On any other OS?
Ignoring rampant paranoia, these are the questions that will actually affect open source development. It comes down to how much will it cost for us to run our programs?
If I have been able to see further than others, it is because I bought a pair of binoculars.
I'm a hobbyist who builds his own computer, writes his own software, and (on rare occasions) will build hardware components (as in: with solder and chips). What assurance do I have that your "Trusted Computing" initiative won't interfere with my projects? Interference here is defined as reducing the operational capacities -- including networking features -- of the computer or reducing my ability to develop to my needs. In a way this is four separate questions: how software, Trusted vendor hardware, pre-Trust vendor hardware, and home-built hardware integrate into the "Trusted Computing" architecture.
Do you like Japanese imports?
I have been doing research on BIOS settings for many years, and I have found good articles on what the settings do, and how to tweak them for the best performance/stability mix. But, I would like to know if the BIOS manufacturer itself would be able to provide an in-depth manual of all the BIOS settings, and what exactly they do. All the manuals that come with motherboards are very short on explanations, and I would like to see someone within the company actually explain to us hardware enthusiasts the down 'n dirty, nitty gritty, dirt under the rug, needle in a haystack type of information that we could use to make our computers run the absolute best they can. Because, as we all know, optimizing software and firmware is a lot cheaper than upgrading parts.
-Jay
-- Liberalism is a mental disorder.
Second part, and less important, what is the story with firewire booting? How hard is it to graft additional boot code onto a BIOS and present a device as a reasonable boot device to the rest of the BIOS?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Comment removed based on user account deletion
The tcpa spec states that the TPM (Trusted Platform Module) contains hashing (SHA-1), random number generation (RNG) , asymmetric key generation (RSA), and asymmetric encryption/decryption (RSA). What advantages can open source projects such as openssh and openssl take by using the TPM implementation of these algorithims instead of normal software implementations? What potential uses can open source software get out of TCPA?
If applied across all executables and scripts.
Especially if it could be fine grained down to a per user basis. i.e. a system wide policy of who can run what.
Then you could have root to be only available in single user mode.
Stick that up your rootkit.
hmm it's starting to sound like plan9
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
As flash storage drops in price, especially wrt motherboard costs, and the way i see it, there isn't _that_ much more functionality to add to the BIOS, when will we see a nice bootloader being integrated in the BIOS (from the manufacturer), or why won't we see it?
.... who cares. it would at least be able to include a menu item for it, if it can't hold the 'windows kernel' (however big that is - haven't got a clue).
i'm talking about integrating the equivalent of grub in the BIOS, along with maybe 16MB of flash to hold a few kernels and ramdisks. You'd also (of course) include utilities for changing the menu, loading/deleting files to/from flash, for most OSes (as this would be relatively simple code: do a nice GUI for windows but a simple command-line utility could be written that easily recompiles in linux, *BSD (including OSX), etc. - we'll do the rest and slap a GUI to call the cmdline program).
I would LOVE that, and it really doesn't seem that hard - there are indeed a few projects doing it already, it should be quite cheap for you to do, so we'd see it in motherboards off-the-shelf...
I agree it might not be able to load windows, but
Why stop there? why is it that there still isn't a minimalist linux system with busybox in every modern BIOS, which would allow booting a diskless station into enough functionality to at least re-partition a hard drive? That's a whole single MB of flash!
my question really is: i would have expected that by now, why don't i see it?
(please, don't flame me with "it exists already" - i want to hear the manufacturer on this! most people would never dare re-flash their BIOS with something else - they barely have the courage to flash BIOS updates from the mfgr!)
A user's rights?
OR
A "content provider's" rights?
Please don't bother answering if you're going to waffle.
---
Information wants...you to shut your pie hole.
The TCPA standard talks a lot about the "Owner" of the system, and how the "Owner" can initialize a new system so that it will begin generating keys and such using a password set up during the "ownership" process (See Section 2.6 of the Standard). My question is: who would the "Owner" of a system normally be in plain english? The actual end-user (or their administrator)? Or would the TPM get "owned" by the hardware vendor (Dell, HP, etc.) Or the OS vendor? Or the motherboard manufacturer?
Second, will it be possible to completely reset the TPM to a non-owned state to allow used hardware to be sold "as new"? Or would the hardware refuse to allow a new owner?
...exactly why AMI's TCPA cannot be abused by corporations to harm/lock out Open source.
Please explain to us why AMI's TCPA is a good thing for Linux.
Say I'm an average user who knows what I'm doing on a computer. I've read enough to know that I don't like the idea of a company deciding what I can and can't do on my own system, whether it be Windows or Linux based. What specific benefits will your new BIOS give me without forcing me to do anything I don't want to that I can't get from a non Palladium-enabled/DRM capable computer?
Most importantly, will a system admin be able to sign code as trusted (whether his or another coder's) for all machines in his control? By extension, will an individual be able to do the same for machine(s) under their control? Or will only Verisign, Thawte, etc. be trusted?
Presumably, the TCPA-specific parts of your new AMIBIOS8 will be intellectual property that your company will guard closely, and if not, working around it to get a LinuxBIOS/OpenBIOS working will surely be a violation of the DMCA. So how will this affect the LinuxBIOS and OpenBIOS projects?
http://ward.vandewege.net/blog/
Lets say you work for microsoft and its your job to think of ways to abuse all this technology, both technologicly and legaly. Given that, what abuses do you see as possible?
I took a look at the TCPA and TPM faqs and from the looks of it, the trusted computing features can be turned off so it functions like my current system? Am I mistaken that Linux could run with out having to be signed? And Apps running under Linux could be programmed to use the TCPA certificate?