IBM Trials TCPA Chip Under Linux

keihin writes "From IBM: IBM's Global Security Analysis Lab (GSAL) has done extensive analysis of the Trusted Computing Platform Alliance (TCPA) chip available on some IBM systems. We have the chip running under Linux, and have studied it extensively. In order to clarify a lot of misunderstanding about the chip, we are making available some helpful white papers and open source device drivers for Linux, so that interested people can test and use the chip in an open environment."

just remember....

Real World TCPA != DRM

Microsoft's TCPA == DRM

Re:just remember....

[Waffle+Iron]

If the goal is protecting the integrity of processes, wasn't this what we were supposed to expect from any halfway-decent hardware and OS combination?

Indeed, the vast majority of exploits don't break the existing hardware or kernel security directly. They take over some other application via a hole in its internal logic, and then use its (possibly very high) privileges. This does not require breaking even the existing OS/CPU security model, much less some new layer.

Granted, TCPA and/or Palladium will support some kind of "tripwire on steroids" feature to scan all of your critical system files. I would imagine, however, that the bad guys would just shift strategy. Rather than overwriting the system files, they could stick to memory resident things. To cover reboots, they could just embed a macro somewhere in the user files that re-hacks the system the same way they got in the first time.

I much much rather have TCPA then pallidium

[Billly+Gates]

I view TCPA as more of a security enhancer then for drm. I trust IBM more then Microsoft to make sure Linux will run with it and it has alot of cool features.

I like the extra random number generator chip as well as the encyption chip. I can imagine it would help e-commerce greatly and can be used for programs that require random number generation. Also hardware does not need to be modified. Only the motherboard. Microsoft wants each component to trust each and have it encyrpt everything. Its scary because its so proprietary. In the Xbox even the intel pentiumIII chip encyrpts and decypts data. Infact it will not run any assembly code unsigned. Spooky.

I hope IBM horries up and convinces other OEM's to use TCPA before they decide on using pallidium. Also IBM has been selling TCPA systems for close to 2 years now. SO yes they are not a threat to freedom or a drm sollution backed by hollwood.

Re:I much much rather have TCPA then pallidium

[Arethan]

Hardware SSL encryption engines are already available as PCI expansion cards. They've been available for years. I'm not a buff on TCPA by any means, but TCPA really seems to look like just another integrated peripheral that is probably better off being an expansion card. (Kind of like integrated AGP video. Mmmmm....S3VirgE MX! lol)

Honestly, how many applications are going to use SSL encryption so often that the CPU is incapable of performing the additional grunt work? Even if every website on the Internet was SSL encrypted, your old 233Mhz Pentium still has a shitload of spare cycles to throw at en/decoding the data streams. The only systems that really benefit from the hardware encoder/decoder are secure webservers. The ability to offload that little bit of processing gives them the ability to handle a few more requests per second.

As for the secure storage of SSL keys. I can't wait until my mainboard dies, and I can't get my keys off the damn chip. I suppose you could buy another identical board and attempt to swap the chips, but I'll warn you right now that surface mount soldering by hand is an extreme bitch.

And it really isn't like you're going to get that much extra security out of the deal. So your keys aren't on the harddrive anymore. So now people can't get your keys by stealing your tape backups anymore. What happens when you have a fire? Hope you have a really good memory and a nice hex editor to retype the keys with. And what is to stop any processes at all from reading all the keys out and emailing them to a hotmail account? Only allow priviledged processes to access the chip? How do you define with process is priviledged?

Sorry, but I'll stick to the expansion cards. At least if something bad happens I can replace those relatively cheaply and easily.

what about the OS securing features

[samantha]

As far as I can tell, it wouldn't be difficult to build systems running say, Win XP, with the hashes marking the trusted OS keeping any other OS from being loaded and successfully booted on the machine. Of course this is more like with a Palladium based machine. But this spec also allows it from what I got out of the paper.

Also, regardless of the author's opinion, a chip that enables DRM even sub-optimally is not the friend of the people.

TCPA talk at Defcon X

[968134]

I'm not sure why there seems to be such a mixed reaction to this news. From the talk that Lucky Green gave at Defcon X this past summer, I saw nothing but heaping stacks of badness to come from the TCPA. To quote the talk description from the Defcon website:

"This tamper-resistant Trusted Platform Module (TPM) will enable operating system and application vendors to ensure that the owner of the motherboard will never again be able to copy data which the media corporations or members of the TCPA don't wish to see copied, or to utilize the TCPA's software applications without pay."

Sounds like DRM to me.

Re:This is NOT about digital rights management-II

"Rather, it's primarily about protecting a user's private keys and facilitating (through hardware acceleration) a serious increase in the use of encryption to promote security and privacy."

In other words. It's no different than buying an add-on board with a crypto processor. Has anyone found out how much this will all cost?

Hardware protection of private keys

[QuantumG]

I've always been amused at the claims of how hardware can solve security problems. The suggestion of how to protect authentication using TCPA and, indeed, all other "smartcard" based solutions, is to make sure the private key never leaves the hardware. The idea being that the attacker cannot access a server from any other machine than the one containing the hardware. This is clearly not the case. Suppose you use SSH to access your server at work and, for added protection, you use TCPA to keep your private key. An attacker hacks your client attempting to access to the server at work. All he/she has to do is use your hardware to access the server. At this point the attacker can bypass the authentication by:

1. Installing a new key;
   
2. Installing a back door; or just
   
3. Taking what they want
   

A proposed solution to this problem is to encode the private key with a passphrase. Unfortunately, almost all the systems that do this use software to read and check the passphrase, making it simple to intercept.

Smart Cards

Why cant we just use smart card technology instead? That way you get the benefits of TCPA without having to get a new PC, and its not perminant enough to make it work for DRM.

Re:This is NOT about digital rights management

[iabervon]

But it doesn't facilitate DRM at all; the private key never leaves the chip, and it isn't set until the user sets it. This makes it useless to anyone *except* the user; the MPAA doesn't have the key or even the chip. The user, at least, has the chip.

Public key cryptography works best if the user can apply the key, but cannot leak the key no matter what.

It would be rather different if the private key on the device was known to some content provider, but this setup couldn't be used for DRM even if you tried to. The closest thing would be a content provider giving you a file that only you could read; but you can still do whatever you want with it once you read it.

Re:Great news

[BeBoxer]

good to see IBM on-board. They've already written GPL drivers for Linux, and are showing massive support from the very beginning -- something you rarely see with *any* new specification or proposed standards. Any Linux user should be glad IBM is on-board as well.

Damn right. I assume you saw the articles earlier this week that IBM is claiming I think $1.5 billion in Linux based revenue, and HP is claiming $2.0 billion? Linux Brings In Big Bucks That kind of money can support some pretty serious development. It's not hard to imagine that Linux will end up with the premier set of software tools which does useful things with TCPA. Sure, maybe RedHat isn't bringing in the revenue they might like, but it sounds like free software as a whole is doing pretty damn well.

Re:This is NOT about digital rights management

Public key cryptography works best if the user can apply the key, but cannot leak the key no matter what

Works best for whom? What if I *want* to leak my key so I can deny having signed something? Nope, the Fritz chip won't let me. Another case of the computer playing cop.

The tactic

[jbolden]

All the hardware companies are pulling this tactic. "Oh we are just putting TCPA capabaility" its that evil Palladium/DRM that is going to be the problem. You heard the same thing from AMI. I think that does represent IBM's position.

1) Hardware companies "just provide" TCPA
2) OS companies "just provide" the capacity for trusted apps
3) Trusted ap makes "just provide" the ability for people to send you data securely
4) Digital content companies are just taking advantage of existing technology to prevent unauthorized redistribution
5) Fair usage doesn't exist anymore in practice

The fact that 1 enables 2 enables 3 enables 4 enables 5 is supposed to escape the public. So when we have a world were fair use has been completely repealed there isn't going to be anyone to blame.

Re:normal users of Linux?

[QuantumG]

Don't just shove TCPA in with Palladium. If you actually did some background reading you would understand the problems that TCPA is trying to solve. Alternatively, you could just listen to what rational people say and think. There are full specifications that tell you exactly what the chip does, go read em. Form your own opinion, and be reasonable.

I take offense to your statement that no-one should ever make hardware that targets the Linux market because the "majority of users don't need it".

Question

[PetWolverine]

Okay, so TCPA is not evil, as I had been led to believe. I have a nagging question about it, though, that I need answered before I consider it a Good Thing.

Let's say I'm sitting and twiddling my thumbs, or serving rather a lot of MP3's to the Internet at large, or something, and my computer crashes. Uh-oh, the hard drive can't be read. Looks like I need to boot from another drive to fix it. Trouble is, when I try to do so, TCPA interrupts and tells me I'm trying to boot from a different system, which isn't allowed. How do I repair my drive?

Of course, as a Mac user, I guess I don't have to worry about this much anyway (Apple still hasn't signed up for TCPA, right?). Besides, maybe in the Wintel/*nix-other-than-OS-X world I know so little about, there's a simple way to overcome this. But wouldn't a simple way to overcome it involve using software to make the switch? It's either that or jumpers on the motherboard, right? So the question stands.

Somebody fill the void in my brain! I long to know!

Re:Moronic knee-jerk reactions...

[geekoid]

"MS just joined an anti-DRM coalition!"

Only because the the way DRM is being pushed, puts them out of control. MS wants you to have a house full of computers, all of which are connected to them. It is part of the 1000 year vision.
In 95 or 96 Bill Gates was at a smartcard conference.
At that time he said he wanted a smart card reader in every computer, and for it to be verified by MS before allowing any purchases. The only problem was there was no was to verify what system is was coming from.
Sure, on paper, TCPA is a good thing, with many practical uses. However, look at how any industry that makes money doing something digital(whether it is CDs or OS) blames all there woes on piracy.
That is the leverage/excuse MS will use to "embrace and extend" the TCPA technology.
MS is not rolling over for hollywood, and nevcer will. What they will do is utilize Palladium, with TCPA, so they can charge the entertainment companies for a "verification" service. Of course any OS they can't "trust" will be excluded.
The question is, will the backlash be great enough for it to fail? If it was put into place right now, the backlash would be minimal, because the number of non MS desktops user is very small, and they don't make much money from those users anyways.

It is the mission of almost every corporation to make as much of a market as possible.

You should be ASHAMED for not learning from history, and not using you imagination on how this can be used against you.

TCPA is to DRM as Bullets are to a Gun, neccessary.

Re:This is NOT about digital rights management

Whenever anyone claims this always ask the following question: does the owner of the chip (i.e. the owner of the computer in which the chip resides) have full access to all keys embedded within the chip? If not, why not, if not to facilitate DRM?

Yes, it keeps the user from user from accessing the keys. Besides the user generated keypairs, each TCPA chip comes with an "endorsement" keypair, that is set by the vendor and cannot be read or changed by the user. This is the pair that will be used for DRM.

The author of the article, in true TCPA misinformation mode, tries to pretend like the "endorsement" keypair doesnt exist until pressed by Bill Arbaugh's comments.

Re:This is NOT about digital rights management

[Dunkirk]

But what if I want to take my personal private key to work so that I can decrypt messages sent to my home email address while I'm there? (Which I do now.)