Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Trials TCPA Chip Under Linux

Posted by michael on from the trial-by-fire dept.

keihin writes "From IBM: IBM's Global Security Analysis Lab (GSAL) has done extensive analysis of the Trusted Computing Platform Alliance (TCPA) chip available on some IBM systems. We have the chip running under Linux, and have studied it extensively. In order to clarify a lot of misunderstanding about the chip, we are making available some helpful white papers and open source device drivers for Linux, so that interested people can test and use the chip in an open environment."

4 of 392 comments (clear)

  1. This is NOT about digital rights management by metamathica · · Score: 5, Informative

    Before people get too confused and start to complain (quite reasonably) about the RIAA, MPAA, etc: this chip is not designed to facilitate DRM. In their "why TCPA" article, they explain why it's not even particularly well suited for such systems.

    Rather, it's primarily about protecting a user's private keys and facilitating (through hardware acceleration) a serious increase in the use of encryption to promote security and privacy.

    1. Re:This is NOT about digital rights management by curious.corn · · Score: 5, Informative

      A HW accelerated encryption engine would give us snappy remote xsessions out of the box with ssh->ssl->kernel hw calls. I'd love this, imagine running fwbuilder on your remote fw from home. It's a must for teleworking.

      --
      Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
  2. Quick notes for spastic no-read replies: by moogla · · Score: 5, Informative

    1) IBM doesn't care about DRM. In fact, this chip is completely unsuitable for DRM (and the white paper author was kind enough to explain why... protects you from SOFTWARE attacks, not hardware.)

    2) The specs are open. There is a gratis GPLd demonstration driver/API for linux.

    3) (My impression) is that it helps solve certain security chicken and egg problemswhen you want to do things like mount an encrypted hard disk, but not want to store the decryption key in memory.

    4) Primary advertised use: for signing and verifying your OWN code, i.e. to protect yourself from root kits.

    --
    Black holes are where the Matrix raised SIGFPE
  3. Re:Passing the blame. by Billly+Gates · · Score: 5, Insightful
    Well the good news is that you can turn it off. The bad news is that the email from grandma may require palladium and not TCPA. TCPA is different then Palladium and has been in use since 99 on almost all IBM systems. Ask any ThinkPad owner. Also there are only 2 chips in the motherboard that make up the TCPA as well as a special bios.

    In palladium each component must be certified and it uses a trust relationship to prevent tampering. To me palladium sounds like a way for Microsoft to make sure you can not upgrade more then afew components at a time without paying the piper but who knows. It sounds more stict and anti-user. Also rumours have it that Bill Gates wants to use palladium as a way to stomp out piracy in asia and they also view OOS as the bigggest competitor since os/2. Scary.

    TCPA was formed to secure and enhance e-commerce as well as secure corporate desktops. In this day and age the security is greatly needed.

    If hollywood wines and complains and the hollings bill passes, I prefer TCPA anyday and its a more open and industry standard solution. Linux will be supported since any thid party can sign it and no company is the "official" gatekeeper. Think SSL. The gatekeeper argument is the scariest and as long as it stays open then its not a problem. IBM has invested billions in Linux and wants it to susceed.

    --
    http://saveie6.com/