Slashdot Mirror
IBM On Trusted Computing, Linux
An anonymous reader writes "A number of IBM's computers have been available with an "embedded security subsystem (ESS)" for some time now. This site lists three research papers regarding the new TCPA (Trusted Computing Platform Initiative) security chip developed by IBM, including the full GPL-ed source code to a Linux driver for this chip. In particular, the 'Why TCPA?' paper claims that IBM's TCPA chip is in fact of extremely limited use for DRM, as it contains no tamper resistance; the chip is designed to fend off software attacks, not physical attacks. An interesting take from a company with very solid products."
Ignore any threat of the local attack, the remote attack is the important one.
Watch out with that line of thinking... The ideal system has reasonable internal security as well. If a disgruntled employee can get access to these public/private key pairs, you're worse off than before, because you still maintain the illusion of security.
There ability to be attach locally is like cable modems firmware chips. Descused on CableModemHack.com (A website of tools to uncap your cable modem), an effort to replace the firmware locally is underway for a lot of models of cable modems. It seems that cable modems are wonderful against software attacks, but very open to hardware attacks.
Hardware attacks, I guess, are not a common senerio that hardware designers really think much about.
No.
I think there is a communication problem here. The article used "remote" to mean not-in-hardware; i.e., all software. It didn't mean just over the network.
An employee can get to the keys, but only by hacking the hardware. A possibility (as clearly explained in the articles), but not likely. It's also questionable when getting these keys would _do_; they only seem useful for the single machine itself. And I'd presume a good admin would clear/reset any keys if the machine is transfered to another employee.