Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM On Trusted Computing, Linux

Posted by timothy on from the trust-us-it's-linux dept.

An anonymous reader writes "A number of IBM's computers have been available with an "embedded security subsystem (ESS)" for some time now. This site lists three research papers regarding the new TCPA (Trusted Computing Platform Initiative) security chip developed by IBM, including the full GPL-ed source code to a Linux driver for this chip. In particular, the 'Why TCPA?' paper claims that IBM's TCPA chip is in fact of extremely limited use for DRM, as it contains no tamper resistance; the chip is designed to fend off software attacks, not physical attacks. An interesting take from a company with very solid products."

10 of 36 comments (clear)

  1. Re:DRM == no sale. by ciaran_o_riordan · · Score: 4, Insightful

    Unfortunately, It's not that simple.

    There are two possibilities:

    M$ software will only run on Trusted Computers.
    RIAA music will only play on Trusted Computers.
    MPAA(?) movies will only play on Trusted Computers.
    M$ & Friends will pressure other software companies to require Trusted Computers, under the name of Security or Reliability or Legal-clarity.

    Option two is that non-Trusted computers could be made illegal, there is a draft of a proposal to make this law in USA. Will it happen? The RIAA, M$, and MPAA will claim it's necessary to prevent the growing "piracy" trend.

    If you do have the option of buying a general computer, you may find it's not much use. And if you put up with that, don't expect Joe Public to stand with you in solidarity, he'll be too busy bopping away to his new "enhanced" Hooty and the Blowfish CD.

    Ciaran O'Riordan

    --
    Expert in software patents or patent law? Contribute to the ESP wiki!
  2. Re:DRM == no sale. by brianjcain · · Score: 5, Interesting
    Apparently not...(Did you RTFA?) I had always been against TCPA, but here's an excerpt:
    What TCPA is Not Some of the papers critical of TCPA claim that TCPA is primarily intended to support Digital Rights Management (DRM), such as the copy protection of music or video data, on behalf of the content owners. They argue that TCPA would take away user rights on their own machines, preventing backup, time and space shifting of legally purchased content. Debating the merits of DRM is a complex, controversial topic, and won't be covered here. ... (Personally, I do not believe it is possible do provide effective copy protection at all, but that's another paper).

    The TCPA chip is not particularly suited to DRM. ...
    If you ask me, I would think Linux, et al could leverage whatever benefit provided by well-documented TCPA chips (if any), and ignore the others. You probably already didn't like Microsoft's software anyways, so why waste time worrying how they'll utilize TCPA?


    (Now gov't mandating of TCPA hw/sw is some seriously dangerous shit. Let's keep way away from there).
  3. Absolutely Terrific Articles by stanwirth · · Score: 3, Interesting

    These are absolutely terrific articles. Their distribution of an open source TCPA linux module satisfies a lot of concerns and questions many of us had about TCPA in a concrete and specific manner.

    One concern still exists: that DRM and Palladium will be used to create a "mainstream" set of M$ applications which give people the illusion of security, while concentrating most of the information and control in the hands of the few.

    The most important step people in the open source community can take next are to get a system with a TCPA chip and start developing drivers, firewall systems, proxies and applications that make good solid use of the technology: tsshd, tsquid, tsftp, thttpsd, tbsd, toggd, tnamed, texim, tkonq...

    1. Re:Absolutely Terrific Articles by Gerry+Gleason · · Score: 3, Interesting
      The most interesting part is that TCPA isn't designed for DRM, but isn't that what Palladium is based on? Of course, the DMCA makes it illegal to snoop your own machine ... So it will be easy enough to break any DRM keys and encryption, but it will be against the law. Hmmm, I wonder what people will do, I'll just keep using Linux.

      And yes, it will be important to use the TCPA hardware as intended to help with client security. Open/Free Source implementations of secure tools and protocols might even support profitable services based on quality reference implementations.

    2. Re:Absolutely Terrific Articles by OeLeWaPpErKe · · Score: 3, Insightful

      Which concerns would that be ?

      -> not being able to see what an application is doing
      -> not being able to access an application's datafiles
      -> not being able to see what information is sent out over the internet

      It doesn't eliminate any of these of course.

  4. In other words... by Eneff · · Score: 3, Informative

    Ignore any threat of the local attack, the remote attack is the important one.

    Watch out with that line of thinking... The ideal system has reasonable internal security as well. If a disgruntled employee can get access to these public/private key pairs, you're worse off than before, because you still maintain the illusion of security.

  5. Seems reasonable... by curious.corn · · Score: 3, Insightful

    ... let's just, for a moment, cast aside paranoid suspicion (and I'm a paranoid & suspicious chap!). IFF these papers are correct TCPA is an encrypted storage location with some extra logic. In this location the user can store ~/.ssh/*.key and make shure the application interacting with the logic isn't sniffing the un-encrypted stream to some remote location. This NEEDS to be embedded in the BIOS to prevent kernel backdooring and simply embeds chain of trust throughout the hardware. I'd like to see this chip bussed to a smartcard to authenticate private root keys to a hashed ssh-agent binary (whether roaming on different PCs or on my own WS...)
    I'm also shure that MediaPlayer 10 will be DRMd to the marrow but take note that in the past ridiculously encumbered online music services went titsup in no time while more reasonable services (Apple) seem to strke a balance.
    In the past ID tracking such as the PentiumIII ID were dealt with properly so I don't think abuses would be tolerated. People always enjoys the empowering thought of having the option to take a free ride and imposing a "police" computer would vastly outrage the consumer base.
    So long as the control on the hadware keys is left to the users I agree with this particular spin from IBM; it's just a secure smartcard system.
    It still CAN be extended to require encryption and trust all the way to the DVI interface but that I think would require a heck of a business infrastructure to implement, maintain and persuasion effort.
    And given IBM's perspective there's no interest in the user base to proceed in further HW lockdown... all WE would do is to sign on OUR terms a kernel build and that's it; once that's in place, the chip will process OUR keys in OUR best interest... and if some pigopolist wants force something down our throat their business model will fail (as it has repeatedly done).
    I'd go for it, just for the sake of my ssh/gpg keyring, and in the future credit card numbers... do you trust an ecommerce site asking to handle it for you?)

    --
    Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
  6. The big question by spitzak · · Score: 4, Interesting
    The paper seems to skip around the huge unanswered question:
    Is there a private key that third parties know that it is impossible for the owner of the computer to know?

    The paper makes it sound like all key pairs are either randomly generated or that the chip can be fed a public key. However it is a bit vague, and I suspect the answer is that there are also non-random pairs in there, where third parties know the private key but you don't. They skirt around this by saying "Bios startup is quite complex" but I think the real answer is that there unless hashes have matched up to a point these secret public keys are inaccessible.

    This system is absolutely useless for security as all exploits actually cause supposedly correct programs to follow the wrong instructions. This is like claiming current systems are secure because you cannot change the microcode and invent new machine instructions. It's purpose is so that it is impossible to get any kind of modified or different operating system in there, and still be able to run DRM programs, which could decode information using the secret key.

    The fact that IBM and everybody else has refused to answer this question (I think the answer here was skirted around with some bullshit about the "BIOS startup being quite complex") makes me think they are lying.

    The fact that having a high-speed encryption chip is quite useful is being used to hide the real purpose. Do you really think the same people who think Winmodems are a good idea are that interested in adding hardware just to speed up a function that can be done in software?

    They also make a point about the random key generation, which is interesting, because it keeps the private key completely in the hardware where no program can see it and thus be fooled to reveal it. However I am curious if this is actually a defense against any real exploits. I have not heard of exploits that involve revealing the private key of a previously-negotiated pair, most involve fooling the system into doing something unwanted through an already opened and legitimate channel, or fooling it into using another public key that the attacker already knows the private one for. Can any experts find any real exploits where a temporary and untransmitted private key was revealed? If not then I would also suspect this is a smoke-screen, attempting to turn the fact that the chip has secret keys into a benefit. I would also think that 99% of the benifit, if any, could be achieved by loading the chip with a random pair and then making sure the program has eradicated all knowledge of the pair. There have been expoits in weak random number generators, and in this case the random number generator is in hardware and no longer easily fixed.

    and even the fact that you can generate key pairs

    1. Re:The big question by jareds · · Score: 4, Interesting

      The paper seems to skip around the huge unanswered question: Is there a private key that third parties know that it is impossible for the owner of the computer to know?

      The second paper on the page answers that question in the affirmative (sort of). The private part of the endorsement key is stored on the chip, the manufacturer may record the public part. The paper states that IBM does not currently and has never recorded endorsement keys. (Note that technically the answer to your question is "no": there would be a private key that the user does not know, but no third party would know it either. You misunderstand public key cryptography. However, your general point is well-taken, because the endorsement key could be used to implement DRM, subject to the obvious caveat the author brings up, that it would be vulnerable to local hardware attacks.)

  7. Nope by DreadSpoon · · Score: 3, Informative

    I think there is a communication problem here. The article used "remote" to mean not-in-hardware; i.e., all software. It didn't mean just over the network.

    An employee can get to the keys, but only by hacking the hardware. A possibility (as clearly explained in the articles), but not likely. It's also questionable when getting these keys would _do_; they only seem useful for the single machine itself. And I'd presume a good admin would clear/reset any keys if the machine is transfered to another employee.