Slashdot Mirror
Dartmouth Project Combines Linux With TCPA
SiliconEntity writes "A new project from Dartmouth College demonstrates significant advances in combining Linux with TCPA. The software turns a Linux PC into a 'virtual secure coprocessor', which is able to check that none of its software is compromised and even (in a future version) prove its integrity to a remote system. Full GPL source code is available for the 2.4 kernel.
This work is separate from the earlier IBM research which also combined Linux with TCPA, with the new project apparently more complete and with a road map towards a very functional Linux based trusted computing system. This could be an important technology for Linux to challenge Microsoft as it pushes forward with NGSCB (aka Palladium)."
correction... just managed to get into the site... it will require a "Trusted Computing Module" on the motherboard.
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
http://216.239.33.104/search?q=cache:nZrXhIU65ocJ: www.cs.dartmouth.edu/~sws/papers/msmw03.pdf:&hl=en &ie=UTF-8
The difference between Palladium and TCPA (Trusted Computing Platform Architecture) may be not obvious at the technological level but it is very simple - TCPA aims at integrity of kernel and system components - to assure you that your system can be trusted. It is easy to achieve with open software, because the system must defend itself from attacs from outside. Palladium, on the other hand, uses similar technology to make sure that the user does not do anything else than what is allowed by content owners. In that case software openness is impossible - otherwise you could do some harm to their system - attacking from inside...
So similar architecture from technical point of view - but different aims yield different results.
You can defy gravity... for a short time
main() as it will infringe on SCO copyrights
Luckily no important part of Linux uses that construct. It is mentioned a few times in the documentation and comments, but we can remove that without breaking anything. (Hint: Linux is a kernel, not a program.)
Do you care about the security of your wireless mouse?
Does it takes lots of efforts to be that stupid?
.c:int main(int argc,char **argv) :int main(int argc, char **argv) .c:int main(void) /dummy.c:int main(void) .c:int main(int argc, char **argv) :int main(int argc, char **argv)
$ find linux-2.6.0-test5 -name '*.c' | xargs grep '^int main('
linux-2.6.0-test5/drivers/scsi/aic7xxx/aic asm/aica sm.c:int main(int argc, char *argv[]);
linux-2.6.0-test5/drivers/atm/fore200e_ mkfirm.c:in t main(int argc, char** argv)
linux-2.6.0-test5/arch/i386/boot98/tools/bu ild.c:i nt main(int argc, char ** argv)
linux-2.6.0-test5/arch/i386/boot/tools/buil d.c:int main(int argc, char ** argv)
linux-2.6.0-test5/arch/sparc/boot/piggyback
linux-2.6.0-test5/arch/sparc/boot/btfixup prep.c:in t main(int argc,char **argv)
linux-2.6.0-test5/arch/sparc64/boot/piggy back.c:in t main(int argc,char **argv)
linux-2.6.0-test5/arch/um/kernel/skas/uti l/mk_ptre gs.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/sys-i386/util/m k_thread_ kern.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/sys-i386/util/m k_sc.c:in t main(int argc, char **argv)
linux-2.6.0-test5/arch/um/util/mk_constan ts_kern.c
linux-2.6.0-test5/arch/um/util/mk_task_ke rn.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/main.c:int main(int argc, char **argv, char **envp)
linux-2.6.0-test5/arch/mips/boot/elf2ecof f.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/cris/arch-v10/ker nel/asm-of fsets.c:int main(void)
linux-2.6.0-test5/arch/cris/arch-v10/b oot/tools/bu ild.c:int main(int argc, char ** argv)
linux-2.6.0-test5/arch/m68knommu/kernel/asm -offset s.c:int main(void)
linux-2.6.0-test5/arch/arm26/boot/comp ressed/misc. c:int main()
linux-2.6.0-test5/arch/arm26/kernel/asm-of fsets.c: int main(void)
linux-2.6.0-test5/arch/m68k/kernel/m68 k_defs.c:int main(void)
linux-2.6.0-test5/arch/m68k/tools/amig a/dmesg.c:in t main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/prep/dum my.c:int main(void)
linux-2.6.0-test5/arch/ppc/boot/openfi rmware/dummy
linux-2.6.0-test5/arch/ppc/boot/simple
linux-2.6.0-test5/arch/ppc/boot/utils/ addSystemMap
linux-2.6.0-test5/arch/ppc/boot/utils/add RamDisk.c
linux-2.6.0-test5/arch/ppc/boot/utils/mkb ugboot.c: int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/utils/mk prep.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/utils/mk tree.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/utils/ad dnote.c:in t main(int ac, char **av)
linux-2.6.0-test5/arch/ppc/boot/utils/mknot e.c:int main(void)
linux-2.6.0-test5/arch/ppc/kernel/find _name.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc64/kernel/asm-o ffsets.c: int main(void)
linux-2.6.0-test5/arch/ppc64/boot/pigg yback.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc64/boot/addSys temMap.c:i nt main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc64/boot/addRamD isk.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc64/boot/mknote. c:int main(void)
linux-2.6.0-test5/arch/arm/kernel/asm- offsets.c:in t main(void)
linux-2.6.0-test5/arch/arm/boot/compre ssed/misc.c: int main()
linux-2.6.0-test5/arch/parisc/kernel/asm-o ffsets.c
You cannot copy the keys inside TCPA hardware. I'll explain what this means (if you don't like reading about technicalities, just skip to the final paragraph)
Every time you buy a new PC with TCPA you will not be able to copy the old TCPA keys on your old PC to your new PC. This means you will completely lose access to your videos and your music which you legally purchased and used on your old PC. Effectively you have to buy another set of keys to regain access to your videos and your music collections.
TCPA and other DRM technologies are being pushed by the publishing industry and hardware manufacturers like IBM who want to sell more of their hardware equipped with DRM to make it attractive to commercial content locked-down publications.
TCPA means LOCK-down, LOCK-out, LOCK-up enabler. Avoid getting anything with TCPA.
Why oil price increase equals economic trouble (Score: Interesti
[ Disclaimer, I'm one of the primary developers. ]
That is blatantly not true. Whoever does the "Take Ownership" command of the TPM controls the master key. In the case of the Enforcer, the admin is the one that owns the TPM.
Omen
2. Has the kernel module loading facility been disabled?
No, but it verifies that any modules have also been signed before loading them. (Alternatively, the superuser could force an untrusted module to be loaded, but this will taint the whole kernel and it will lose the ability to open protected files until you reboot)
1. Its open source. You must (by requirements of the GPL) be given everything you need to compile a derivitive work of this.
The currently prevaling legal interpretation (shared by Linus Torvalds amoung others) is that the signing key cannot be construed as part of the source code. Source code is human-readable description of what software does. A key is just 1024 bits of random noise.
The argument is that the GPL requires people to give you the source code to a program; they don't have to buy you the hardware needed to run it.
Suppose you buy a Playstation5 from Sony and request the kernel code under GPL. If you compile the kernel without having the key, you've got a working kernel. The hardware you own won't load it, but that's not Sony's problem. If you sign a pile of NDAs and supply a check for $65000, Sony will rent you one of the same developer-class machines their own programmers use to write games. That system will load unsigned code, although you've sworn in blood not to abuse that great priviledge.
I would rather that this legal interpretation doesn't hold, as it perverts the intent of GNU "Free Software", but it hasn't been seriously challenged yet.