Dartmouth Project Combines Linux With TCPA

SiliconEntity writes "A new project from Dartmouth College demonstrates significant advances in combining Linux with TCPA. The software turns a Linux PC into a 'virtual secure coprocessor', which is able to check that none of its software is compromised and even (in a future version) prove its integrity to a remote system. Full GPL source code is available for the 2.4 kernel. This work is separate from the earlier IBM research which also combined Linux with TCPA, with the new project apparently more complete and with a road map towards a very functional Linux based trusted computing system. This could be an important technology for Linux to challenge Microsoft as it pushes forward with NGSCB (aka Palladium)."

Re:Sweet

[MoonFog]

The TCPA is a comitee and is not something that belongs to Microsoft, although they are part of this comitee. IBM are also working on a TCPA technology. Palladium, or whatever it is called now, is perhaps the most "famous", but definately not the only one.

Not the right idea...

[hanssprudel]

We want to fight Palladium by fighting acceptance of the idea that the computer should control the user and how he can access the data on his own machine, NOT by developing something functionally equivalent that happens to run under Linux.

Building a DRM system of our own, even if it is open and standards based, just strengthens the paradigm that will leed to an Internet where no data can be accessed as plaintext, applications that are allowed read data have to be accepted and certified by the media industry, and computers exist no longer to enable, but to control, their users.

Please protest against Palladium, TCPA, and all the other DRM proposals by refusing to have anything to do with them: not by strengthening their hand.

(And before somebody replies that TCPA isn't about DRM: Bullshit! Look up what an "endorsement key" is in the TCPA vocabulary.)

Re:Not the right idea...

[amcguinn]

Unfortunately, this kind of thing is valuable in some specialised areas. For high security systems, you want to know that only certain approved code can run.

What we care about is the preservation of general-purpose computers controlled by the user. If we aim to ensure that all computers are controlled only by the user, we will fail, and fail badly, because having, say, a firewall that cannot run introduced code is something so useful that we will not be able to prevent it.

I have hope: firstly, the overhead of trying to deploy this over a large office PC system (the main buyer of general-purpose PCs), will be too high for the benefits.

Secondly, the value of a general-purpose computer that will easily run new software is so high even for the ordinary home user that they will not be entirely replaced by DRM-enabled home entertainment consoles.

It is possible (but unlikely) that this infrastructure will eventually reach the **AA goal of preventing copying of their products. I can live with that provided that our ability to write software for our own computers isn't collateral damage.

Re:Not the right idea...

[hanssprudel]

The specialized areas thing just doesn't hold up. I have yet to see a single example of this that couldn't be solved by current hardware. A lot of people talk about company employees: but few employees have root on their computers anyways, so what is the point with the TCPA chip?

I'm at work right now, and since my local workstation is a Sun Ray I don't even have physical access data in ways that the operating system and application will not allow me (since they all run on a server somewhere). Why would TCPA be necessary to control what I did with my employers documents, instead of just software?

Even IBM admits that TCPA chips can be circumvented by hardware hacks (expect modchips to start appearing), so it can not be used to secure valuable information. The only logical purpose for this technology is to use it on home users, where access to mod chips is limited by laws like the DMCA.

It is possible (but unlikely) that this infrastructure will eventually reach the **AA goal of preventing copying of their products. I can live with that provided that our ability to write software for our own computers isn't collateral damage.

It is not the ability to write our own software that we will be sacrificing, it is the ability to use that software to communicate with the world. Once the TCPA infrastructure is there, the temptation to use it will be to strong to resist:

- eBay will be able to lock out all but some verified list of applications from accessing auction data, so that application to raise bids at the last minute can't be used.

- Microsoft recently kicked off other application from their IM system for "security reasons". As it stands now, this can be hacked around, do you think they'll hestitate to use TCPA to make that impossible? You think AOL are any different.

- Websites will be able to lock out browsers that can block pop-up ads, or that allow cookies to be cleared, or that lie about themselves in the User-Agent string.

- Games will be able to lock out modified versions.

- Given the common confusion that TCPA is about "security", how long do think it will be until your bank starts requiring it?

I could go on and on. The acceptance of TCPA spells the end of the open Internet, and the beginning of a closed network, where all but a few applications are locked out.

I know what I'll do. Whatever it comes to, I will not have a part of this, and I will simply refuse to accept having a computer that is hostile toward me. The reason I argue this so vehemently is because I hope it won't be lonely out here...

Re:Not the right idea...

[amcguinn]

The specialized areas thing just doesn't hold up. I have yet to see a single example of this that couldn't be solved by current hardware. A lot of people talk about company employees: but few employees have root on their computers anyways, so what is the point with the TCPA chip?

I don't have root on my win2k PC right now, but I've got a tomsrtbt floppy in my jacket pocket which works just fine.

Now, if the company was prepared to make the large investment in setting up a full TCPA-style architecture to stop me doing that, it would be prepared to make the much smaller investment in ripping the floppy drive out of my PC. As I say, I don't think the ordinary office desktop is a useful area for this.

I think real uses for this are very rare, just as PCs which are configured by their adminstrators to really lock down what the users can do are currently very rare. But they exist.

I know what I'll do. Whatever it comes to, I will not have a part of this, and I will simply refuse to accept having a computer that is hostile toward me.

Me too. But I think most of the world will be with us, not because they agree with our principles, but because the immediate, practical benefits of being able to run any piece of software on their PC without it being approved by any third party are far too great to sacrifice for the miniscule benefits (in normal circumstances) of "Trusted Computing".

Re:Not the right idea...

[bruthasj]

Question: Do you currently protest GPG signatures and encryption algorithms? Where do you draw the line between what *you* want to encrypt/control and what *you* want *others* to encrypt/control? Or do you want to pull an RMS and have no passwords to protect your systems, no security to lock your documents that you created and no rights to control stuff that you created? Shouldn't we let people have the right to handle guns and the right to handle encryption/document rights/system verification in anyway shape or form they please? Whether that be individuals, groups, churches, cults, governments, corporations, criminals, gangs, ACLU, EPA, Green Peace or whoever else!

Everything has an avenue of abuse, but that does not mean scrapping the whole thing because it's got a hole for possible misuse. I mean, look at another case in point: P2P networks. Do we sue the thing out of existence? Or do we fix the violators? What are the definitions of violators?

It's all nice and rosy to flat out and protest something that's "unknown", but the fact is the technology is here and big players are pushing for its existence. Unbelievers in the technology will always be a small ragtag of protestors holding up placards in front of large corporation buildings towering the skies of Redmond, WA.

Don't get me wrong, I hate Windows and I'm a Linux zealot, but I just cannot take your protest position at this time. Sorry.

Re:Not the right idea...

[hanssprudel]

My point was exactly that a lot of people (including you apparently) would find these applications favorable. So once TCPA is in place, we can expect the Internet to begin moving toward a closed system where all these things are possible.

So what will this mean?

It will means that innovation will be strangled, that new program features will be decided by lawyers on a comittee. Remember the RIAA's stated model regarding P2P software: you cannot write it without our permission. Welcome to that world.

It means that the open source development model, which relies on the usability of thousands of versions of the same program will be destroyed. And since the people doing the signing will be the commercial software vendors it seems doubtful they would consider signing even a single version of an open source app for free.

It means that ability to communicate and publish data will be recentralized through the signature authorities. It means the ability to censor every copy of a piece of data with the press of a button. Think that wouldn't happen? Think again: once the courts find out is possible, they will start with something that nobody can defend, like a piece of child porn or particularly egregious slander. Before you know it, it will be leaked scientology papers, and then any criticism against them.

It means the end of anything close to balance regarding in copyright law. Copyright law will become redundant, because all data will be encrypted and completely at the mercy of the publisher. The goal of ending the public domain once and for all will be achieved.

It means that people who decide that they own their computers, and refuse to submit to their computers authority over them, will be locked out from the Internet, and successively from society.

Re:Not the right idea...

[hanssprudel]

Because the only purpose of DRM is the control the user. This is unethical in and of itself, regardless of it's purpose. A computer program is responsible for acting in the interest of it's user the same way a doctor is to a patient, or a lawyer is to his client. Machines should be subjects to people, not the other way around.

I have never argued for forcing anything on those who wish to close their data. They can do whatever they want. I argue two things (and only the first in this particular thread):

1) People should not use TCPA, they should not accept it's presense in their hardware or software, and unless they actually want a closed Internet they should not be developing for it (like the Dartmouth people).

2) Our governments should not be making laws that remove OUR RIGHTS to hack through these system on our own machines, or to make them mandatory.

The people who do wish a closed network can knock themselves out writing DRM systems as far as I am concerned. I will continue arguing as loudly as I can that people should not use them.

Re:Not the right idea...

I think you're absolutely right, but I also think the flip side of resisting DRM and similar junk is the failure of the commercial entities and government to perceive that what they are encountering is in fact resistance.

Take, as a very easy example, CD sales. The RIAA says they're down because of file-sharing. Media and government seems to believe this. But what percentage of the downward slide is due to people saying, I'm not gonna buy those things because of XYZ, I'm resisting? That percentage is neither being quanitified nor widely recognized.

There are countless examples. I haven't bought a DVD player, and have never bought a DVD, because I would miss being able to easily copy movies like I can do so easily now with my VCR. But do the companies realize that there are people out there like me refusing to buy their new garbage? Or even care?

Re:Not the right idea...

[riptalon]

a firewall that cannot run introduced code is something so useful that we will not be able to prevent it

This is true but you don't need TPCA to do this. Putting this functionality at the firmware level is sufficient to achieve what you suggest. In fact I would be suprized if it wasn't done already by specialized vendors. There is a difference between not trusting the computer user and the owner. An organisation can have firewalls with secure firmware such that no one can load any old software on to them without the right codes or keys (without pulling the battery on the CMOS, which is good enough, especially if you have a lock on the case). Putting the functionality in hardware is only useful for stopping the owner of the computer from using it anyway they want.

There is no valid security reason for TPCA. All security problems to do with stopping users from doing stuff the owner of the computer doesn't want done can be handled at the firmware and OS level. This sort of hardware solution is only necessary for DRM where even the owner of the computer isn't trusted. TPCA/Palladium is likely enough to spread through the installed base, leveraged by Microsoft's market share, without any help from the free software community. If it succeeds then free software is dead in the long term, so any cooperation with it is akin to attempted suicide.

Re:Not the right idea...

[Alsee]

[ Disclaimer, I'm one of the primary developers. ]

Excellent. First let me point out that I have read those white papers and I even had a breif E-mail exchange with the author. I have also read portions of the highly technical TCPA design specifications itself.

I would like to see you justify the TCPA design specification that the owner of the machine is forbidden to know his own encryption keys. Every single claimed benefitr in the Why_TCPA whitepaper can be acheived just as well by an identical system that DOES give owner of the machine access to his own encryption keys. The author of Why_TCPA did not dispute this.

Why_TCPA completely fails to justify the central TCPA design requirement.

I would like to see you justify the design specification of "non-migrable data". The TCPA specificly states that it MUST NOT be possible to move this data from one system to another even with the active cooperation of the the owner of the machine and the owner of the data. The only possible purpose for the this TCPA design specification is for the purpose of of securing the computer against the owner and for DRM.

The TCPA_Rebuttal fails because it does not address these valid criticisms of TCPA. The TCPA_Rebuttal directly dissmisses DRM arguments, yet DRM is the only possible basis for for the TCPA design specifications.

I suspect the author of these white papers was intentionally dishonest, though to give him the benefit of the doubt perhaps he simply never considered the possibility of a substantially identical system that did grant the owner access to his own keys. When I suggested this to him his ony response was to suggest that denying the owner access to the keys could secure a stolen lap-top against a thief by denying the thief access to the keys as well. This fails on two points:

Firstly he is contradicting himself - in the Rebuttal he claims that TCPA is not designed to be secure against physical access. If isn't supposed to be secure then his "theif" argument is disingenuous, the laptop would not be secure against the thief anyway. And if TCPA *is* supposed to be secure against a thief then he is invalidating his own evidence that TCPA is not designed for DRM.

Secondly it is pefectly posible to give the owner of the machine his encryption keys while still denying the keys to a theif.

At this point the author of the TCPA white papers did not respond. He did not dispute my criticisms of TCPA. He only offered a weak "anti-theft" argument.

It's like a gun, you can use it for good, or you can use it for evil.

The design specification is malicious. TCPA is designed to secure the machine against the owner. You can get all of the claimed benefits of TCPA and eliminate all of the valid objections to TCPA simply by giving the owner of the machine access to his own keys. They refuse to do so for "evil" reasons.

You can claim a cake can be used for good or for evil, the cake itself is evil so long as the baker REQUIRES that all cakes must contain a poison pill.

-

Re:Difference between Palladium and TCPA

[hanssprudel]

Not true at all. DRM and other user control systems only need to be closed when they are software based, because otherwise people can change the programs to remove the user hostile code.

The difference between Palladium and TCPA is really that while Palladium is a whole system for a building user hostile computers, TCPA is just an enabler.

What TCPA does is sign a hash of the OS that is loaded with an "endorsement key", embedded in the TCPA by the vendor and unaccessible to the user. Thus the TCPA chip is a able to do two things: it can verify to an outside source (that trusts the vendor) that the machine is a running a specific operating system (ie one that supports DRM and thus can be "trusted"), and it can encrypt data from one operating system so that another operating system cannot decrypt it.

TCPA provides everything that is needed at the hardware level to write any user hostile system on top of it, because the successive verification of signatures prevents any tampering with the code (even if the OS is open sourced). Palladium could be implemented with TCPA as it's only hardware aspect.

Thus, the argument that is sometimes seen here that TCPA would prevent the computer from booting Linux or any other operating system is false (incorrect scare tactics against these systems are unfortunate, they do more harm then good). What TCPA will do, is enable sites on the Internet to not allow you to read the data they give out, unless you are running an operating system that is user hostile and DRM friendly (and not in the "this site doesn't support mozilla" fashion, which can always be hacked around, but in a cryptologically safe fashion).

Re:Trustworthy computing

[hanssprudel]

It's not meant for you, none of this technology has anything to do with _your_ security. These products are intended to protect people from you, specifically, in this case, the movie industry who don't want you re-recording movies from the monitor cable.

Re:Palladium is actually about security

[amcguinn]

There are two reasons for wanting this in hardware, as opposed to just in the software:

1. To enforce rules that the user can't break ("hostile computing").
2. To prevent the boot loader from being corrupted by malware.

The second reason is a tiny capstone on a pyramid of security that most people haven't built to anywhere near the height where it would be useful. It can be practically disregarded.

All the other things you list can be done without hardware support, and the only catch is that the end user can choose to disable them. Even then, he might need to open up the box to do it. (password-protected BIOS, no booting except from hard disc: most PCs can do that.)

And you're wrong about worms. In most cases, as far as the OS is concerned, the worm isn't running. Some ordinary program (e.g. SQL Server in the case of the slammer worm) is running, but the worm, by feeding it bad data, has caused it to corrupt itself so that it has effectively become the worm. There is no "worm.exe" for a security processor to refuse to run.

Re:Palladium is actually about security

[Ed+Avis]

But if you don't want to run a particular program (such as a worm), don't run it. There is no need for all this signature stuff, except to prevent the user from running software of his own choosing.

If you did decide to run only code signed by a trusted key, the only reasonable system would be for the owner of the PC to posess that key. (This could be the company IT department, or the individual user for home systems.)

Re:Difference between Palladium and TCPA

[hanssprudel]

True .. but tell me:
1) Of what use is a Linux system, if no content can be decrypted on it?

Not much.

2) Will content-providers make content available to versions of Linux which can't be "trusted"?

Undoubtably not. But what format they release the data in is their concern.

It is important to remember that the only political issue here is fighting laws against compulsary DRM and laws against circumventing it where it exists. We should not fall into the whiner trap of trying to claim that we are somehow entitled to "content" in open formats. We are not.

The manner in which we should fight DRM is to explain to be people why they should not accept it. (And we need to start here on Slashdot - look at how many Slashdotters laud iTunes).

3) If you make a "trusted" version of Linux, will it then be modifiable by the user (say, a new kernel-patch)?

It will be modifiable of course, but then you are back to 1).

4) Of what use are Open Source advantages, if you cannot use them?

Not much.

5) Is this a threat to the Open Source development model?

Definitely.

Re:What about an emulator?

[hanssprudel]

Yes, but you need a root key that is signed by some authority (the kind of keys that are embedded in the chips).

If you can get ahold of one of these keys, then you can simulate running a "trusted" system and cheat the DRM. They won't be easy to get ahold of though. Modchips will probably prove a better avenue.

TCPA does have good uses

[Old+time+hacker]

The TPM is a hardware component that implements the security model. It so happens that this exists on a bunch of modern IBM laptops. It is disabled by default.

Background: The TPM contains a number of PCRs. These are (roughly) hashes of bits of code -- the BIOS, the bootloader, the kernel, etc. The TPM also contains a private/public key pair which is generated when you reinitialize the TPM (i.e. the private key is not known to anybody).

The TPM can be used to encrypt a blob of data using the private key. It can also mark the encrypted blob such that it will only decrypt it if (some set of) the PCRs have the *same* value.

What is this good for?

This means that you can tell if your kernel has been modified in a very secure way. If your application is stored encrypted on disk, then you can ask the TPM to decrypt it (probably you just ask it for the key). It will only perform this operation *if* the boot process was the same as when the application was setup.

It means that someone with a boot floppy cannot get to your data (different boot process). You could also arrange to have the data protected from single-user mode.

However, there is a downside -- upgrading the OS becomes really tricky!

Re:Tinfoil for the mad hatter

[Minna+Kirai]

Visited the NYT lately? How about LA Times? How about MIT Press? There are already hundreds, if not thousands of sites, locking their content away behind logins - they don't need DRM to do it.

You're avoiding the point. They already use logins today, and will in the future. But someday they can have these logins protected by DRM technology. They will get a minor economic advantage from this extra protection, but newspaper margins are slim, so they'll grab for it.

Then, it will be impossible to visit those sites with an untrusted OS. It will be impossible to build a PC, compile Linux, compile Mozilla, and use that to browse the web. The freedom of disorganized amateurs to create useful computer systems will be gone.

When free expression is no longer possible on US soil, US dollars will make sure there's a world of domains out there where speech remains free

That's a head-in-the-sand argument. "The government cannot now enforce a prohibition against a behavior. Therefore they will never be able to prohibit it."

Sorry, but in the face of ever-increasing computer power, that viewpoint just doesn't hold up. If you don't believe me, Lessig has published extensive documents describing exactly why.