Slashdot Mirror
Dartmouth Project Combines Linux With TCPA
SiliconEntity writes "A new project from Dartmouth College demonstrates significant advances in combining Linux with TCPA. The software turns a Linux PC into a 'virtual secure coprocessor', which is able to check that none of its software is compromised and even (in a future version) prove its integrity to a remote system. Full GPL source code is available for the 2.4 kernel.
This work is separate from the earlier IBM research which also combined Linux with TCPA, with the new project apparently more complete and with a road map towards a very functional Linux based trusted computing system. This could be an important technology for Linux to challenge Microsoft as it pushes forward with NGSCB (aka Palladium)."
I think you'll find Linux will have it well before MSFT does... and it'll work... and it won't require special hardware either. And you'll be able to double check the source code instead of having to take it on trust...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
From the PDF :
The exact relation between TCPA and the former Palladium is not clear; one suspects that at some point in the TCPA design process, Microsoft decided to withdraw and build their own variant.
This probably means the two technologies will not be compatible with eachother, files created under one will not be able to be opened under the other.
The long term problem with IBM's model of the TCPA is exactly the same with that of clipper chip encryption, the owner of the PC does NOT control the attestation master keys. This leads to the same escrow agent model which is far to open to exploitation by The New American Corporate Soviet.
Like many things, TCPA is a neutral technology. If the TCPA just sits on the board unused, you'd never know it's there at all. With Palladium, your system will be actively user hostile and RIAA/MPAA/MS friendly.
TCPA in itself won't prevent booting Linux. The fear is that a BIOS could then be written that won't load an OS that isn't signed by Bill Gates. TCPA merely enables that non-functionality. In addition, it is entirely possible to have a CPU come up in crippled mode until it validates the BIOS against the TCPA so that an unsigned BIOS won't run either. That is the fear, a total lock-down.
On the other hand, if the user has the signing key (I say user, since in reality, whoever has the signing key is the owner), TCPA permits (but does not assure) user friendly, outsider hostile strong system security.
The problem is that we are all aware that certain corporations in the U.S. would happily torture all of their customers to death if it was shown that after all of the lawsuits are settled, they make an extra $0.10 over the next 5 years than they would otherwise. They will be more than happy to build a user hostile system and lease it to their customers if they can find a way to kill off the competition.
Even if the lease is called a sale, I maintain that it's in reality a lifetime lease since, as I said, whoever has the signing key is the real owner of the system.
One possible roadblock to that would be to get the above paragraph enshrined in law. Not only would that force vendors to be more honest in their sales of Palladium enabled systems, it would place a nice large tax burden on a corporate holder of the signing key since they would be forced to acknowledge that they actually own all that hardware out there. More likely, it would kill the whole thing since under that law, hardware vendors would have to treat the transaction as a gift to MS and themselves as a lease broker for MS.