Trusted Computing Rollout Hits the Desktop

Alsee writes "Previously appearing in a few rare laptops, ExtremeTech reports on the first major computer manufacturer making a full scale Trusted Computing rollout. Samsung will now install the Phoenix Core Managed Environment (cME) BIOS in every computer they make. Previous Slashdot reports on this BIOS include Phoenix Bios to Incorporate DRM and Microsoft Taking Over the BIOS."

this just in!

IBM has had thinkpads containing TCPA chips for years! On top of that, they provide a Linux driver for it on their website!

Re:this just in!

[Alsee]

TCPA Misinformation Rebuttal [and Why TCPA]

Propaganda. Refuting myths against TCPA does not counter the VALID complaints about TCPA.

The central design feature of Trusted Computing is that the the owner of the machine is FORBIDDEN to know his own keys. In particular he is forbidden to know his Private Endorsement Key and his Storage Root Key. These keys are sort of like your "passwords" to the system.

The author, David Safford, claims that the purpose of the system is to protect the owner's security and the owner data against outside attack and against viruses and trojans.

Now imagine two computers. One is a trusted Computer. You are forbidden to know your keys. The other computer is NOT a trusted computer. It has absolutely identical hardware and it has absolutely identical capabilities. The only difference is that you have a printed copy of your keys. The only difference is what you know.

There is no possible way the first machine could protect your security any better than the second machine could. There is no possible way you could be worse off simply because you know something.

The difference is that in the second case you actually own and can control your computer. With the Trusted Machine you don't know the keys, you don't know the "passwords". Because you don't have your keys then other bepole can hijack your computer as a weapon against you. Your own files can be encrypted such that YOU can't read them or change them. Your software can be locked such that you can't read or change it. And when some program or someone on the internet wants to snoop into your computer to make sure you're running the software THEY want you to run, you don't have the key make it work. If you're running a pop-up blocker and some website wants you to view thier ADs, the Trusted Computer will "snitch on you" about the pop-up blocker and the website will refuse to let you see the webpage. The Trusted Computer ensures that you will be LOCKED OUT. If you had your key then you could run the pop-up blocker and you'd be able to see the webpage you went to see.

The entire Why TCPA paper justifying Trusted Computing is a load of bull because EVERY justification for TCPA in that paper would work just as well if you knew your keys. There is NO justification for forbidding the ower to know his keys. The only reason to forbid the owner to know his keys is to deny him control over his own machine.

Now I'll address the deceptions in the TCPA Rebuttal.

The Rebutal claims that TCPA is not Palladium is not DRM. Well, OK... an automobile engine is not an automobile. TCPA is a component of Palladium, Microsoft's own website directly states the Palladium "Security Support Component" of Palladium will be a TPM, and TPM is just another name for the TCPA chip. Palladium without a TCPA chip is as functional as a car without an engine. And yeah, TCPA can be used without Palladium. You can use TCPA with a Trusted version of Linux, but that pretty much amounts to putting the automobile engine in a van. TCPA-Linux or TCPA-Mac would just be a differently-shaped clone of Palladium.

As for TCPA "not being DRM", I defy anyone to come up with any use for forbidding the owner of a machine to own his own keys that doesn't amount to some general form of DRM. "TCPA is't DRM", but it was specificly designed for that purpose. TCPA+software=DRM.

He says that the Trusted Computing website makes no mention of DRM. I do not dispute this. I have also read the TCPA technical specifications and they never mention DRM. Well DUH, people don't like DRM and that don't want people to KNOW that TCPA will cripple your computer with DRM. The fact that they never mention DRM just means that are being deceitful.

He also mentions that TCPA is ill suited for enforing DRM. This is a at best ignorance, and at worst a flat-out lie. There is a well known and well documented method to enforce DRM using a TCPA chip. The only "trick" to doing so is that the chip needs help from some

this is old news

[sulli]

my windows 98 laptop has a backup of windows on it. this is nothing new at all (except that it's in a "hidden" HD partition).

Re:What really worries me

[stratjakt]

I recall something about one of the Phoenix guys saying that the consumer was not their customer, the media companies were.

Uh, no.

He said that the motherboard manufacturers are their customers. Which is true. Have you ever called pheonix and ordered a BIOS?

He said nothing about your imagined conspiracy theory about the "media companies".

Oh, BTW, the FDIC mandated those thumbprints.

Re:What really worries me

[NinjaPablo]

You might want to take a look at the LinuxBIOS project if you're interested in an unrestricted alternative.

Don't worry , its only the BIOS

[Viol8]

Why this is going in the BIOS beats me since most modern OSs (certainly linux) and even windows use the bios as something to boorstrap their boot
loader whether it be LILO or NT loader. After that the bios is bumped out of memory and ignored. Windows may well use portions of this BIOS if it suits MS but linux and other
OSs can just happily ignore it and nothing will change. Or have I missed something?

Re:Don't worry , its only the BIOS

This is unfortunately, not altogether accurate. There is quite a bit of code in BIOS that is used only during POST, but there are pieces that are used during runtime by most modern OSes (Linux, Windows, etc.), like ACPI.

I'm soon to be a law-school student, but prior to that, I spent 7 years writing BIOS code. For all the arguments that BIOS needs to go away, or that BIOS is no longer relevant, every year it seems there are more and more functions dependant on BIOS.

DRM in BIOS is a first step. It cheap (because it's just software), but if MS/Phoenix/AMI can convince corporate customers to buy this stuff based on some FUD about security, expect to see embedded micros on your next-generation boards handling DRM. If that is successful, expect to see this kind of features in your AMD/Intel processor (locking blocks of memory from access other than by the trusted application, etc.). The end-goal here is to avoid future legislation like that Hollings bill by trying to stem the supposed IP-theft. Ideally, these people want to lock down PCs to where protected content can't be copied (or sniffed from memory, etc.) The benefit for corporate customers is that documents can be created that will not be able to be opened on non-trusted (work) machines. No more corporate e-mail forwarding.

The corporate angle is the double-edged sword. I'm fine with theregister or theinquirer no longer posting corporate e-mail announcements. However, the fact that internal memos describing financial mismanagement, sexual harrassment, etc. can't be forwarded to an attorney/Law enforcement shouldn't be tolerated. Any use of these DRM techniques as a way to hide the papertrail of coporate deception/fraud is a bad thing. Bad enough to warrant not doing it, even at the expense of IP rights.

Those of you talking about this as trusted computing for IP owners, but not for end users, are absolutely right.

Re:Backing up the entire OS

[Xner]

What kernel are you using? Mine is about 1 meg compressed (bzImage).

Unless of course you are talkign about a minimal userland too (base.tgz in Debian land I think).

Re:Backing up the entire OS

[caino59]

HP has been shipping computers with complete restore info on the HD for about a 1 or 1 & 1/2 years now. If you want CDs, you have to request them on their site, by mail, or phone.

If the drive dies, they send you a new drive with all the OS info pre-loaded....the average user doesn't even realize that they are using space...

Re:Honest question

[Unknown+Kadath]

First, I think it's partly the fear of being poised at the top of a slippery slope. (Granted, the "slippery slope" argument is a logical fallacy--but debates are not won on logic alone.)

So it's completely peachy and great that there's a backup copy of your OS partitioned off on your drive, and tech support can just walk you through a reinstall unless you somehow managed to hose the partition.

Then, they start shipping computers that do an automatic OS reinstall when certain conditions are met. Maybe annoying for power users, but it will serve most people well.

Then a third-party vendor asks, "Hey, can we get in on this? Have our software phone home telling how the owner uses it. Then we can improve future versions." Annoying, but for a good cause, right?

Then the data this third-party is getting shows that people are jumping ship on their application for one that costs less, and they cripple cross-functionality...and keep sending updates to your computer even if you patch it back the way you want it to be. But you don't get to say anything, because you clicked Yes on the EULA.

Then, seeing the success, a bunch of other vendors jump on the "trusted" bandwagon, and suddenly your computer is about as much yours as if it were part of a bot net. Incremental steps toward a worst-case DRM-everything, your-PC-is-controlled-by-vendors future is what the worry is about.

Is it a justified worry? Given the tendency of, well, humanity to take a mile when given an inch, and the disturbingly long and broad reach of corporations, I'd say yes.

Second, I think the furor over trusted computing is a matter of principle. Allowing control of one's computer to be placed in the hands of one or many corporations, or the government, is something many people, me included, find abhorrent. It's a thread of libertarianism (little "l," moderators, not the political party) that, as far as I can tell, runs through a great many of the more common Slashdot opinions. ...which is not precisely an answer to the question you asked, but does explain why the question you asked is not precisely the right one. ;)

-Carolyn

Re:Honest question

[plcurechax]

For a slightly doom-spelling (unforunately Ross tends to be right far too often) check Cambridge University professor Ross Anderson's Trusted Computing FAQ. There is also his Cryptography and Competition Policy - Issues with `Trusted Computing' paper as well.

You can also look at documents at Trusted Computing Platform Alliance, and I recommend reading The TCPA; What's wrong; What's right and what to do about by William A. Arbaugh

Re:Hmmmm...I wonder...

[Carrot007]

like http://www.linuxbios.org/ maybe?

Re:Honest question

[Alsee]

I submitted the article.

I've a programmer and I've been reading the techincal specifications on the system. I'm pretty much an expert on it. I will keep this post as non-technical as I can.

Trusted Computing pertty much does two things. Number one, it keeps some keys hidden inside a special chip. These keys are sort of a cross between a unique seirial number to identify your computer and a password to lock files. The nasty part is that it secures the computer AGAINST the owner. It locks your data such that YOU can't get at it, except in the approved manner. Number two, it allows other people to "look" inside your computer to see EXACTLY what programs are running - it snitches on the owner.

If you don't like something about how your computer works and you try to change anything, your files go dead and unusable. If you try to change anything then whenever you connect to a website or any other machine, and that machine asks to "look" inside, then your computer will report that the owner has made an "unauthorized modification" and the other computer will refuse your connection.

To put it in more concrete terms, say you go to a website. Say the website has ADs. As soon as you try to connect the website will ask to peek inside your machine. If is sees that you have pop-ups blocked it will refuse to you see the webpage. It will be impossible to see the website unless you "voluntarily" view their ADs, and do so in exactly the manner they want.

If you go to another website it can refuse to show the webpage unless you install their spyware. If you refuse the spyware it is impossible to see the webpage.

Microsoft is advertizing new DRM e-mail. If you you don't have a Trusted machine, or if your machine is non-compliant then it is impossible to see the e-mail. If your machine is compliant then you can see the e-mail, but your computer will be physically incapable of printing out that e-mail or saving it or forwarding it, and your computer will enforce it's deletion after a certain date. Some companies (like Microsoft) will love this feature because it means that old incriminating e-mails vanish and can't embarassingly pop-up in court later.

Cisco has announced a new router. It is supposedly an "anti-virus" system, and even the Slashdot story on it reported "Cisco to block viruses at the router". Actually it does not block viruses. What is actually does is look inside your computer to verify that you are running specific approved software. The *advertized* purpose is to check that you are running approved and up-to-date anti-virus software and firewall. It then locks out any potentialy "vulnerable machines" becuase they are a "threat" becuase they "might get infected". If your ISP isntalls one of these machines then you will be denied any internet access at all unless your machine is "compliant". It you aren't running Trusted Computing then they can't verify compliance and you are denied acces. If you aren't running EXACTLY the software they require, or of you alter it in any way, then you are denied internet access. And they can require you to run anything they like, not just security software. Tehy can require you to run software that forces your computer to throttle your own internet connection speed. They can force you to run software that displays ADs. They can force you to run software that tracks everything you do to collect marketing data.

The President's Cybersecurity advisor spoke at a computer conference where he called on ALL broadband providers to install such routers and to REFUSE access to anyone not running a Trusted Computing compliant system.

Pretty much all software will require "Product Activation". It will be impossible to even install the software without submitting to any activation procedure they dream up. If you try to alter the installed program in any way then your data will be locked and unusable, and the software won't run at all.

It will be impossible for people to make interoperable software. And "secure" data saved by on

Trusted Computing is NOT DRM

[KidSock]

As usual there are many comments about how Microsoft is taking over your bios. Just because your laptop has a security device in it (my thinkpad does) doesn't mean Microsoft is going to gain control over your machine. People frequently speak about TCPA and DRM as if they refer to the same thing because TPCA is prerequisite for DRM. That is NOT true.

TPCA just means the motherboard has some hardware for generating and possibly storing cryptographic keys. There might also be some secure memory and other things that assist with performing security critical computing on a PC without someone deciphering the keys or reading private data or media directly from memory. It is a feature that should probably be considerd good particularly for people who wish to use such a computer for monitary transactions or other highly secure communications.

Digital Rights Management has to do with delivering media to a PC in a way that restricts the user from decoding and copying it as it is displayed on the target output device. TCPA would be necessary to do this but that is incedental (but not coincidental).

People think TCPA and DRM equates to the consumer loosing control of their computers. In some cases this will be true. Your employer could lock down your workstation tight as drum so you can't install that scewball program. But the TCPA hardware is just another couple of chips on the board. How keys are managed and how the secure memory is accessed is understood. I believe there's a GPL driver for the security chip in my Thinkpad T30. As for DRM, well ... too bad. You won't be able to rip that DVD or burn or fry or copy whatever. Last I heard it *was* illegal. Get out and play frisbee instead. Write your own music. Build a toy car with your kid.

Re:Honest question

[bhtooefr]

FUD, FUD, FUD. I disagree with TCPA, NGSCB, and DRM, but what you said about TCPA not allowing "untrusted" apps to run isn't true. It'll definitely allow untrusted apps to run (not talking about OSes) - it'll just not allow said untrusted apps to access data (unless a hole is found in the TCPA system).

Re:Backing up the entire OS

[sumdumass]

One thing that is commonly over looked in cases were hp ships the OS like this is the fact that they provide a way to burn an actual cd from thier restore files. So in addition to the other choices, you can make your own cd.

http://h20015.www2.hp.com/hub_search/document.jh tm l?lc=en&docName=bph08097

I also am thinking that it is part of the microsoft license that mandates there be a way to make a restore cd to physical media too (if they don't ship the actual cd. In the past they were allowed to do it but needed to actually have the restore cd in the box when shiped). I can't find the documents i once read saying the same or i would post a link.

Microsoft also has a way you can use these restore cd's if you have done a upgrade to service pack 1. it is called slipstreaming. This entails making a new set of install media that contains the software upgrade you have already done. stuff like the latest security updates and service packs can be installed at the same time the os is reinstalled reducing the need to go online and download so much stuff. Slipstreaming also lets you include driversupport for your latest hardware that wasn't supported by windows when you installed it.

http://www.microsoft.com/windows2000/techinfo/re sk it/en-us/default.asp?url=/windows2000/techinfo/res kit/en-us/prork/prbd_std_tgzp.asp
This link describes the process for windows 2000 but it should work on all win2000 and up operating systems including xp and the server versions.

Although this does create an easy way to get the media in front of you, most people arent even aware of it. Also if the OS can't see the hidden partition, i'm not sure anythinh like this would even work. It might even violate the microsoft license/contrac that says they need to provide the cd's or a way to make them. I'm not too sure because a quick google search isn't producing the documents i once read. Instead it is producing a bunch of links to people that got screwed by this practice when the drive failed.

I got burnt years ago on my Packard Bell 486sx that had a little popup saying use diskimage to make the win3.11 backup floppies when i loged in for the first time. then it crash somwere between the time i left to by a box of floppies and when i got back and had to wait 3 weeks for packardbell to ship my os and come fix the computer. That whole system was a bad experience. and i feel for these other people that have that problem. i even read in the microsoft news groups that say they have to buy a complete new os when something like this happens.

Re:DON'T BUY IT!

[Zork+the+Almighty]

Linux doesn't mitigate anything, since the BIOS verifies the operating system binaries, and the operating system verifies application binaries. Good luck recompiling anything, let alone modifying the source code.

Re:DON'T BUY IT!

[Hobbex]

My god did you fall for their lines completely. You bet they have a Linux running on it, if you want, they will even tell you have they have an open source implementation of all the drivers. "It's open source so it has to be good."

But you are missing the point 100%. Why do DRM systems have to be based on closed systems like Windows? Why can they not be open source? Because they have to act against the user, and if they were open, the user to could modify them to act in his interest instead. But the whole point with TCPA is to sidestep this: because the part of the process that acts against the users interest is embedded in the chip, whether you can modify or see the software or not doesn't matter in the slightest.

Re:DON'T BUY IT!

[Minna+Kirai]

That kind of ignorance is seriously dangerous. Linus himself has explained this topic in detail.

How would they force you to use such a thing?

They (the Evil Giant Corporation) compile Linux for you, and send you the kernel image (either included with the computer, or downloaded as a later upgrade). They have computed a cryptographic signature for that kernel, and transmitted it to the DRM chip (which only they can control, not you).

That chip will only load a kernel if the signature matches- if the kernel is on a short list of approved kernels. The corporation can still give the Linux source code to their users (as required by GPL), but those users cannot then edit+recompile+run the kernel, because it'll be rejected by the DRM chip.

Therefore one of the major benefits of Free/OpenSource software has been killed by DRM (and the new federal laws that make DRM possible)

PS. That's only half of the way they "force you to use the thing". The other half is the propagation of trust from hardware to kernel to application, which should be obvious if you read the EFF pages.

4 normal things you cant do on a Toshiba laptop...

[JustNiz]

* Can't use all of the hardrive space you ordered/paid for because you HAVE to keep a recovery partition. (Jeez Toshiba, whats a 50 cent CD compared to your profits on a $1500 laptop and the goodwill of your victi.. err.. buyers?)

* Can't reinstall your laptop if/when your hard drive crashes because you've just lost your hidden install partition too. Does your laptop just become a very expensive doorstop?

*Can't re-partition your hard drive for fear of messing up the hidden install image partition.

* ever install or use the copy of Windows that YOU PAID FOR on any other computer.

Please people, vote with your money. Dont buy this Toshiba shit.

Re:That's the ticket

[metamatic]

OpenBIOS is a project to develop an open source implementation of the Open Firmware specification.

If you want to look at the OS X source code, you can get it from http://developer.apple.com/darwin/.

I'm not sure why the source to Apple's Open Firmware isn't available, but I imagine it's because they licensed it from one of the commercial Open Firmware vendors.

Re:Backing up the entire OS

[metamatic]

It's a long time since Windows systems regularly shipped with install CDs. If you're lucky you get a set of crappy "rescue" CDs which wipe the entire hard drive and replace it with the image the machine shipped with.

Technically accurate but misleading

[0x0d0a]

While TCPA does not imply DRM, it is closely tied to it.

* TCPA or a TCPA-like system is necessary to implement DRM.

* TCPA's primary current application is in implementing DRM. There have been a few alternate suggestions, such as perhaps ensuring that nobody has attached a monitoring device to your computer or installed similar software, such as Magic Lantern. However, for Joe Q. Public, TCPA's primary use is to implement DRM.

* TCPA adds to the cost of hardware. If you are buying TCPA-capable hardware, you are throwing money down the drain if you do not intend to use TCPA.

* TCPA significantly increases complexity. Complexity is a major factor in determining reliability. I feel that PCI, AGP, ATA, USB, Firewire devices (and the BIOS) should be as a reliable as possible -- frankly, people have enough problems with flakiness as it is. It's not as if you need to have a burning desire to pirate movies to want to avoid TCPA.

It is a feature that should probably be considerd good particularly for people who wish to use such a computer for monitary transactions or other highly secure communications.

This statement of yours, while true in theory, is misleading, and I can't help but shake the suspicion that you intended it to be misleading. TCPA allows computer components to authenticate to each other. For all intents and purposes, the only attacks this avoids are local, physical attacks on a computer. Furthermore, short of a user using a smartcard or carrying some other kind of cryptographic security device with him, TCPA provides zero security unless the initial system configuration is trusted. It doesn't do a thing to allow me to trust another person's computer or a mall kiosk. For any of this to be useful, a comprehensive and well-built supporting software system is required. That software infrastructure does not currently exist.

TCPA's primary benefit over other proposed DRM systems is that it may be disabled in the BIOS if so desired. At that point, it becomes little more than the MP3 player that's built into my own computer's BIOS -- another useless feature that I dumped money into that increases complexity and reduces reliability.

I believe there's a GPL driver for the security chip in my Thinkpad T30.

The GPL is almost irrelevant when it comes to TCPA systems. The entire point of the BIOS-level support (rather than just doing everything in software) is that it loads signed binaries, and you won't have a signing key. So you cannot make modifications -- perhaps some Linux distro vendor might be able to put out a signed kernel binary, but that's it.

As for DRM, well ... too bad. You won't be able to rip that DVD or burn or fry or copy whatever. Last I heard it *was* illegal. Get out and play frisbee instead. Write your own music. Build a toy car with your kid.

If TCPA lasts more than three months in the wild once people start using it for DRM, it will blow my mind. What the TCPA people are trying to do is *vastly* more complex and less feasible than what Microsoft's X-Box people are doing -- and the X-Box's DRM was broken multiple ways.

For starters, they are trying to make a huge array of hardware that has been designed by ordinary old hardware folks (*not* security people, and there is a *huge* freaking difference) work securely. Microsoft failed to do this perfectly -- they didn't encrypt some data that went over a bus, and incredibly minor error, and it came back to haunt them. And that was (a) a closed system -- all Microsoft has to do is stop making X-Boxes that are exploitable and (b) a system where a break only allows *bogus media to be played on that system*. Two *huge* impediments, either of which would kill TCPA as an effective DRM system.

First, the fact that TCPA is designed for use in an open system -- the PC architecture. It only takes one vendor of video cards to include a debugging feature on their card, or a diagnostic mode, or running so