Intel To Release Next-Gen BIOS Code Under CPL

An anonymous reader writes "Intel said today that it plans to release the 'Foundation code' of its next-generation firmware technology -- a successor to the PC BIOS -- under the Common Public License (CPL), an open source license, later this year. More than 20 years old, the BIOS (Basic Input-Output System) is the oldest software technology in PC platforms. Intel says its firmware Foundation code, a result of a project codenamed Tiano, 'provides that the successor to the BIOS will be based on up-to-date software technology.' The Foundation code is designed to be extended with new features and services, such as improved platform manageability, serviceability, and administrative interfaces which are too complex to implement in the old BIOS environment, according to Intel."

An ode to DRM FUD

[stecoop]

Will this end the fear of DRM'd BIOS? With the source available then any additions added to the bios can be reversed. I wonder if Intel is countering something in regards to statements made by Microsoft and Sun saying that hardware will be free?

Re:An ode to DRM FUD

[k4_pacific]

Chances are, flashing your PC with this BIOS instead of the MS approved DRM one will prevent your PC from sharing data with DRMed Windows PCs. So, DRMed if you do, DRMed if you don't...

Re:An ode to DRM FUD

Data sharing is important, and I understand your point completely. How then do we counter this? If nothing else, we're somehow assured (presumably) that we can at least run non-drm software. From there, it'll still be a matter of reverse-engineering any DRM scheme...kind of like a more extensive MS Word compatibility layer.

I do have confidence in the Open Source hacker army, though, and that if there's a way, they'll figure it out.

Re:An ode to DRM FUD

[Amiga+Lover]

Chances are, flashing your PC with this BIOS instead of the MS approved DRM one will prevent your PC from sharing data with DRMed Windows PCs. So, DRMed if you do, DRMed if you don't..

If it works that way it'll also prevent a DRMd PC from sharing data with those linux servers becoming all so common nowadays. Works both ways.

In the end all depends on who ends up worse off.

Re:An ode to DRM FUD

[Rick+Zeman]

Will this end the fear of DRM'd BIOS? With the source available then any additions added to the bios can be reversed. I wonder if Intel is countering something in regards to statements made by Microsoft and Sun saying that hardware will be free?

Err, that just meant that the end user wouldn't be paying directly for the hardware, just indirectly. Someone will still be writing a check to Intel for all of their components. I can't see how Intel would look on that other than favorably. That would actually mean that more hardware would get sold because boxes wouldn't be multi-purposed.

Re:An ode to DRM FUD

[cybersk4nk]

I'm really not that sure about that. If you want to make sure your iTunes, or other DRMed music downloads still work, granted, it might be a problem. But open formats are open and always will be. Swapping the OS or BIOS to a non drmed one will still let you transfer files in an open and free way. JPGs for instance, should still transfer between DRMed and non-DRMed PCs through FTP for example. I just don't see how a DRM bios could affect this functionality. TCP/IP itself is designed to be platform independant connections and transfers. I believed the MS/DRMed BIOS strategy is to encrypt the files at the filesystem layer. So if you can log on and get the unencrypted version of the file, you can transfer it to someone without a DRM machine and the DRM info will be stripped. If new file formats are created in the future with built in DRM, this might be an issue. But as readers know, even iTunes was crackable. Ever since commercial software came out, publishers have tried to prevent copying. It's never worked in 30 years and I predict it never will. Every commercial game ever realeased has been cracked. I'm willing to bet on it. Copying will continue forever, and if big co's implement the scary DRM schemes that everyone is talking about, I'm going to hand design my own PCs without DRM and become a billionare. I'm sure many ./ers and other would pay good money to have a properly designed system with modern components that is DRM free. Heck, I would rather use my current computers for 10 years than to succumb to newer, faster machines that are completely locked down. I really hope Intel gets it right this time when they update the BIOS. I hope they implement what sun machines and other workstations have had for years, like serial consoles, better universal, standard booting support from any device etc. Also, I really hope they dump the old crappy VGA text mode once and for all and make the computer boot in SVGA framebuffer by default.

Re:An ode to DRM FUD

[perlchild]

A "DRM-extreme" Bios could deny any transfer without an explicit authorisation, making the reading of a jpg file an illegal instruction. Granted TCPA isn't expected that bad, but nothingsays it can't be that bad either... In fact, many laws work in this exact way, and legal advice usually goes "If you're not explicitely sure you can, don't." That you have to justify your ownership of files to your computers when restoring a 3 year old backup of hundreds of thousands of files might become problematic.

Re:An ode to DRM FUD

[sadler121]

I'm sure many ./ers and other would pay good money to have a properly designed system with modern components that is DRM free.

Of course untill the **AA's use there bought congress critters to pass a law stating that anyone who uses a DRM free machine is violating the law.

Re:An ode to DRM FUD

[mrchaotica]

The general idea is that Microsoft wants to use it to prevent those Linux servers from becoming common.

In fact, that's why people are opposed to MS DRM in particular - they dislike losing their property rights, and especially dislike losing them in the name of corporate profit!

Re:An ode to DRM FUD

[Dan+Ost]

The general idea is that Microsoft wants to use it to prevent those Linux servers from becoming common.

Then their response has been too little too late, especially since Longhorn is
still several years away. The US is no longer the MS stronghold that it once
was and the rest of the world is chasing MS alternatives. MS has no choice but
to learn to co-exist with other platforms.

Re:An ode to DRM FUD

[claytongulick]

I wonder if DRM is such a bad thing. Color me naive, but I honestly believe that the end effect of this will be M$oft and Intel killing their own business and opening the door to /real/ competition.

Where a potential market exists, manufacturers and developers will follow. Consumers have dictated their terms already, in fact the wild popularity of such things as P2P, and file sharing etc... are proof of this concept. Who would have thought 10 years ago that the average teen would be intimately familiar with relatively advanced networking concepts, ports, firewalls etc...? The realm that used to belong solely to the socially challenged has become mainstream. Why? So that kids can share their music and files.

When faced with a choice of what new computer to buy, the consumer will opt for the more free, less restrictive one. You doubt? Consider this scenario: Mom and Dad take their 15yo to WalMart to buy a new computer. The 15yo, already knowing and hating DRM, says "I want that Lindows machine. It can do everything that Windows can, and its $200 cheaper." The teen meanwhile in the back of his head is thinking "No DRM, I can fileswap etc.. without any problems." The parents don't care, they just want something the kid can do his homework on and if its $200 cheaper, then that's even better. Now take this scenario and multiply by 30 million. The end result? Microsoft and DRM businesses are forced to either drop DRM or go out of business.

There are massive market forces emerging around music and content creation and sharing, and they will not tolerate restrictions on their freedom of expression. As always, the consumer will dictate the market, not the other way around.

Yes, the population can frequently be led around by the nose, but there is one thing throughout history that has always drawn consumers to protest, pushed emergency legislation, and even started wars: inconvenience. DRM will fail for that simple reason, the consumer /hates/ to be inconvenienced.

In the immortal words of the Dead Kennedys: Give Me Convenience or Give Me Death.

So I say, bring DRM on! Go for it! The consumer market will push such nonsense aside and it will quietly fade away, along with the business who have vested themselves in it.

The real threat is not DRM, it is corrupt legislation like the DMCA. That is where the true battleground is, and we are beginning to see the consumer (finally!) react, and political forces gathering to rationalize and neuter the DMCA.

Re:An ode to DRM FUD

[phasm42]

A "DRM-extreme" Bios could deny any transfer without an explicit authorisation, making the reading of a jpg file an illegal instruction.

Haven't heard of the "Read JPEG" instruction... what chip supports it and how many clock cycles does it take to execute? Must be killer.

Re:An ode to DRM FUD

[mrchaotica]

Well, that depends on how optimistic you are... I agree that MS doesn't have enough market share now, but I'm not so sure that it's too late for them to force DRM down our throats, Linux or not (especially if they can get the DMCA and the PATRIOT act to help them).

I hope I'm just being overly pessimistic.

CPL

[devinoni]

Seems the CPL is popular these days. Even Microsoft uses it for their opensource projects (WiX and WTL). Not to mention IBM who is the CPL author.

Re:CPL

[jonwil]

I suspect its popular because it has most of the good elements of other open source licences like GPL but at the same time it doesnt have all the "politics" associated with FSF.

Re:CPL

[Whyzzi]

Ok. So then, what is the big difference between the CPL and the BSD license?

Re:CPL

So then, what is the big difference between the CPL and the BSD license?

Copyleft, and a "we license our patents only if you don't sue us with yours" clause.

Re:CPL

[geminidomino]

From the license:
When the Program is made available in source code form:

a) it must be made available under this Agreement; and

b) a copy of this Agreement must be included with each copy of the Program.


And:


A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that:

a) it complies with the terms and conditions of this Agreement; and

b) its license agreement: ...

iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange.


Looks like it's just as viral as the GPL, just less frothing behind it. I could be reading it wrong, but it doesn't look like it is any less different from BSD License than the GPL is.

Re:CPL

no shit, that's the corporation public license...

Re:CPL

[HokieJP]

If I understand the license correctly, there is a key difference that you're missing:

In the first passage you cite, it need only be made available under the CPL if released in source code form. So, you could distribute binaries of the code under any license you want. The satement that the new license "complies with the terms and conditions of this Agreement" isn't the same as saying you have to release it under the same license. It just means you can't violate any of the conditions of that license (say, about warantees or whatever).

Re:CPL

[geminidomino]

But it also says in the second site that it HAS to be made available in source code form on request. How is that different than the GPL?

DRM

The Foundation code is designed to be extended with new features and services, such as improved platform manageability, serviceability, and administrative interfaces which are too complex to implement in the old BIOS environment

This technology is more commonly known as Digital Rights Management.

Re:DRM

[}}mons{{]

Well, it doesnt matter. It is just simply a matter of bypassing some logics on the DRM routine and voila! the machine would just authenticate itself as secure.

No problem there my boy...

So lets throw away our DRM fears for now. As long as we could see the code and reflash our BIOSes we can still use our machine any way we want.

Re:DRM

Dude- the whole point of the Microsof DRM routine as that the DRM "logics" are in the chipset, and therefore cannot be bypassed. You, on the other hand, are getting bypassed straight to my foes list. Retard.

The Microsoft implementation treats the BIOS as untrusted code anyway, and the DRM nexus runs independantly of the OS and other system code. Man, the more I read your post the more pissed I get. You are a freaking idiot.

Re:DRM

[MC_Cancer_Pants]

new features and services, such as improved platform manageability, serviceability, and administrative interfaces which are too complex to implement in the old BIOS environment

God forbid they leave me with one thing in my computer that I know won't crash. A bios is a bios because it's a basic I/O system, it does a simple task, it's done a damned good job for the last 20 years, why go around changing it? Good code has a simple and solid foundation, building from there--not a bunch of integrated and "optimized" complex subroutines without a fall-back.

Re:DRM

You obviously doesnt know the whole DRM infrastructure. The whole DRM nexus might run independently of the OS but how would you get the basic authentication data boyo prior to boot? It still is from the motherboard, and with that knowledge you could still trick the authenticating machine that it is secure.

It seems that you still lack information about this DRM stuff. Go read some more and don't lose your pants screaming. You coudn't even spell independent correctly :)

Re:DRM

God forbid they leave me with one thing in my computer that I know won't crash.

Damn right! However bios could be more flexible, but I don't want a tradeoff with reliablility or stability. I hope they can keep it truly open (for all the mobo / cpu manufacturers), stable and reliable.

Re:DRM

What the hell do you mean by "authenticating" your machine to be secure? You can't fake the authentication. Well, you could, but that would be retarded because it wouldn't do you any good- you just wouldn't be able to decrypt any of the protected data.

Microsoft has said that their goal is not to make their DRM hack proof, but instead it is to make it hack-once-hacked-everywhere proof. In other words, pasty geeks like you will still be able to hack the DRM using a soldering iron and your free time on weekend evenings, but you won't be able to just download a software hack. Thats the whole point of putting it in the hardware.

Re:DRM

[}}mons{{]

That's my whole point mister. If the BIOS is closed source it would be 10x more difficult to hack your way to authentication but with open source BIOS it is just a matter of simple soldering. As long as you have your soldering tools, no DRM stuff could stop you.

Hell, i have even tried authenticating banned cellphone units in GSM networks, i guess the process is just more or like the same... anyway, until i could lay my hands on a DRMed system, i couldn't be 100% sure.

Cheers!!!

Credibility for Intel

[SeanTobin]

Intel has been slowly losing credibility in my (and possibly others) eyes for some time now. Processor ID's sucked. However, they 'did the right thing' and got rid of them. Their implimentation of 64-bit computing sucked (or was ahead of its time) but they 'did the right thing' and swiped AMD's :). I used to be a Intel fanatic (yes, I owned several bunny people) and dismissed AMD's processors because of thier floating point performance. AMD wised up and finally gave chase to Intel on all performance matters to the point where I'm now running a AMD processor. I've always been concerened that Microsoft and Intel are a little too friendly, especially in regards to 64-bit windows versions and Microsoft/Intel's chip/release timing.

Anyway, the BIG concern for me on the horizon is the upcoming DRM-from-the-bios-to-the-speaker-cone mentality that some unnamed people are trying to push. If Intel wants to score major bonus points in my book, opening up the bios (or whatever they feel like calling it) could definately do it.

If I know that I can always depend on my computer to do what I tell it to and not what Intel/Microsoft/Belken tell it to do, I will go that route.

Also, to Intel... I'm buying a new server next month. I had decided on AMD. I'm now considering Intel as an option. Now everyone in the marketing department go tell the engineering department to go impliment this!

Re:Credibility for Intel

[ThisNukes4u]

Sorry, but right now Intel isn't a viable option for servers, at least multi-processor ones. The front side bus speed and it being shared kills the performance of the otherwise great Xeon. Opterons are at a decent price range now for 2-4 x42-x46, and they are great performers as well as being 64bit compatiable. Also, the Xeon platform is most likely going to be replaced by whatever Intel's answer to AMD64 is, so upgrading is not too good. On the other hand, the Opteron is here to stay.

Re:Credibility for Intel

I have a box full of Bunnypeople that, one summer, will end up strapped to my car's wheels. For how long, who knows...

I took a couple of them, did that, and after enough miles at high enough speeds, the beans started transferring to the extremities, then pieces invariably went bouncing down the road. As I recall, it took around 100mph.

BTW, I have relatively thick 5-spoke alloys, and 4 of them got either a leg or an arm, and since the weight was mostly centered on on the wheel the vibration was minimal.

Oh, I got the bunnies for free as a kind of spiff from a friend who'd make a vendor's sales rep include them for free with each order. 1% over cost plus bunnies... no wonder that rep left!

Re:Credibility for Intel

I wouldn't bank on Intel and Microsoft being in so friendly. Their friendliness may be leaning towards AMD, especially if Microsoft wants to get into the hardware market. AMD has been in a weak enough market position that they would be more willing to alter hardware on MS' account than Intel would, and AMD having a reasonable share of the CPU market with MS' influence would be a method for MS to exert control (indirectly) over Intel. Check out

http://www.winsupersite.com/showcase/muglia_wins er ver.asp

Re:Credibility for Intel

[Alsee]

If Intel wants to score major bonus points in my book, opening up the bios (or whatever they feel like calling it) could definately do it.

It is a trick. They are publishing the source code, but that source code is USELESS.

If I know that I can always depend on my computer to do what I tell it to and not what Intel/Microsoft/Belken tell it to do, I will go that route.

Then you need to make sure NEVER to let this crap touch your computer! This system is EXACTLY designed to make it impossible to control your own computer. If you change so much as a single instruction then the Trust chip generates a different hash value. With a different hash value the Trust chip cannot decrypt anything. Ultimately you may be denied any internet access at all.

I had decided on AMD. I'm now considering Intel as an option.

Unfortunately AMD is on board with this crap as well. So are Motorola, Transmeta, and even ARM. There's really no good-guys to turn to at this point, but if you want to boycott someone then Intel definitely tops the list. AMD is just following along because they will up and die if the next version of Windows refuses to run on an AMD chip.

-

Re:Credibility for Intel

[Walkiry]

Unfortunately AMD is on board with this crap as well. So are Motorola, Transmeta, and even ARM. There's really no good-guys to turn to at this point

VIA? *Shudder*

Re:Credibility for Intel

[Alsee]

VIA technologies is a member of the Trusted Computing Group too.

-

Re:Credibility for Intel

[bhtooefr]

Intel - chipsets, CPUs
AMD - CPUs, chipsets
VIA - CPUs, chipsets
Motorola - CPUs
Transmeta - CPUs
ARM - CPUs

Old companies:
Cyrix - Now VIA
Centaur - See Cyrix
UMC - They don't make CPUs any more, and they didn't make it over here due to Intel patents anyway
Rise - Umm... the mP6 wasn't that good anyway, and they're not making CPUs any more
NexGen - Now AMD - the K6 is what became of the Nx686

Hmm, is WDC on board? If not, I'm going to see if this Terbium is the unreleased 65832...

Re:Credibility for Intel

[bhtooefr]

Well, you could encrypt DRM crap VERY quickly on one of those! *ducks*

Re:Credibility for Intel

[SuiteSisterMary]

I seem to recall that Intel procs are the only major ones that didn't have a unique ID; SPARCs do, I'm pretty sure that PowerPCs do....

As for the Itanium, Intel can't win. "x86 is so crappy! They should do away with it and start fresh!" Well, they did. "Itanium is so crappy! They should just extend x86!"

Re:Credibility for Intel

[Alsee]

is WDC on board?

I Googled around a while and couldn't find any link between them.

Do they make much of anything other than harddrives? The Trusted Computing design works just fine on top of plain old harddrives anyway.

-

Re:Credibility for Intel

[bhtooefr]

Western Design Center, not Western Digital Corporation.

No, Western Digital doesn't make anything other than hard drives.

Re:Credibility for Intel

[Alsee]

Ahh. I never heard of Western Design Center before. I had Googled WDC and came up with stock symbol WDC and website WDC.com, both Western Digital Corporation.

Ok, I just did a series of quicky Googles trying to link Western Design Center with Trusted Computing and came up blank.

-

Re:Credibility for Intel

[bhtooefr]

You've never heard of WDC before? They made the 65C02, that nice version of the 6502 used in the Apple //c and Enhanced/Platinum editions of the //e (OK, so NCR made the ones in those, but NCR was a second-sourcer), and the 65816, used in the IIGS and Super Nintendo.

Not really

[autopr0n]

While the source may be available, that won't mean it can't contain DRM. After all, any good secure system should be secure wether or not the source is visible or not.

Think about it, the fact that you can see the source code to Linux doesn't mean that a regular user has any greater ability to gain root. That's exactly how these new DRM systems work, by taking a way a user's right to be root on their own machine.

Flash your own Tiano BIOS, and on DRM certified mobo's it simply won't run unless its signed by Microsoft or someone.

So this wont help with DRM, but it's still a good thing :P

Re:Not really

[finkployd]

While the source may be available, that won't mean it can't contain DRM. After all, any good secure system should be secure wether or not the source is visible or not.

But no implementation of DRM can be considered a "good secure system". The whole concept is to take PKI and try to keep the private key away from the owner so he/she cannot use it for anything except what the content owner wants you to use it for. This is why MS is trying to stick private keys in hardware. This is why the iTMS DRM removal tool needs to be able to get your key out of either the iTunes software or your iPod.

Trying to do DRM in something completely open source will NEVER work. DRM is security by obscurity, plain and simple.

Finkployd

Re:Not really

which mobo do you think the slashdot crowd will pick off the shelf at frys, the DRAM one or the non-DRAM option? hell the average user wont buy the dram shit if an alternative exsists. even the clueless user would understand unrestricted vs. M$ controlled computer.

Re:Not really

[MBCook]

But it CAN be. Because you have the source, you can build a version in which you've stripped out the DRM stuff that you don't want. And THAT would remove the DRM worries.

Of course, as you mentioned, all they have to do is require that the BIOS is signed to prevent the end user from doing that, which would be unfortunate. This also assumes that the open source part is functionally complete (i.e. not a layer ontop of the layer that drives the hardware, which could be closed source so nothing you made could be booted because you lacked that part).

I worry it won't happen, but I would LOVE to be able to tweek my own BIOS code. Imagine if you could do that with the computers you own now. Be able to go back to that old PII and add the ability to boot off of USB, or add LBA to an old PC, or just rearrage that horrid BIOS user interface on that no-name PC in the corner. Or you could disable more stuff you're not using to speed up the boot processor. And there are always patches to the Linux kernel and such to work around buggy BIOSes, think if you could fix that yourself. And corporations wouldn't have to worry about the support nightmare, thanks to that classic phrase in the computer industry "We don't support what we didn't ship". You touch it, YOU'RE responsible, good or bad. And if you change something and they like it, it's open source so they can check it out and implement it and make everyone's life better.

I hope the industry sees the light and allows what I suggested above (something that Linux BIOS is working towards too, in many ways). But even if things end up like they are now, I'll be happy as long as I can flash my own BIOS and it doesn't have to be MS DRMed. Because I'm not buying a computer that is programed to not let me use it.

After all, would you buy a car that you're not allowed to drive? (As a car for everyday use, I'm not talking buying the Bonne & Clyde car or something like that).

Re:Not really

[John+Hurliman]

But you can modify the Linux kernel to allow any user to gain root privileges. That's the point of the source code, anyone can rewrite/recompile/reinstall and remove any offending "features" while adding their own modifications.

Re:Not really

[name773]

i'm sure the m$ marketing will be hard at work even so.

Re:Not really

[YrWrstNtmr]

Would you buy a car you're not allowed to fix yourself and still retain the warranty? You can drive it all you want, just don't screw with it.

And that's what most people do with their PC. Drive it. Not muck around under the hood and tweak the fuel injectors, or adjust the slope of the ABS initiation.

Re:Not really

[cgenman]

Think about it, the fact that you can see the source code to Linux doesnt mean that a regular user has any greater ability to gain root. That's exactly how these new DRM systems work, by taking a way a user's right to be root on their own machine.

But the thing is that the way linux prevents a user from being root is by having someone else manually change the password to something that is not in the source code. There is important data being witheld from the user, that will unlock the system. As DRM systems must be self-contained, the "key" to unlocking content must be local. An OS DRM would therefore need to contain the key.

Likewise, while not having root on a box will prevent you from doing lots of things on it, you are still free to edit the source and create your own version of linux without the concept of root (or with full root). Likewise, with a truly OS BIOS, you will have the ability to create your own DRM-free system.

Re:Not really

[BizidyDizidy]

All security is security by obscurity. That's the dumbest phrase going. Too bad it rhymes.

Re:Not really

[prockcore]

And that's what most people do with their PC. Drive it. Not muck around under the hood and tweak the fuel injectors, or adjust the slope of the ABS initiation.

Ironically, Congress is forcing auto makers to reveal their "precious precious IP" because your average mechanic can't read the chips in your car. Basically auto makers were trying to get you to take your car into the dealer to get an oil change. Congress stepped up and said "that's unfair trade practice".

Re:Not really

[ComputerSlicer23]

I don't think you are correct. If I can control the POST sequence, and I have the Microsoft Software, the system can be broken. Period.

It's the ability to flash the BIOS that will make it happen. At some point, Microsoft will have to trust a piece of hardware. If they trust the software, it's merely a matter of time to find out where the branch is that says "yes this is trustworthy", and change the binary so that branch always takes "trustworthy" choice. Just like if I have access to your GPG binary, I can say that a message I sent you is in fact signed by Microsoft (the element of trust everone forgets is that you have to trust the binary sources, in this case, Microsoft can't, as I can fiddle with them). This is an arms race that Microsoft will always lose, it's just a fact of life.

So they must trust a piece of hardware at some point. That hardware must be untamperable, with no way for me to interject myself between it and the Microsoft hardware. As soon as I can interject myself between Microsoft and that piece of hardware, I've won. If I have access to the BIOS, all I have to do is setup some type of virtualization software (Think VMware). At this point, all I have to do is emulate the piece of hardware, and jigger it to always say: "Trustworthy" (essentially a MITM).

If you don't believe that type of attack is plausible, then remember also, I control the client, at some point, I can attack the PKI system. I have access to the PKI portion. At some point, you must have absolute trust of the PKI system, I have the client, what would it take to beat that system? Does Microsoft keep it's list of keys someplace around (it has to, I can subvert that)? That's like giving me access to the root cert's for your Web Browser. You'll trust my hacker sites if I can insert my key into your list of "trustworthy certs". At some point, if I have access to the boot sequence, I can break the system.

The only way it could be secure is to have the hardware have the list of trustworthy keys and have the hardware never give up control to anything that is considered untrusted.

How does Microsoft check that they are running on such a trusted? At some point, they either have to trust the hardware implicitly (which I can fake), or they have it in software that I can modify. At that point, it's either making an untrustworthy piece of hardware (or emulating one), or fiddling the bits of the software. In the end, DRM is a losing proposition. All DRM systems will be broken.

Microsoft might be able to encrypt the software, and only allow it to be decrypted by modules hardware that has the public key embedded inside. However, somebody will just tear the thing apart, or use an X-ray machine to just extract the public key (which at this point is merely a secret piece of data, not really a public key).

Kirby

Re:Not really

[Alsee]

the point of the source code, anyone can rewrite/recompile/reinstall and remove any offending "features" while adding their own modifications

Nope.

The entire purpose of the new system is to prevent exactly that. Sure you can change the code, but then the firmware chip (trust chip)then reports a "currupted" boot value. The new trusted software will refuse to install. The new trusted files will be encrypted and unreadable. The new websites will give you error messages and be unviewable.

With Trusted Computing the source code becomes useless. The system defeats the GPL.

But to top it all off, Cisco has announced a line of Network Admission Control routers that will deny you any internet access at all. It is billed as "blocking viruses", but what it really does is refuse you a connection unless you are running a Trusted computer and approved software. If you try to use to source to make any chages the hardware reports a "currupted" boot value. As far as the ISP's router is concered you are either infected with a virus or at least vulnerable to a virus.

All new computers sold computers will start shipping with Trust chips installed by default within a year. After 4 years or so essentially all PC's will have been routinely replaced as obsolete. I figure such routers could be generally deployed by ISPs in approximately 2008.

-

Re:Not really

And in ten years they'll say:

This is how the wild web was won.

Re:Not really

No.

Good security is well known. The techniques and procedures studied by thousands of expert math and cypher experts.

Now, the private key does have to remain private... this is the secret _you_ keep. This is a secret that _can_ be kept, with safes and locks and armed guards and attack dogs and mine fields and phospate hand gernades and tanks and air craft.

What DRM is trying to do is have a private key that _you_ do not have. _You_ the owner of the computer and all the bits on it are having a secret kept from you.

You have the machine in your own house. Nobody is around to guard against you opening your own computer up and hooking an O-scope to it, or reading out ROM's. Nobody to destroy the computer when the secret key is discovered.

The only thing is a law called the DMCA that says you do not own your own computer. And can go to jail if you illegally modify your own machine to access the bits that you actually own on the machine.

--

Sorry, you have failed to enter the correct password. Please stay seated and remain calm. The police are on the way.

Re:Not really

[finkployd]

All security is security by obscurity. That's the dumbest phrase going. Too bad it rhymes.

You are mistaken, please read Secrets & Lies and/or Applied Cryptography.

Finkployd

Re:Not really

[FauxPasIII]

> Good security is well known. The techniques and procedures
> studied by thousands of expert math and cypher experts.

The OP is pointing out that all security tech that we have now is based on something being secret. In the preferred model of open, "well known" security, the only secret the system depends on is the key. A bad security system also depends on the secrecy of the algorithm.

Your login system, even though it's probably based on a well-understood algorithm like MD5 or NTLM hash, is still completely dependent on you keeping your passphrase "obscure" from an attacker.

Re:Not really

God.

C - O - R - R - U - P - T - E - D

learn to spell already. It's not *that* hard.

If you can't learn to spell, for gods sake at least frequent m-w.com for words over six characters, PLEASE.

If I read your "currupted" again I'm going to throw up.

*shudder*

Re:Not really

[dustman]

You've got it backwards, I think...

It's not really the case that Microsoft's software is trusting the hardware. I think it will pretty much always be the case that software will trust the hardware. If it doesn't, it's too easy to fake (like you've described).

The issue is that the hardware will trust the software. A DRM-based motherboard/bios will refuse to load an OS that isn't signed by the proper entity. It is very easy (technology-wise) to make this work. It relatively easy (policy-wise) for a careful company to keep the signing keys secret.

So, you will have a bunch of hardware, which will only choose to work when trusted software is being run. Sound cards will refuse to output digital signal. CD burners will refuse to burn unless a trusted piece of software is telling them to, and this software will refuse to burn copyrighted music.

Re:Not really

Fucking pedant. Go cry to mommy if someone's spelling bugs you. We don't give a shit. This is a tech geek site not a lit geek site, mmkay?

Score:-1 Flamebait

Re:Not really

[Jagasian]

Well, at least with the whole Cisco thing, you could get around the protection with a simple proxy that looked kosher on one interface, yet let anything go on the other interface. The Cisco routers would then not be able to tell the difference.

Re:Not really

[Rich0]

And said proxy would not be blessed by the powers that be and said proxy would consequently not look kosher on one interface.

If you wanted to use a WinDRM PC as your proxy, for instance, your untrusted proxy application would not be allowed by the OS to open a TCP socket that Cisco would identify as being trusted.

You'd have to get MS to sign your app. And that probably comes with some kind of contract that states that as the developer you swear that you don't have any back doors in your application. And they can always revoke your certificate if it gets out.

Re:Not really

[John+Hurliman]

Aside from the economic impossibility of upgrading the Internet infrastructure and replacing all modern computers in four years, your entire paranoia is based on a single "trust chip". We saw how effective those were in the XBox. The other fallacy is you assume everyone is ok with this. Could you imagine the damage it would do if fifteen years down the road we live in this trusted computing model where no code ever has to be checked for flaws? Then one person figures out how to subvert the technology and the entire infrastructure we depend on comes crashing down. It might make for some good sci-fi but you're not the only person who would see this coming.

Software manufacturers are going to try as hard as they can to insulate themselves from lawsuits and angry customers, but they are still servants of their consumers in a free market.

Re:Not really

[Azog]

I agree with 90% of your post, but disagree that the ability to load your own BIOS means you will be able to get access to the secret keys, and get your own code to appear to be "trusted".

As you say: The only way it could be secure is to have the hardware have the list of trustworthy keys and have the hardware never give up control to anything that is considered untrusted.

The solution? The utility which loads / flashes the BIOS with your customized, open source version will first wipe out all the private keys. You won't be able to subvert that utility - the first time you run it, it will have been loaded by a "trusted" operating system which was started by a "trusted" BIOS, and those two things will work together to ensure that the BIOS update utility is also signed and "trusted". The signed, trusted update utility will wipe the secure key storage clean, making your computer untrusted.

So, sure, you can modify your BIOS, install open source firmware and an open source operating system, and control your hardware right down to the bare metal.

But you won't be able to break any DRM system just from that... by the time any code that you control gets to run, the keys will be gone, and your computer will be "untrusted". Probably permanently.

Personally, that's fine with me - as long as I can buy a computer and load Linux onto it, I don't care if Microsoft and the MPAA and the RIAA trust my computer to keep secrets from me. (I don't expect I'll be wanting to buy music or movies or software from them anyway).

Re:Not really

[Alsee]

It gets complicated. The router can refuse a connection unless you are running whatever software they insist you run. So what you can and cannot do is totally controlled by that software. There's no way to know yet exactly what the problem will look like, but it definitely *is* a problem.

One of the intended applications is distributed firewalls. This is not merely a firewall that protects you for the outside, it is a firewall that also "protects" the outside *against you*! Your computer would run this new firewall and all inbound/outbound data would be encrypted. You cannot receive anything unless the firewall chooses to decrypt it for you. You cannot send anything unless the firewall chosses to encrypt it for you. Your ISP and/or Microsoft get to define how they (and the rest of the internet) are 'protected' against you.

A simple example is that the firewall could refuse outbound port 80 requests (normal web browsing) execept to approved Trusted browsers. You can *install* proxy software on the machine, but it won't work. Your computer and the router will conspire to block any data from going to or coming from the proxy.

The question is just how restictive this firewall can reasonably be. There are a LOT of different programs that already need/use internet access, so there would be too much resistance to a total lock-down of connections. The control and restrictions will probably start light and increase.

So you may or may not be able to run a proxy like that. But it will definitely be unable to connect to any website that specificly uses Trusted computing checks. The website can verify your browser identity and settings, for example to make it impossible to block ads and popups. Or they can us it to prohibit 'deep linking'. Or to enforce 'terms of service'. Or for any of a number of reasons.

Even if the proxy "works", I bet you'll still run into problems. The firewall will probably impose limits and restrictions to 'fight viruses'. While surfing across multiple sites (or a single page with embedded elements from multiple locations) you might trip over connection-rate limits. Don't be supprized if the restrictions also target P2P-type apps, or any sort of 'server'. Restrictions that could easily hit an attempt to proxy.

-

Re:Not really

[Alsee]

It does not require "upgrading the Internet infrastructure and replacing all modern computers in four years". I said in for years the vast majority of home PC's will be replaced. Then ISP's can fairly easily start installing these routers (or activating the additional features of these previously installed routers).

It does not take an overnigh switchover of every computer on earth. But when your ISP installs ONE of these routers between you and the net you will by forced to comply or be denied access. The president's cyber security advisor called on ISP's to make it part of their terms of service. All done in the name of 'fighting viruses' and 'securing the national information infrastructure'. It was at the 2001 Washington D.C. Global Tech Summit. Read his speech, start at the lst two paragraphs on page 11 through the end of page 13. He directly reffers to TCPA, and essentional everything else in that - from forcing down patches to making firewalls mandatory, all of that can only be done through trusted computing.

It will phase in over time, eventually becoming mandatory. Unless there is a massive public backlash against it.

your entire paranoia is based on a single "trust chip"

I'm a programmer. I've been reading the technical specs. I've been reading the architecture and software layers and certificate autorities stuff and all sorts of applications etc etc etc. It all rests on a foundation for a single chip specification, chips made by multiple manufacturers. But as a whole this thing built on top is HUGE. And they *have* extensive and reasonable plans to drive ahead total adoption of the system. It is slated to become standard hareware on all new motherboards. After that everything else falls into place almost on its own.

To put it simply, it is massive "embrace and extend" manuver exactly like Microsoft is notorius for. We both know that embrace and extend (and exterminate) *is* a sucessful strategy.

Embrace: The new computers can do *everything* that an old computer can do. There is absolutely no reason ever *not* to have a computer with a Trust chip. It would be like buying a computer without speakers, you could just accept the standard computer with speakers and leave them off.

Extend: These chips provide new 'security' features. Software will be written that uses these features. It will start with Music download sites and benign software like anti-virus software and be optional. You start getting software with extra features that only work on an "enhanced" computer. Then you start getting software and files and websites that *only* work on a Trusted Computer. The software will simply refuse to install uness you go through Trusted activation and registration. The encrypted files will be unusuable. The websites will start returning error messages if you don't have a Trusted browser, much like many websites currently give error messages if you have cookies off or javascript off or if you try to block ads.

More and more software companies will start using or requiring this hardware for many reasons, particularly 'anti-piracy activation'. More and more content publishers will start requiring it for DRM. More and more websites will start requiring it for a number of reasons (enforcing ad views, enforcing registartion, tracking, blocking deeplinking, new 'enhanced' features, enforcing terms of service, and more). More and more ISP's will start requiring it for a number of reasons (to fight viruses, to throttle banmdwith, to enforce advertizing on discount or free access, to enforce terms of service, for tracking, and more more more).

Once half the public has a machine with a trust chip inside there are all sorts of independant companies that will jump at the chance to take advantage of it. It gives them control over the user's PC. There are a million reasons people would want/demand that control given the chance.

And anyone without a Trusted computer

Re:Not really

Perhaps you're just a troll, but I have time.

Some counter examples to your statement...

A camera in the corner of the room with a flashing red light.

A handgun.

An armored truck.

Public Key Infrastructure

Not again...

[vwjeff]

Processor ID's sucked

I never had a problem with Intel's processor ID. Every networked computer already has a unique MAC address. What is the difference?

Re:Not again...

You can change the MAC address :)

Re:Not again...

[Dun+Malg]

Processor ID's sucked

I never had a problem with Intel's processor ID. Every networked computer already has a unique MAC address. What is the difference?

MAC addresses can be changed by swapping out a $15 part and in some cases can be changed in firmware, so they're not an effective tracking/identification tool. Processor IDs are hardcoded and unique. Thankfully, they can also be turned off.

Re:Not again...

[SeanTobin]

I never had a problem with Intel's processor ID. Every networked computer already has a unique MAC address. What is the difference?

The big problem that many people had with the processor ID's initially was that you couldn't turn them off. Any program running localy could query your PID and send it off to god knows where. It wasn't until later that they released bios updates that allowed you to turn the feature off.

So, it wasn't the fact that the computer had a uniquely identifiable number (ip address/mac address/whatever), its the fact that you didn't have control over the use of that number.

I can deny you access to my ip address (I just don't connect to your server/use a proxy). I can also deny you access to my mac address (spoofing/proxies/whatnot). The rebellion people had was they couldn't deny programs access to your PID. Now, there wasn't any particular reason to deny programs access to a PID yet but it isn't too hard to think of a few.

Anyway, enough rambling. It was the removal of choice that set people off. We didn't have a choice to not use the feature - Assuming we stuck with Intel processors.

Re:Not again...

[BasharTeg]

Uhhh, I don't know, the fact that you can override your MAC address a little easier than you could override your processor ID number?

I don't agree with processor IDs, but that was a stupid question to be modded so high.

Re:Not again...

[222]

It should also be noted that MAC addresses actually provide required functionality, modern day networking is built around them... For the life of me, i cannot think of any productive use for cpu id's.

Re:Not again...

[jdbo]

MAC addresses can trivially (in both $ & time) be changed by changing your network card. Compare that to changing your processor/mobo.

Also, MAC addresses can (at least theoretically, I may be wrong here) be masked/transformed at the router level (thereby perserving anonymity to the rest of the world/internet).

Re:Not again...

[afidel]

Actually they could NEVER be turned off all the way. The BIOS patches just disabled them during startup, and Windows didn't turn it back on. But if you knew the correct sequence and a little assembly you could reactivate the PID 'feature' and query the number. I don't think there was ever a real program that did this but there were a few demo pieces that were enough proof of concept to show that it was possible.

Re:Not again...

[jjeffries]

You can also change your MAC address at will... something like:

ifconfig eth0 hw ether 00:DE:AD:BE:EF:00

might not be totatally right... man ifconfig!

Re:Not again...

[silentmusic]

Given that people _did_ have a problem with it, I never understood why people never bitched at Sun about their hostid. Did I just miss it?

Re:Not again...

[sylvester]

MAC addresses can be changed by swapping out a $15 part and in some cases can be changed in firmware, so they're not an effective tracking/identification tool. Processor IDs are hardcoded and unique. Thankfully, they can also be turned off.

That's a silly argument -- the CPU can be swapped out too, and in modern machines it's not so expensive anyway.

Re:Not again...

[sylvester]

You can also change your MAC address at will... something like:

No, that only changes the MAC address as reported to your DHCP server, as far as I know.

Re:Not again...

If that was the case, it would be done in the DHCP client. ifconfig has nothing to do with DHCP.

Re:Not again...

[sylvester]

hmm. right. But I don't think it obscures the MAC address completely; that is, software could still use it just like they could use a CPUID as a GUID for your machine, which is what spawned all of this.

Re:Not again...

[ashridah]

Incorrect.
It changes the mac address sent out on every single frame. i use it here all the time.

I have to admit, my main workstation has ALWAYS had the same MAC address, namely, the one listed in your parent. (yeah, I know, cheap joke. :) )

One of these days I'll go to a lan party where someone else has the same mac address. :)

luckily, they use decent gear that can detect things like rogue dhcp servers, so detecting a duplicate mac address won't be difficult.

ashridah

Re:Not again...

[Lord+Kano]

What is the difference?

Was there a promiscuous mode for the P3 processor ID?

My motherboard's BIOS allow me to enter any MAC I want for the onboard NIC.

LK

Re:Not again...

MAC addresses can be changed by swapping out a $15 part and in some cases can be changed in firmware, so they're not an effective tracking/identification tool. Processor IDs are hardcoded and unique. Thankfully, they can also be turned off.

Yeah, "thankfully" they can be turned off, in software. I have a CD with a program that can turn the ID on and off inside of Windows. It can be stealthily turned on and off at will.

This is probably just how DRMs going to be implemented too.

Re:Not again...

[mikael]

For the life of me, i cannot think of any productive use for cpu id's.

There were several uses:

1. Software licensing per CPU - an application could query the ID number and use it with a licence key to determine whether the software could run or not.

2. Inventory control - A company could keep track of its technological assets (ie. hardware) using these serial numbers.

3. Recovery of stolen property - If any hardware was stolen, a company could report the serial numbers to the authorities. Security software could also be used to read the CPU ID's and determine if they were stolen or not.

There was some opposition in Silicon Valley to the latter option. Small PC manufactueres were scared they'd get the blame for handling stolen goods if they bought cheap CPU's and sold them off as part of complete systems.

Re:Not again...

[daveashcroft]

unless you are a "poor" laptop owner!

Re:Not again...

[Dun+Malg]

Processor IDs are hardcoded and unique. Thankfully, they can also be turned off.

Yeah, "thankfully" they can be turned off, in software. I have a CD with a program that can turn the ID on and off inside of Windows. It can be stealthily turned on and off at will. This is probably just how DRMs going to be implemented too.

(shrug) They're not likely to institute DRM requiring a processor ID any time soon, as Intel is the only CPU mfr providing that "service". Good luck pulling a CPUID out of a Transmeta or AMD!

Re:Not again...

[DickBreath]

For the life of me, i cannot think of any productive use for cpu id's.

There are lots of great uses for unique cpu ID's.

• Store the ID into the metadata of Office documents so that it is later possible, during an investigation, to determine that the document describing how to hold down the SHIFT key while inserting a CD, was written on John's computer, and later edited on Jane's computer, and then edited again on Joe's computer.
• Develop kewl new browser plug ins so that instead of just recording the ip address of a visiting browser, we can record the cpu id of a visiting browser.
• No more need for cross-site cookies in an attempt to track your browsing habits. If your browser dutifully reports the cpu id, then you can be tracked across multiple sites, allowing us to see that you buy both Disposable Diapers, and also Duff Beer.
• Commercial software can frequently "phone home" with the cpu id of the machine it is running on. This way, when we eventually find you, we know that you were, on such and so date, running a pirated copy of foto slop.
• Image and sound processing programs can "watermark" the cpu id into processed images and sounds, so we get similar benefits to putting the id into office metadata.
• by coupling your IP address and cpu ID, we can become aware of when your computer moves to a different physical location. This way, we now know that the computer which was writing subversive anti-corporate nonsense moved from Oregon to Seattle.

I'm sure creative minds can come up with all kinds of excellent productive uses for cpu id's. If you don't like cpu id's then you must be one of those fringe terrorists or hackers.


(Disclaimer for the slashdot impaired: the above is not my true opinion, although the example uses are potentially real.)

Re:Not again...

[obirt]

Yes, they "fixed" this by giving LAN cards a GUID and the BIOS some kind of serial number didn't they?

Microsoft Support?

[3)+profit!!!]

"Microsoft is continuing its commitment to open industry standards by adding EFI boot support to all versions of the Longhorn generation of Windows products," said Tony Pierce, Technical Evangelist of Microsoft's Windows Hardware Innovation Group. "Participation in the collaborative community effort around the Foundation code that Intel is announcing today will help systems manufacturers and firmware companies deliver new and exciting platform innovations to their customers."

I wonder if this is going to be like Microsoft's "support" for Java...

Re:Microsoft Support?

[deniea]

Oh yes, sure it will offer complete support in adding EFI boot support.

Only to open up a web page where you can fill in you credit-card number !

Re:Microsoft Support?

[Nailer]

Not really. EFI is used on Itanium machines, so Intel 64 bit Windows already uses it pretty well.

Re:Microsoft Support?

[Alsee]

I wonder if this is going to be like Microsoft's "support" for Java

No, it's more like Microsoft support for Palladium.

As a matter of fact this *is* Microsoft support for Palladium.

Central elements of the system were designed by Microsoft + Intel + the rest of the Trusted Computing Group. This new "Foundation code" *is* the Palladium replacement for BIOS. It is the Trusted Computing foundation.

-

Re:Microsoft Support?

[BlueStrat]

"Central elements of the system were designed by Microsoft + Intel + the rest of the Trusted Computing Group. This new "Foundation code" *is* the Palladium replacement for BIOS. It is the Trusted Computing foundation."

For those not familiar or want more info on Trusted Computing/Palladium/NGSCB here's a couple of informational URLs. They're definitely worth a read.

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

http://www.againsttcpa.com/

I RTA.....

[zogger]

... and it's exactly what I thought too, at least a variation of it, and they opened it so anyone could implement as much of it as they wanted to. So I'll call it a cousin of DRM.

Open bios code wont do you any good.

[autopr0n]

Having an open-source bios wont prevent DRM any more then having an open-source OS will prevent file permission restrictions. The source to Linux wont do you any good without the root password, and the source to the BIOS won't do you any good without a signing certificate on a DRM-enabled motherboard.

Re:Open bios code wont do you any good.

You could have all of your computers, and your friends computers (aka /.) share a common private key this should manage DRM nicely.

The article on news.com stated that (recently) bios was rewritten into C. What was the original language of bios? I had assumed it was in assembly, which is typically the smallest and fastest, albeit the biggest pain in the arse to code.

Thanks.

Re:Open bios code wont do you any good.

[Alsee]

You could have all of your computers, and your friends computers (aka /.) share a common private key this should manage DRM nicely.

No you can't.

Every Trust chip comes with a unique key, and half of that key is locked inside the chip. And you can't just make up your own keys because the keys need to be signed by the manufacturer and the manufacturer key must be signed by Trusted Computing Group's root key.

With this system the source code is useless and you effectively no longer own your computer.

-

Re:Open bios code wont do you any good.

[Brandybuck]

Having an open-source bios wont prevent DRM any more then having an open-source OS will prevent file permission restrictions.

With an Open Source OS, I can hack away those file permissions while retaining full compatiblity with the orginal. Nothing difficult about it. The only reason it hasn't been done, is because file permissions are beneficial to the owner of the system.

If there's DRM in the BIOS that isn't beneficial to the owner, he'll get rid of it if he can. He might not be able to do it himself, but someone else will. If it's possible, of course. It depends on the implementation.

Wonder how it will affect

[ErichTheWebGuy]

the LinuxBios project? I would think little, if at all, since the core goals of the LinuxBios project are so specific (providing instant control of a cluster node), but maybe I am wrong? Perhaps some innovations can flow both ways.

Either way, kudos to Intel.

OpenBoot?

What, dare I ask, is wrong with OpenBoot? It's an open standard; it's been around for a long time; and it's used in at least two manufacturers' systems that I can think of. I've also heard reports that some (obscure, probably now defunct) Intel-based PC manufacturers used it in their systems.

Seems to me like a bad case of "Not Invented Here" syndrome.

Re:OpenBoot?

[afidel]

That's EXACTLY what I was thinking when I read about this project several years ago. OpenBoot is Free/free and proven. Not only that but it's hard to imagine a more flexible system since it includes a Turing Complete programming language at its heart =) After you've used OpenBoot the PC BIOS seems so limiting and mundane.

Re:OpenBoot?

[RickHunter]

What's wrong with it? No DRM support (thus, no Microsoft support) and it wasn't invented by Intel. (Thus, no Intel support) It is, however, a far superior system, and yet another reason to get a Mac. (YARTGAM)

Re:OpenBoot?

[pavon]

One of the big features of this new bios is that it is completely backwards compatible (as far as the OS is concerned) with the current BIOS. I don't think that switching OpenFirmware would be quite as seamless of a transistion.

Re:OpenBoot?

[ronaldgminnich]

Why not open boot? Because the "open" means only "open spec".

Open Boot is not Open Source Have you ever wondered why nobody ports it to lots of things? Or why http://www.openbios.org exists? Simple. Open Boot is a marketing name.

Again, Open Boot is NOT Open Source. It's just a cute name that seems to fool lots of people.

But go ahead, prove me wrong: point to the Open Source site for Open Boot.

Re:OpenBoot?

[znu]

Uh, it's an open standard, like TCP/IP or HTTP. Some implementations are open source, some are not. I don't see any conspiracy here.

Re:OpenBoot?

[CRC'99]

It is, however, a far superior system, and yet another reason to get a Mac. (YARTGAM)

Does this mean there is actually 1 solid reason to get a mac?

Re:OpenBoot?

[oddityfds]

Again, Open Boot is NOT Open Source.

Yeah, and that's why it's not as good as an ordinary PC BIOS.

You missed the point.

Re:OpenBoot?

[mabinogi]

> Coming next, 'OpenOpen'! With the word 'Open' used twice it MUST be incredible! Praise Linus!

Actually, companies like Sun, Oracle, DEC, HP, and of course "The Open Group" have been using the word "Open" in that manner long before anyone came up with "Open Source"

The term "Open System" used to basically mean Oracle on UNIX.
And of course there was Sun's OpenLook/OpenWindow and DEC & HPA used the "Open Software Foundation"'s OSF/1 operating system, etc...
It's always been a bit of a buzword.

Re:OpenBoot?

[poot_rootbeer]

point to the Open Source site for Open Boot.

Well, since the spec is open, what's stopping someone from writing their own implementation from scratch?

Re:OpenBoot?

[PipsqueakOnAP133]

Just because it isn't open source doesn't mean it isn't useful. This mentality is just as bad as the PHB 'if it isn't from microsoft/intel and compatible with Office, I can't trust it' mentality.

Great!

[autopr0n]

wow, this is actually pretty cool. Imagine being able to download a bios patch off the 'net that would let you boot the machine directly into Linux, or hell... put a webserver right into the bios chip.

In the future I can see the ultimate "geek" motherboard having a memory-stick or CF card slot for the bios, rather then using chips that aren't often used by consumers. You'd be able to walk down to best buy or Wal-Mart and buy a new bios chip to play around with.

Re:Great!

[bofkentucky]

Anyone know of a webserver written in Forth, I've go an Ultra2 that needs a bios webvserver installed.

Re:Great!

[burns210]

great, now we need to run ad-aware on our bios chips, for fear of spyware and popups generated and the motherboard chip level!

Re:Great!

[Mycroft_VIII]

Ouch. If possible this both +3 funny and +9 firghtning.
If not possible just +4funny

Mycroft

Re:Great!

[PXE+Geek]

Forget the BIOS patch. Why boot to Linux when you're already booting to BSD?

With EFI having a built-in TCPIP stack, you can bet that an EFI based Web server is only a recompile away for some people.

PXEGeek

Re:Great!

[CableModemSniper]

Yes.

Sounds good.... but...

[3seas]

... sounds exactly like hype that is bound to be turned into something you do not want, in actuality.

Like the original intent of cookies and the actuality of spyware use...

One of the best ways,

it almost seems, to ensure you can write open source software and still make money is to make absolutely certain that your open source software is written in such a way it isn't of any use to anyone unless they buy your expensive hardware to operate with it...

Probably good news....

...but given the glowing examples of how you will be able to boot directly to things like a web browser, it will quickly become a security nightmare and another petty obsession for power user types. Doesn't mean it's bad though.

More Info / Linux Power Management

[Landaras]

More information is in a similar article over at News.com.

They mention that proprietary BIOS's is one of the key obstacles to implementing proper power management (ie hibernation) under Linux.

- Neil Wehneman

Re:More Info / Linux Power Management

[Tony+Hoyle]

Except hibernation works OK in Linux already...

OK a lot of the BIOSen suck rocks (for example my K8V used to be able to power off correctly, until I upgraded to the latest 'fixed' BIOS, which broke ACPI completely). But then ACPI sucks anyway... *way* too complex and nobody seems to implement it properly.

From the LinuxBIOS mail list earlier today:

[LuxuryYacht]

Ron on the LinuxBIOS list put this best earlier today:

You are not going to get the hardware startup code in Tiano. You're going to get the code that runs on top of the hardware startup code, and gives you a DOS-like startup system.

Don't expect to suddenly see northbridge code on the intel web site. Part of the goal of Tiano/EFI is to make the release of such information unneeded. There is a silver lining. Supposedly, the interfaces from the hidden hardware code to Tiano will be public. This means you can conceivably chuck Tiano and put your own thing in its place, which could be ... a Linux kernel! You might need a small shim from the hidden hardware code to Linux, which could in turn be ... LinuxBIOS!

This is how Linux NetWorx built the Alpha LinuxBIOS:

- hidden hardware
code (Alpha SROM) [ not changed, left in place]

- LinuxBIOS [with Alpha support, minus memory setup code]

- Linux
Worked fine, should work for Tiano platforms. In other words, the binary support code for Tiano could solve some problems for us:

- if we don't get the specs for the Intel chips (likely), then we can just leave the "hidden hardware code" in place, and flash over Tiano,
replacing Tiano with LinuxBIOS. I believe Linux Labs did something like this for their ClearWater port 2 years or so ago.

- Makes porting to other Intel mobos easier.

Why the CPL, not the GPL?
So that 3rd party vendors can add incompatibilities -- err, value --
and charge you for it.

Put another way, Tiano could be a linuxbios payload. I don't have much
use for a Tiano/EFI payload, however. Tiano/EFI is very complex and if
I'm going to put a complex thing like that into flash I'd much rather
it be linux. I don't want something that's most of the work of an OS
but not much of the capability, which pretty much describes Tiano/EFI.

I'm intrigued that they are open sourcing it. I had for years only
heard that it would be available under a type of NDA. I think LinuxBIOS
is part of the push for open sourcing this type of software. But I
doubt you're going to see Phoenix et. al. open source their
'value-added' Tiano, which means a source fork is built into the model.
That's trouble for us as customers -- we already suffer daily with all
these BIOS extensions and undocumented, hidden gotchas. We already say
this once: there was supposed to be a standard "hand off" on IA64 for
startup. I found out that this "standard" handoff was modified by
several vendors: it was no longer standard.

Let's hope the "hidden
hardware code" to Tiano interface remains standard. Also, if this code
is anything like the EFI code, it won't build under Linux, only builds
under Windows. It won't "just work" for us.

All that said, I think Intel is doing a good thing by open sourcing the Tiano system, and I congratulate them on doing so.

Re:From the LinuxBIOS mail list earlier today:

[PXE+Geek]

But I doubt you're going to see Phoenix et. al. open source their 'value-added' Tiano,

In fact Phoenix is noteably absent from the press release - it quotes AMI and Insyde... Phoenix seem to be concentrating on their own strategies.

Also, don't forget EFI itself is a derivative of FreeBSD...

PXEGeek

Re:From the LinuxBIOS mail list earlier today:

Yes, Poenix plans on being even more a whore to microsoft?

Re:From the LinuxBIOS mail list earlier today:

The CPL _is_ GPL like. So 3rd party manufactors cannot screw up the spec, or make closed source versions!
But different from the GPL, INTEL can change the spec and release closed source 'value-added' version of _other_ peoples code.

Hey, they can't do that!

Intel better not release BIOS under a CPL because it is obvious that SCO owns this. Look out Intel, you are now in the viewfinder of SCO.

Assembly Anyone?

"administrative interfaces which are too complex to implement in the old BIOS environment, according to Intel."

Riiiiiiiiiiight!

Are there any REAL Assembler programmers left who are willing to work for Intel??? That's the REAL question!

OpenFirmware

[leandrod]

One more advantage of RISC systems: OpenFirmware is a real standard, while Intel just wants us to believe it has an 'open architecture standard' and an 'SIG' instead of conforming to an already existing, real open standard.

One more instance of the proprietary lock-in game.

Re:OpenFirmware

[AKAImBatman]

OpenFirmware is a real standard, while Intel just wants us to believe it has an 'open architecture standard' and an 'SIG' instead of conforming to an already existing, real open standard.

Not to mention that it's much cooler. You've got to love how easy it is to tell a Solaris machine to boot from ANYTHING without even an OS on the system! Boot from network? Never have to touch the machine. Boot from USB? A two line command? CDROM? Same! Boot from next years wizzigig? Done.

It's also great for saving a system. Mislink the superblock? Write a Fortran program to fix it! Need a quick calcuation done while writing your program? Write a bit of Fortran to calculate it for you! Face it, OpenFirmware is simply cooler than anything on the Intel platform, present or future.

(BTW, keep an eye out for CmdrTaco. He always shows up with his OpenBoot troll ten hours after the story has been posted. Come on Taco! You've got to get moving! ;-))

Re:OpenFirmware

[Etcetera]

That's exactly what I was going to post :) So.... I'll post some useful links instead! For those that don't know, Open Firmware is a FORTH-based boottime environment that handles all Sun and Mac machines recently produced, and also was used in the PReP/CHRP boards. IBM may still use it in some areas, I'm not sure...

The Firmworks stuff with Linux and OF looks particularly neat...

• Apple's OpenFirmware home page
• An overview of OF
• The Official homepage
• Firmworks, the OF folks (Linux info)
• TinyBoot
• The Open Directory Project category for OpenFirmware

And here's a cool example of things you can do with OF. Two-machine mode boot debugging

Re:OpenFirmware

[n1ywb]

Uhm, Fortran? My God, Man, you are going to scare EVERYBODY away from OpenFirmware! OF uses Forth, not Fortran.

Re:OpenFirmware

[leandrod]

> Open Firmware is a FORTH-based boottime environment that handles all Sun and Mac machines recently produced, and also was used in the PReP/CHRP boards. IBM may still use it in some areas, I'm not sure...

Unless I am severily mistaken, all POP systems (based on an IBM PowerPC reference design) being distributed by EyeTech and Genesi are also OpenFirmware.

I have some idea that SGIs, including the Intel ones, were also OF, but I am probably wrong on this one as SGI was a member of the ARC.

Re:OpenFirmware

[AKAImBatman]

Doh! I misspoke, thanks for the correction. They both start with "Fort" and it's late at night. That's my excuse, and I'm sticking to it. ;-)

Re:OpenFirmware

[fucksl4shd0t]

Heh, apparently the last time OpenBoot Troll posted, he posted in response to this.

I'm chuckling a bit, yes I am. ;)

Get our minds right first and last.

[Doc+Ruby]

Data sharing is literally essential - computers are only marginally useful if their only info exchange is via keyboard/mouse/monitor. DRM is a tech implementation of the human activity of trust. Proprietary DRM schemes, like M$ Passport, or any other vertical integration, are bad trust models. They fetishize others of the same breeding, trusting identical platforms more than different ones. That kind of model is like feeding cattle the remains of their unsold brethren, a monoculture that amplifies platform weaknesses like mad cow, which incubate in a species and even threaten others. The diversity of open trust standards, like PGP webs of trust, or public SSL CAs, combined with open, mutual audits, keep the ecosystem healthy. Before we build a rickety infrastructure based on flawed models and self-defeating principles, we must get to the right way to manage these systems - then automate them. An open source BIOS, which interoperates with the rest of the Internet ecosystem, at least preserves the options to do that, without passing the point of no return on the wrong path.

Re:Get our minds right first and last.

[Nugget]

DRM does not prevent data sharing. It prevents you from sharing data which you don't have the authority to share.

Nothing about DRM will prevent musicians from creating music and giving it to the world. Nothing about DRM will prevent programmers from writing code and giving it to the world.

All DRM blocks is the illicit spread of data against the owner's wishes, which is hardly an essential function of any society or system.

Re:Get our minds right first and last.

[Doc+Ruby]

The DRM we're discussing (as I see it), in this context of open-source BIOS, is "Trusted Computing", a Microsoft initiative which has in recent months been underpinned by new DRM in a new PC BIOS (by Phoenix, I believe). This is a specific DRM that includes lowlevel BIOS functions to enforce compliance with "trust" certification by Microsoft.

Not all DRM is bad, or broken, or required. We have rights, after all, and management of their digital representations is necessary in our increasingly digital environment. But an inaccurate model of our rights, and our transactions within them, will deny those rights. And that will further undermine the model. Leaving us with a world even less inhabitable than now, when these technologies are pursued with exactly the opposite values. So we must be careful how we begin, or it will be a lost cause from the start.

Re:Get our minds right first and last.

[MunchMunch]

"All DRM blocks is the illicit spread of data against the owner's wishes, which is hardly an essential function of any society or system.

I think you have far too much faith in these systems and a fundamental misunderstanding of what copyright is meant to protect. First, already in combination with laws like the DMCA, DRM is used to deny fair use rights--to state the most obvious example, but by far not the most important. Second, you fail to realize that the purpose of copyright is to encourage progress, not protect 'creations.'

This is because American copyright, as envisioned by the Framers, rejects any moral or property protections and relies instead on a way of viewing creative progress as what I would call a 'collaboration' between generations. Each subsequent generation must have free access to the previous generations' works in order to build upon them. It is thus an essential function of any rational society or system to not impede progress by essentially granting a single generation full control to lock out future generations.

But of course, copyright doesn't allow this anyways, as I spent the last paragraph stating, because it misunderstands that copyright is a protection of some sort of inherent 'right' in the act of creation rather than a protection of progress through balanced public and private rights. In actuality, the more dangerous effect of DRM is that copyright itself becomes obsolete in a DRM-capable world. Companies need only decide what allowances they want to give to consumers through technology, and the balancing effect of the law dissappears.

Re:Get our minds right first and last.

[LordK3nn3th]

Nice try, but our concerns are about fair use (loading music from a CD onto computer for backup or MP3 player purposes) and compatibility (Microsoft DRM'd BIOS working with Linux???)

Re:Get our minds right first and last.

[Muggins+the+Mad]

> DRM does not prevent data sharing.
> It prevents you from sharing data which you don't have the authority to share. ..or using something you have legally purchased without paying lots of extra money to the local monopolist. ..or forwarding DRMed spam to the senders ISPs. ..or watching that cool DVD your mum bought you while on holiday in the UK... ..or sending a copy of a fraudulent copy of your *own* media to the police...

Ok, hardly essential functions of society,

But still very annoying.

- MugginsM

Re:Get our minds right first and last.

[asdfghjklqwertyuiop]

DRM is an attempt to remove my control of my private property and place it into the hands of someone who doesn't own it. Period.

I oppose DRM because I believe in the right to private property (namely my computer). Nothing to do with copyright violation.

Re:Get our minds right first and last.

[perlchild]

You're right, but prior experiences in this field have been fraught with peril, partly because Microsoft(among others) felt that any data that didn't have a clear owner automatically belonged to it, and partly because the trust management implicit in proper DRM functions requires more work from already over-worked, understaffed IT departments who already have trouble with getting users to change passwords every six months. These same IT departments are going to be able to keep the tangle of DRM ownership and the proper trust relationships inherent in such clear and unobfuscated ?

You obviously have great faith in the human race's potential to avoid problems, instead of just running into them smack on, and grinding them down by force of numbers...

Re:Get our minds right first and last.

[zurab]

Doesn't this depend on actual implementation? You may have different intentions but you are not in charge of designing and implementing the DRM system on 90% of user desktops. Imagine a DRM system where "untrusted" content is branded as unsafe and dangerous and is extremely hard for an average user to play/execute/etc. compared to the "trusted" content which is easy and effortless. When such a system is widely spread, you may even have settings that disable any "untrusted" content outright - that may even be turned on by default without user realizing anything.

No, in such a case, you won't be able to easily share music you create, or a free software program you write to the world unless you get certified by (who? BSA?) whoever for huge amounts of cash to become a "trusted" provider. Or convince your users, if they have an option, to turn off the security setting that Microsoft, anti-virus companies, mainstream press and all others say is wrong to do, will result in worms and viruses, and will no longer be supported by the OEM.

I am not saying this is what will happen. I am saying it depends on what will, and how much monopolies and cartels can get away with.

Re:Get our minds right first and last.

[damiam]

DRM does not prevent data sharing. It prevents you from sharing data

I see.

Re:Get our minds right first and last.

Nothing about DRM will prevent programmers from writing code and giving it to the world.

That is pure, total BS. What you are saying is true if you are dealing with a benevolent manufacturer who cares about its users.

Microsoft has shown time and time again that they only care about Microsoft. As you say, DRM blocks the "illicit spread of data against the owner's wishes" - so what happens when MS decides that it owns the DRM BIOS on your computer and decides that installing any software they don't approve of violates their "rights"?

Re:Get our minds right first and last.

[Nugget]

Sure, it's a glib response that totally avoids any real content.

I'm regretful that my wording left me open to the response, but I don't feel that it has in any way detracted from the point I made.

Re:Get our minds right first and last.

[Nugget]

Microsoft can't just decide that it owns this Intel BIOS. You did read the article, right? Or at least the headline?

History doesn't really lead a person to expect that Microsoft would do this, nor does your unrelated assertion that "Microsoft cares only about Microsoft" really support your theory either.

Re:Get our minds right first and last.

[Brandybuck]

Nothing about DRM will prevent musicians from creating music and giving it to the world.

It doesn't prevent it, but most proposed implementations would sure as hell hinder it! The user will not be able to play a "free" song unless there is something certifying the user's right to play it. That certification isn't going to be free.

Re:Get our minds right first and last.

[davester666]

> All DRM blocks is the illicit spread of data against the owner's
> wishes, which is hardly an essential function of any society or
> system.

If it's not an essential function, then why do the Music and Movie industries want it on every computer?

Re:Get our minds right first and last.

[smittyoneeach]

Trust them. They are from and they are here to help.

Re:Get our minds right first and last.

Errr, Microsoft was _convicted_ of being a monopoly. That is somewhere between being a thief that stold hundreds of dollars from a million people and being a mob boss who was convicted of rackaterring.

Nothing you say can change this fact. And the conviction was upheld on appeal, only the penalties were turned into a pat on the behind by that meat puppet Bush who is the lackey/lap dog for powerful international interests.

Why should they change? Their behavior has never been punished before. In fact the more laws they break the more money they make. Why change? They have not changed and will not change until they eventually fail because _everyone_ is tired of their bull shit and just refuses to do any business with anyone even remotely connected to anything to do with Microsoft.

Re:Get our minds right first and last.

[dnoyeb]

Always trust software from Microsoft Corporation?

[OK]

Re:Get our minds right first and last.

[poot_rootbeer]

Data sharing is literally essential - computers are only marginally useful if their only info exchange is via keyboard/mouse/monitor.

I dunno, the home computer market did okay without for its first twenty years, when few PCs were "online" and file sharing meant taking a stack of 360KB floppies to your friend's house...

Re:Get our minds right first and last.

[Doc+Ruby]

And cars were worth having before you could get gas anywhere, and there were paved roads everywhere. But only marginally useful, compared to today.

Re:Get our minds right first and last.

[itwerx]

... and file sharing meant taking a stack of 360KB floppies to your friend's house...

But what if your friend couldn't read the files on those floppies because the software/machine they came from were "untrusted"?

Re:Get our minds right first and last.

Sure, it's a glib response that totally avoids any real content.

Well, it's got that in common with your post, hasn't it, fuckwit.

we NEED this

[spazoid12]

'provides that the successor to the BIOS will be based on up-to-date software technology.'

If it ain't broke... well then at least say it's not modern.

I predict...

[novakane007]

... this will be a long remembered day in the history of the personal computers.

Once upon a time, IBM released the BIOS source...

[monkeymanatwork]

I remember in the late 80's seeing a bound, printed version of the IBM XT BIOS source code (ASM of course). It belonged to a friend and probably dated from the early 80's. IIRC, he sent IBM a check for $50 and they sent it to him.

Not Open Source, but invaluable when we were developing device drivers, TSRs, and other low-level software.

OpenFirmware rules

[n1ywb]

OpenFirmware is the most amazingly awsome BIOS ever. Mostly because it's written in Forth which is one of the most amazingly awsome languages ever. I learned Forth specifically so I could hack on my PowerMac 7500's OpenFirmware. It's too bad Apple's old OF implementations were a bit buggy, but the newer PowerMacs' OF is super.

For those who aren't familiar with Forth: Forth is a very powerful and easy to learn language. It's hardware requirements are very light and it is completely portable. Except for the most fundamental procedures, Forth is written in Forth and is completely modifiable and extensable. Forth programs are written as extensions of Forth itself. Forth is an interpreted language, and can be used from a Forth shell, much like BASIC. However, it is almost as fast as C, and equally powerful. Forth is an ideal language for embedded computer systems.

For those of you that aren't familiar with OpenFirmware: OF is written in Forth and is very powerful because it can be manipulated from the Forth shell. This makes it very straightforward for an intelligent user to modify his BIOS as he sees fit, write BIOS scripts, modify settings, etc. The OF Forth shell gives you all the power of a normal PC BIOS and GRUB and then some. It even has a rudimentary edlin like text editor. Anyway if you own a Mac, look up some info on OF and play around with it a bit, it's pretty freakin cool.

Re:OpenFirmware rules

[AKAImBatman]

I learned Forth specifically so I could hack on my PowerMac 7500's OpenFirmware. It's too bad Apple's old OF implementations were a bit buggy, but the newer PowerMacs' OF is super.

If you think that's good, you should try Sun's OpenBoot on a SPARC machine some time. Not only does it have the powers you've come to expect from OpenFirmware, but it's got purdy scalable fonts, graphics, and iis far less buggy than Mac's OF. Besides, my Mac makes me squint, and I like pure white instead of off-white. ;-)

Re:OpenFirmware rules

Or you should try the Alpha's SRM firmware, because its got...ummm...purdy white on blue.

Re:OpenFirmware rules

[Domini]

The coolest thing about the OpenFirmware on my iBook is the fact that you can run a telnet server in it! (Google is your friend!)

Great for when your Firmware stuffs up your display!

Not to mention being able to solve towers of Hanoi problems! ;)

Free Programmers?

[timgoh0]

Maybe its just me, but don't you think that this is just a way of intel trying to get free and fast bugfixes and improvement for their bios?

Re:Free Programmers?

[Bored+Huge+Krill]

yes, that would be it. And what's the problem? Why is open sourcing something they developed and allowing others to make changes a bad thing just because Intel does it?

Re:Free Programmers?

[timgoh0]

Because they would be making a profit out of it? AFAIK, mobo manufacturers still pay a license for the bios.

Re:Free Programmers?

[Bored+Huge+Krill]

And free software is about price now? Quick! Call the police and send them to Red Hat...

Re:Free Programmers?

[LordK3nn3th]

Heh, most Linux people (including me) always argue that's one of the benefits of open source, so people can see the bugs and fix it, and then someone complains when Intel might be using it for that reason :)

Let us not be too hasty to chastise intel for being smart...

Re:Free Programmers?

[p3d0]

So?

Re:Once upon a time, IBM released the BIOS source.

They also did it for the AT - and I've got both :-)

Not much use these days - but from a historical perspective of some curio value.

Still doesn't exmplain why new PC's BIOS POST takes so damn long :-)

More Secure?

[niktesla]

It is stored in firmware, so it is more secure from viruses and other types of attack than past BIOSes
[sarcasm] Yeah, there were real virus problems w/ BIOS back when it was non-flashable. Those pesky viruses would pop my BIOS chip out and install a new one before I knew it.[/sarcasm]

Extra or additional drivers and code functions can be stored on the hard drive and accessed there.
Seems like this would increase the vulnerability of the BIOS.

Other than this problem and maybe not being able to control some of the OEM preboot (an odd word when you think of it) "features" (DRM, etc.), this doesn't sound too bad of a plan. Sounds like we're on the way to having the OS run off a FLASH disk or some type of firmware. It'd be ironic if, because of advanced DRM technology, we have to go back to the oldest mod trick - yank out the old chip and solder in the new, as was once done to upgrade BIOS.

The threat of DRM, diminished in a single stroke?

[yosemite]

*wow*

Running Linux disabled it

[anti-NAT]

I'm pretty sure that almost immediately after Intel released that "feature", the next Linux kernel was patched to disable it on boot.

On the one occasion I've left it on in my BIOS ( a number of years ago now), in the Linux kernel boot log was a statement that the PID was being disabled.

Re:Once upon a time, IBM released the BIOS source.

[stox]

If memory serves correct, the ASM source for the BIOS was published as part of the original PC/XT Technical Reference Manual.

There is no I in EEE (was Re:Microsoft Support?)

[Whyzzi]

Embrace, Extend, Elimate.

so much for preview

[MunchMunch]

"But of course, copyright doesn't allow this anyways, as I spent the last paragraph stating, because it misunderstands that copyright is a protection of some sort of inherent 'right' in the act of creation rather than a protection of progress through balanced public and private rights."

Should be:

"But of course, copyright doesn't allow this anyways, as I spent the last paragraph stating, because that would misunderstand copyright to be a protection of some sort of inherent 'right' in the act of creation rather than a protection of progress through balanced public and private rights."

Sorry!

Re:There is no I in EEE (was Re:Microsoft Support?

[glenkim]

eliminiminate!

Nothing to see here, move along

[jmorris42]

Unless you are a motherboard maker you won't be using this source dump. All of the hardware level details will remain hidden away in vendor's source trees so an end user will never be able to link a complete copy.

It might prove useful now and again to conpare documented behavior to actual, but that is about the extent of it.

Cool...

[cujo_1111]

I remember that i thought it was cool when they added mouse support and CD-ROM booting in the BIOS. What cool stuff are they going to add now?

From the article.....

[Nikker]

"settings are no longer stored in the CMOS (complementary metal-oxide semiconductor) map. Instead, new settings are stored on the firmware chip. Extra or additional drivers and code functions can be stored on the hard drive and accessed there"

How about using the firmware to make phony devices? About a week after MS launches the latest DRM based firmware its habbits and procedures *will* be cracked. One could then mimick that behaviour to circumvent authentication and possibly crack the system.

One could get at the EFI by "booting" off a USB etc device and then passing it off to the MBR. That would circumvent the DMCA(sp?)? Hope they realize that before it gets launched!

Sig

WTF is wrong with...

[Mr.+Arbusto]

OpenFirmware. Seriously, its be tested tride and true.

It's worse than that.

[BiggerIsBetter]

Would you buy a car if you're not allowed to reverse engineer the ECU to reset the Service Due light after changing the oil yourself? Oh, and if you do that anyway, you'll be charged under the DMCA and sent to PITA prison.

What about AMD 64 bit CPU's

How does this affect the Amd 64 bit cpu's...I understand that they are a better design than intels future 64 bit machines?? and how does this affect these new bioses?? shouldn't we be demanding an open source bios standard (non-drm)?

Re:Once upon a time, IBM released the BIOS source.

[Tim+C]

Not open source in what sense? By the capitalsation, I assume that you're equating "Open Source" to be more than just "access to the source code", but that's adding more to the definition than is present in the words themselves.

You had the source of the program; I'd say it was open source. No, it wasn't GPL licensed (or BSD, or whatever), but it certainly wasn't "closed" either.

Good point but...

[rsilvergun]

it'll get turned off. The tech support costs for automatically rejecting untrusted content will just be too high. Try getting grandma to use public/private key pairs some time. Set her up with the system, and when it doesn't work, tell her to call Microsoft. Do that to 10 million grandma's and watch the stock prices fall.

Re:Good point but...

[zurab]

OK, again, I am not saying that this is what will happen, but I can also imagine how this could happen. Obviously, it cannot be the immediate next step from where we are today. It takes some time and public education and gradual change on both hardware and software side. As an example, a lot of people are already aware and look for an SSL icon/URL before they type in their credit card or social security numbers. With sufficient time, mainstream attention, and a strong push from technology giants like Intel, Microsoft, anti-virus corps, as well as media companies you could get general public to understand and differentiate between "trusted" and "untrusted" content.

With a similar campaigning from same sources depicting "untrusted" content as inherently evil (e.g. pirated music, child pornography, worms and viruses, etc.) you could, with some time and effort, turn ignorant general public against it. Note that most applications/content that you purchase and use will be trusted - MS Office, TurboTax, most commercial games, RIAA/MPAA content, etc. What will not be trusted is viruses, worms, "illegal" music, porn, and free software (or other free legitimate content) the authors of which have no resources to obtain the "trusted" certification.

This type of classification of free software, shareable music and other similar content with very bad things like child pornography, works to a great advantage of technology giants like Microsoft and media cartels like RIAA and MPAA. You can see where this is going and where they'd like to take it. With enough time, resources and scare tactics, they could even lobby for a piece of legislation outlawing "untrusted" content. I can imagine how this could happen, not that it definitely will.

Re:Good point but...

[vsprintf]

I wouldn't bet on it. Grandma won't complain to Microsoft, because she has no idea what DRM or an OS is. Last week a lady wrote a letter to the local newspaper ranting about how her computer had been overrun with viruses and spyware twice in two weeks despite her updates and virus scanner. She had to do a fresh install twice.

So, did she complain about Microsoft sticking her with broken, buggy, insecure software? No. She was raging about how the cable company was letting the malware get through to her computer.

Re:Once upon a time, IBM released the BIOS source.

[waveman]

> I remember in the late 80's seeing a bound, printed version of the IBM XT BIOS source code (ASM of course). It belonged to a friend and probably dated from the early 80's. IIRC, he sent IBM a check for $50 and they sent it to him.

I still have a copy of the PC, PC/XT and PC/AT technical reference manuals all with bios source. And with schematics of the motherboard and sample add on boards.

Someone told me IBM had to release this information due to anti-trust problems they had had. Another theory is they released it to make building cards for the PC easier.

In those days they gave their customers the source to their mainframe software at the time. But it was not open source as we know it. They thought at the time that hardware was the profit centre and software was not that important.

Re:Once upon a time, IBM released the BIOS source.

[pe1chl]

That is correct. But this manual was not part of the standard PC shipment, you had to order it as an extra documentation item.

(interestingly, a BASIC reference manual was usually included with PC systems those days!)

Public/Private Keys

If every person needs a scanning tunneling microscope just to do what they want with their computers, then Microsoft et. al. have already won.

Re:Public/Private Keys

[FictionPimp]

The tipical rule is this:

It only needs to be cracked once

Yup thats right, crack once, run everywhere. All it takes is one person to figure out a easy way to get at the keys and post a how to somewhere out there. If i can follow instructions to remove my iTunes DRM, or dump a rom, or even compile gentoo, I'm sure i can follow instructions on building some random hardware from radio shack to insert in my pc to emulate something, or steal something.

Hmm, maybe this would be a good time for me to get a engineering degree? I'm facinated by this subject, yet I dont know jack about hardware besides building a pc and troubleshooting it.

Re:Public/Private Keys

[Rich0]

Only if there is only one private key. If each machine has a serial number and a unique key, and there is a published databases of serial numbers and public keys, then each machine must be cracked once.

DeCSS works only because there are only a few hundred DVD keys that work on all players.

Imagine if CSS were implemented by:

1. DVD player dials DVD consortium over phone.
2. DVD player supplies mainframe with DVD serial number and DVD player serial number.
3. DVD consortium supplies unlock code for that particular DVD (not title - that copy).

If you could hack your player you might be able to get the code and then rip the DVD. But only that DVD. And by dialing up you potentially identified yourself to the consortium so they have the ability to look for trends, and if the DVD video was watermarked they might be able to identify copies that you make. If they narrowed down a likely copier to one of 50 possibly-hacked DVD players they'd just tell the mainframe not to supply codes for any of them, and the 49 legit people would call up and complain, they'd send out a service guy who would check for tampering and then call in and re-enable the player. The guy who didn't call in gets a visit from the BSA...

Sure, this is impractical for DVDs - which is why it wasn't done this way. But if it were done this way there would be no DeCSS.

And if Palladium does take off, this is how it will be done - it is easy to make computers phone home since this technology is being applied to media that will be available online.

As long as each computer has its own private key, you'll never find a practical crack unless the key can be obtained through other channels. But if MS is smart, they'll use smartcard technology - have the computer generate its keypair and output only the public key. If the computer never outputs its private key then not even they will know it. Hence nobody can leak it.

This is how modern smartcards work - not even the owner knows their private key. (That way the owner can't inadvertently lose it, or an attacker can't pretend they are the owner and get the key, since the card has no facility for doing this...)

Linux kernel as a boot loader

[Maljin+Jolt]

Technically, there is no need for BIOS today. Some people experiment with using stripped ROMmed linux kernel as a boot loader. It's already pretty configurable, supports wide sortiment of hardware devices and operates on many cpu platforms. Why to reinvent an edged wheel just for x86-64?

Re:Once upon a time, IBM released the BIOS source.

Are you new here?

Stop the CPL

[Wolfier]

The whole point of CPL is to create confusion with GPL. (just look at the NAME of the licence)

It is similarly viral (all your derived code if released in source form must be in CPL) and shuts the door on any potential branch to another OSS license, including the GPL.

It is simply a MS tactic to steal resource and potential code amount that goes to the GPL.

So, if you're not anti-GPL, don't use the CPL.

Re:Stop the CPL

are you stupid? Just look who came up with the CPL. IBM, Currently Open Sources Best Friend. It is not from Microsoft at all. Microsoft is just using one of IBM's license. Wow. What are you smoking? Where can i get some?

You think worms are bad now...

[Uzik2]

" The Foundation code is designed to be extended with new features and services, such as improved platform manageability, serviceability, and administrative interfaces which are too complex to implement in the old BIOS environment, according to Intel."

Did you notice the part about 'administrative interfaces'? This means your PC will have a remote control interface built right into the BIOS. Now anything that's turned on and connected to the network will be remotely exploitable. Even your Linux box, or your toaster will be worm fodder.

Re:Once upon a time, IBM released the BIOS source.

[bhtooefr]

And THAT, my friends, is how Phoenix got started. They simply grabbed a IBM PC 5150 technical reference manual, gave it to one group of programmers, who determined the hooks in the BIOS, and gave a list of those hooks to another group of programmers, who developed a BIOS around them.

Re: CPL != DRM

C'mon guys, not everything that Intel does these days is DRM ! (i don't say that they don't do some DRM, though... :( )

if you ever have had to managed a bunch of servers &/ more-than-a-few workstations, you'd greatly appreciate such a feature of remote CMOS-setup & friends, wouldn't you ?

- and if someone will put any DRM in, it will be visible to all (CPL, remember ?) - and removed ! :)

Re:what I want is...

[bhtooefr]

The latest 3D games FOR LINUX, not the latest for Windows? You might get away with an i865G, which is handled by OPEN SOURCE, WITH INTEL CONTRIBUTIONS i810 graphics drivers.

IIRC, on an i845 laptop I had use of, performance on BZFlag was pretty good, but nothing compared to a modern card. The only thing you're going to have trouble with is the UT series, especially 2004 - just drop the resolution to 640x480...

Re:Once upon a time, IBM released the BIOS source.

[Rich0]

It wasn't open source.

If you changed one line and burned a chip and swapped it for the chip in your PC, you'd be violating the copyright on the source (except for any allowances for fair use).

If you go down to the bookstore and buy a book it comes with the source code built-in. However, that does not mean that the book is "open" in any sense - you can't make your own derivative work except under the guidelines of fair use.

Open source is about granting access to USE the source - not just see it. And access beyond just fair use. It doesn't have to mean GPL - BSD is also fine. Even public domain is fine as well. But simply showing the source doesn't make something open source.

By your definition Win2K is open source since you can download much of the source code from the appropriate forums. And MS even lets you view the whole thing if you sign an NDA...

Wtf are you talking about?

[autopr0n]

There are lots of different methods to do "drm", but PKI based systems do not need to keep the private key on the host system.

We're talking about a system for signing code, i.e. your computers OS won't give access to protected content to programs that haven't been signed by an authorized party. The signing key (in other words, the private key) never needs to leave the offices of Microsoft, the RIAA or whoever does the code signing. The user only needs to keep a copy of the verification key (the public key).

Cameras and scanners

[tepples]

you won't be able to easily share music you create

I can see the songwriters' guild agreeing with this restriction, for several reasons.

or a free software program you write to the world unless you get certified by (who? BSA?) whoever for huge amounts of cash to become a "trusted" provider.

Given experience with Windows XP signed audio drivers and Xbox software, the "who" would probably be the lot-check department of the publisher of a proprietary operating system.

Or convince your users, if they have an option, to turn off the security setting that Microsoft, anti-virus companies, mainstream press and all others say is wrong to do, will result in worms and viruses, and will no longer be supported by the OEM.

So what happens to makers and users of digital image input devices such as cameras and scanners?

Re:Cameras and scanners

[zurab]

So what happens to makers and users of digital image input devices such as cameras and scanners?

I don't really see a problem. The content from hardware devices physically attached to the PC would be "trusted" for your personal use, but similar content downloaded online would not. Moreover, restrictions on images could be looser since media cartels and BSA are not concerned about those as much.

You wanna bet?

[StarKruzr]

I have it on very good authority that EFI gets at LEAST 15 miles more to the gallon than your puny little Civic.

SEE????

* clueless mods: please look up "EFI" within the context of the article. thanks.

Moo

[Chacham]

They should leave good enough alone. Working on this, would be like reworking the FTP standard to bring it "up to date". Opening a can of worms.

Stupid political correctness

[Bizaff]

The project represents more than 200 person years of development by Intel's China Software Center in Shanghai, and Intel software labs in Oregon and Washington, Intel says.

Thank GOD they didn't say "man years", since clearly they are different units.

They did have some other errors, such as the next paragraph:

"Because pre-boot firmware is a vital ingredient in all modern platforms, silicon vendors and system manufacturers require stability in the Foundation code to protect their investment in innovation," noted Will Swope, vice president and general manager of Intel's Software and Solutions Group. "They expect unfettered access and collaborative control of changes so that interoperability can be maintained."

should read:

"Because pre-boot firmware is a vital ingredient in all modern platforms, silicon vendors and system personufacturers require stability in the Foundation code to protect their investment in innovation," noted Will Swope, vice president and general personager of Intel's Software and Solutions Group. "They expect unfettered access and collaborative control of changes so that interoperability can be persointained."

Re:The threat of DRM, diminished in a single strok

[yosemite]

Slashdot can suck deez nutz.
Or I should say, the slashdot community can suck deez nutz.

Will Grandma be able to e-mail you pictures?

[tepples]

The content from hardware devices physically attached to the PC would be "trusted" for your personal use, but similar content downloaded online would not.

And Grandma wouldn't be able to send your aunt pictures.

Moreover, restrictions on images could be looser since media cartels and BSA are not concerned about those as much.

What is video other than a sequence of still images presented at regular intervals, synchronized to voice mail? And if the operating system does manage to block transmitting video works created by an author using home equipment, it would mean that Grandma wouldn't be able to send home movies to other family members.

Re:Will Grandma be able to e-mail you pictures?

[zurab]

What is video other than a sequence of still images presented at regular intervals, synchronized to voice mail?

What is everything but a combination of 1s and 0s?

And if the operating system does manage to block transmitting video works created by an author using home equipment, it would mean that Grandma wouldn't be able to send home movies to other family members.

Maybe you are right - because you don't want anyone to e-mail child porn to your children, right? Remember, in my hypothetical scenario people are turned against the "untrusted" content.

Or, maybe, you could get a discount for a personal "multimedia trust certificate" from Microsoft with your 2-year subscription to MSN? "Personal" meaning you can distribute your video to up to 5 people, but recipients are not allowed to redistribute it - or some variation of that - details can be arranged and adjusted anytime as long as the system is in place.