Slashdot Mirror
IBM Shipping More PCs with Trust Chips
rts008 submits this EWeek story about IBM shipping more computers with trusted computing inside. Since the article mentions none of the downsides, we should: trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit.
I TRUST YOU
Yeah, paranoia is fun and all, but I wouldn't mind a few links to support the downsides claim.
You'ld think IBM would know better than to associate the word "Trust" with "Technology". That combination is like a buzzword for suspicion to the Tech-wise.
trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit
This concerns me.
More from a grammatical standpoint than anything else.
(and my grammar/spelling is not necessarily perfect...but I dont get edited
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
Remember, trusted computing has its place. Maybe not on the desktop, but I can see it useful to lockdown point-of-sale machines, kiosks and librarys. It would be a hell of a lot easier for some places than it is implementing Group Policies and permissions for a computer that should be used only for a specific task.
Remember, only hackers run Linux, and other un-american things on their machines! Buy today, or the terrorists win!
Industry spokesman: "... but this will stop those evil hackers taking over your system. Surely this is what you want? Oh, well yes, it CAN be used to restrict the way you use your legitimately purchased software, but don't you think that's a small price to pay?"
what I don't like about this concept is that the problems that mainly affect the lower end (non-tech users who can't secure their PCs) will result in more restrictions on the top end (tech users who can 'creatively' use products for a purpose outside their original design parameters). the punters won't notice.
Screw you all! I'm off to the pub
Does anyone know if PPC chips have "Trusted Computing" components built into them? With the G5 becoming more prevalent in Apple's product line, and being manufactured by IBM, I wonder if Apple would hop aboard. My PowerBook is fairly new and I won't have to upgrade for a few more years but this worries me a bit. Hell, I started using a Mac to get away from Windows Activation and all that crap in the first place.
I like big butts and I cannot lie.
The main problem, as I see it isnt even with using this kind of technology fro copy protection - its the changes in software licensing that will come as a result of this. Think windows XP activation is a bitch? imagine quicken refusing to install because your new laptops trust chip is different... :(
"Putting the data in the system's hardware makes it more difficult for hackers to access, according to National Semiconductor."
If the system software can access it, so can a hacker.
Ignorance is curable, stupid is forever.
Urm ... What happened to the old saying "Trust is something you earn" ?
In my book money cannot buy trust. And just because somebody slaps the name "trusted computing" on a piece of silicon it does not mean that I am going to "trust" it without question- even if they are being shipped by IBM (who can do no wrong!)
I also have an issue in that who's trusting who here ? IBM ? the computer hardware ? the software ? or me?
I dont need a chip to tell me that i can trust myself, thats for sure!
Nick
Electronic Music Made Using Linux http://soundcloud.com/polyp
I can assure that no processes run on my machines that I didn't authorize now. It's when I can't run any processes on my machines that Bill doesn't authorize that we have a problem. You can cry "tin-foil hat" all you want, but where this technology ultimately leads is to DRM locked-down boxes that won't run anything not signed by an endorsement key from an "authorized" developer.
When did Slashdot gain the ability to see the future? While I know we disapprove of "trusted computing" and similar systems, and for good reason, for a blurb wanting to talk about balance, that's a pretty damning statement. Trusted chips can be used to lock down software stop users, not will. We're still early in the game, and damn if we don't have any influence, but that future is still a long way off. How about instead of just bitching about "trusted computing" we start to drive it towards something that's mutually beneficial: something that allows businesses to exert power over their internal affairs(locking down documents and such), and something that lets users exert power, such as locking down systems against worms, viruses, and spyware?
The book on trusted computing hasn't been written yet, let's not call it before it's done.
I wonder how long it will be until everything contains trust chips.
I was thinking about this earlier last week, and made a decision I'll try to stick with - I'll get the most cutting edge PC I can that doesn't contain any builtin DRM, and then see how long I'll last.
Except for games, I think I can last quite some time. As it stands, the only thing I need a lot of extra horsepower for is gaming. I don't mind waiting an extra bit of time for a program to compile, and everything I use now works fine even on an old P3 667. If push comes to shove, I'll just game on a console and do my compiling on a stand alone machine.
The only 'bite me in the ass' possibility is if they start building hardware (video cards, hard drives, ram, etc) that demands the use of this DRM chipset, then I'd be screwed. If not, I bet I could push my next PC purchase out to easily over 5 years.
Looking for hardware (Currently need: Large Etch-a-Sketch) Have one? See my journal!
As this is something new that PC users might not expect, I wonder if IBM is taking any effort to educate purchasers about the "new functionality." While people might like to know that this might help stop the evil hackers, they should be told that software might stop functioning like they want (assuming the user does something bad, like use pirated copies). I can imagine the increased tech support calls arising from this...
Good.
Instead of encouraging people to break the law (pirate software, etc) - I wish more people would choose software that _grants_ them the right to use it as they see fit.
I wish everyone in the world had to pay full price for Microsoft and Adobe software instead of copy it or buy cheap pirated versions. Then people would start recognising the value of Free Software.
Until then, pirated windows is probably the strongest competitor Linux faces.
trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to per
My god, you can see the future too? I thought it was just me! How long have you had the gift?
[/sarcasm]
Seriously, the chips the article is talking about are completely user-controllable. If they don't want to take advantage of the functionality, they don't have to. Did you even read the article? It talks about how the chips facilitate encryption and secure storage of passwords and other sensitive information, not controlling what the user does with their computer.
Making vague, unverifiable assertions about the possible applications of a technology that could potentially be derived from this one is nothing but FUD.
This space intentionally left blank.
While vendor lock-out is definitely a threat, it's not a terrible threat because amateur developers are such a key part of the industry, and always will be.
What concerns me much more is the stuff that's going to start happening when "trusty" computing becomes ubiquitous, if it ever does. More and more important transactions and secret info exchange will take place over the net. and of course you know the government doesn't allow good encryption for "national security" reasons.
the article talks about the security and encryption being in hardware rather than software as though that was some sort of improvement on it, but who wants to replace their hardware as soon as some 1337 5kr1p7 k1d5 figure out an exploit? and it's only a matter of time.
on the other hand this is one of the few technologies that could permanently cure the world of spyware (the other obvious one being dumping windows altogether.). of course with every new anti-spam technology, the spammers are the first on board, so I imagine the industry will sell out again and no good will come of it.
This comment is fully compliant with RFC 527.
It seems that manufacturers and publishers are just determined to alienate the consumer with this kind of shit. The only way to stop it is to take their profit out of it. Just say no with your pocketbook. They'll get the message sooner or later, assuming they don't pay off some politicians and get a law passed to make DRM mandatory. Oh wait... we're screwed.
When all else fails, run.
ok, so IBM is shipping those machines... but does anyone think that IBM could use those chips eventually to block WINDOWS from being installed on them? look at the bright side, we may end up with a 'LINUX ONLY' line of machines... Big Blue is pro-open source, as it's showing in the SCO lawsuit and elsewhere... So, I wouldn't worry too much about it... yet.
---- I am certain of only one thing : I know nothing else.
If these silly licenses will finally be enforced, people will start to demand software that they legally own the rights to - as opposed to simply stealing it from work.
The best thing that could ever happen to Free Software would be if people were no longer able to steal software from their companies an no longer able to buy cheap pirated versions.
Finally the general public would understand what the Free Software movement is all about.
Knowing how exposed most software is to things like worms, it would be very easy with powerful control hardware to lock people out of their systems without actually damaging the system. One of the things I find very interesting is how does one go about preventing a worm from rewriting certain parts of Windows and user apps so that they think the trusted hardware is either not present or does not let the user do what they are trying to do?
If after a year and incredible amounts of money spent on R&D, Microsoft cannot really slow down the spread of worms, how can they write an operating system that cannot be totally mindfucked by a worm that twists how Windows deals with the trusted hardware? So maybe Microsoft requires code signing, who is to say that someone isn't going to find a way to spoof a real code signature so that the worm appears to be Microsoft?
My money is the proposition that they'll try it, it'll work great for 3-6 months then people will start writing worms that target trusted systems and that totally ruin them. Then it will be a big flop within 2 years. IBM, Microsoft and other companies need to realize that the human component of security simply cannot be automated. Despite all of their attempts at real security, Microsoft cannot deal with the fact that the single greatest security hole in its OS is the user that never patches and that thinks it's not cool to remember what they aren't supposed to do to avoid getting worms and other hacks.
And if it doesn't work, just stock up on as much pre-trusted hardware as possible and put it into a closet for safe keeping....
Click here or a puppy gets stomped!
My main problem with "trusted" computing is the fact that it could lock out software that the manufacturer of the computer deems "not trustworthy." But, what does "not trustworthy" mean? Could some manufacturers use this technology to further entrench the Windows monopoly by locking me out of my "not trustworthy" Linux or *BSD disks? I could just think of the things that MS could do, such as force its vendors (Dell, HP, Gateway, etc.) to only ship "trusted" computers. I know, I know, I might be paranoid here, but I'm just saying that this is possible.
Michael, I'm afraid you're mistaken. No processes will be allowed to run on your machine that *Microsoft* or a similar vendor did not specifically authorize. This means that the boot loader can be signed to prevent you from running a non-Windows operating system, a CD or DVD or hard drive disk can be signed to prevent legal and authorized duplication for what is legal home copying, and emulation software such as OpenOffice can be prevented from making the system calls to open data files generated with Microsoft Office, helping keep the Microsoft monopoly locked up.
Moreover, it can prevent experimenters from being able to design new drivers and software tools to work with the crypto-authorized hardware without spending very large amounts of money on development tool suites with frankly larcenous intellectual property agreements.
This development is potentially extremely nasty: while we're somewhat paranoid about it, the history of abuse of standards to lock customers into their monopoly justifies extreme concern about what Microsoft might do with these features.
Suppose that I back up my data and then my motherboard dies. Now I can't restore my backed up data because the new computer doesn't trust it or it doesn't trust the new computer.
I remember a time when software vendors made it impossible to back up 5 1/4" disks by physically damaging them. The customers reacted by not buying their software and they backed off. I also remember a very early version of XP that wouldn't let you change any part of your computer without phoning Microsoft for a new key. Customer reaction was such that XP is much easier to deal with now.
It also occurs to me that if the trusted computing chip keeps legitimate software from running then that is restraint of trade.
The attempt is futile because every attempt to prevent illegal copying has been defeated. Some Taiwanese engineer will design a hardware addon to enable the customer to illegally copy the software.
The only way to protect the trust chips is to obtain a federal injunction (from a judge) barring hardware hackers from circumventing the hardware anti-piracy chips. However, those injunctions apply only to the USA. The Taiwanese engineers will gleefully ignore the injuntion -- as is their wont. The Chinese in China (including Taiwan province and Hong Kong) routinely ignore Western standards and custom.
After all, China is the software-piracy capital of the world. The piracy rate exceeds 91%.
At the moment, its just too easy to pop the CD in, or download something you only want to use this one time.
If that one time _really_ did cost you the $400, its suddenly not the package for you, is it?
Example - The missus complains that she doesn't want to use or understand Linux, so what do we have to do, we have to install that nasty stuff - but we shouldn't fork out the list price of $900 for the software - O no. You're in IT aren't you, you can easily grab a copy from work .....
TCPA (the chip that's in these PCs) is simply a Crypto co-processor. It provides acceleration for common crypto algorithms and it also provides a tamper-resistant storage location for keys. IBM maintains an Open Source implementation for the processor.
There's already been really neat things done with the chip like a truely secure version of Linux that's entirely tamper proof (this is doing by signing the kernel and boot loader with the TCPA.
Put away the foil hats people, this is actually really cool innovative technology that so far has given Linux an edge in the security world over Windows.
int func(int a);
func((b += 3, b));
You bet I can. I run only Free Software!!!
:-)
Personally I am not opposed to the trust chip technologies because I think that we are to the point now where the interests against extending copyright protections are stronger than those for it. I also think that such trust chips may allow many new applications which we can't think of today in the Free Software world.
One trend I think people often fail to understand is that freedom from EULA's becomes more appealing the more the mainstream technologies become encumbered. If Microsoft wants to fight their users, great! We welcome the refugees
LedgerSMB: Open source Accounting/ERP
Yes, it's already here in mobile phones and it's already been used to cripple a perfectly good handset's bluetooth stack meaning images can only be sent over the cell network at an extortionate data rate rather than being beamed straight across the gap between two bluetooth phones. I think I'll take my chances on the viruses thanks. BTW, I'm running some nice open source apps on my P900 which I doubt would've been created if they needed signing (maybe why I can get apps for my SE P900 but I never could for my T610) - hell, even Opera Mobile Browser came up with an 'unsigned code' warning when I installed it, but I can click 'install anyway' on the Symbian model and I'm quite happy with that - there's no override on the T610.
The hardware doesn't enforce crap. It provides a layer that can't be modified by software (ie: "trusted") to perform certain operations invoked by software.
Man, did anyone read the article or check out how IBM markets them on their webpages? These things are for encrypting documents, passwords, storing things you don't want people to get to easily. I've sat through a few seminars and presentations from IBM and how they tout this is to protect your DATA from other people, not protect a copyright holder from you.
As a rock-in-roll Physicist once said, No matter where you go, there you are.
The whole point of "trusted computing" is that your computer trusts some other entity more than the user or administrator of that machine. If you had the encryption keys to make anything you wanted work then it would be a good thing, but that would defeat the purpose MS et al. have designed it for.
Trusted computing means your computer doesn't trust you. Personally, I'd find it rather hard to trust my computer in such a situation.
At best this will mean owning two computers; one which doesn't trust you (but which Microsoft does trust), and one which you can trust. I just hope the machines we can use to run code we can trust (ie open source) won't become prohibitivley expensive or even illegal (and you can bet the **AA et al. will want *every* machine sold to trust them more than you).
Chernobyl 'not a wildlife haven' - BBC News
should be reading John Walker's Digital Imprimatur to see what its real purpose is.
This sounds like a nice idea until you find out that the hardware manufacturers are working with the software vendors, and will prohibit you from installing anything other then what *they* approve..
Approval wont techincally be 'restricted', but you will have to go thru a approval process, which wont be cost-free.. ( just look at getting ISO certification.. its not cheap )
So, that means little LEGAL free software will run on your 'trusted PC', as the cost of 'certification' ( as well as the rules and regulations you must follow for approval ) will be far to high for an OSS project to afford.
In the end, its got little to do with piracy, and more to do with control.
---- Booth was a patriot ----
If trusted computing does become a reality, I hope that it is successful in enforcing one thing... preventing the pirating of large commercial applications like Photoshop, MS Office, and Windows itself. How many "Joe Users" do you think would actually be using MS Office if they actually had to PAY for it? I'm sick of my friends/collegues saying, "Why would I use The Gimp or Openoffice for free when I can use Photoshop or MS Office for free?". I'd like to see how quick they are to dismiss OSS alternatives when they actually have to PAY for the software they are so used to stealing.
I'm not saying that Trusted Computing isn't without a myriad of faults, I just think it will be a big eye opener for the general populus when they realize how much they would be getting ripped off if they were actually playing by the rules.
What do you think?
The story said:
It should be noted that what we're really talking about is preventing the computer's owner from doing things that Microsoft and their allies (such as the MPAA) don't want to permit.The computer manufacturer, such as IBM, is largely irrelevant, except to the extent that they may eventually offer hardware that will refuse to run operating systems they don't approve of. Since IBM supports Linux, it doesn't seem likely that they will build machines that can't run Linux, but many other vendors have hitched their wagons more firmly to Microsoft.
Seriously: we have this already. We have the Playstation 2, we have the X-Box, we have (name your favourite piece of controlled hardware here). Both of them incorporate something that could be called "trusted computing". If it ain't signed properly - it ain't trusted - it ain't run.
Few consumers accept(s/ed) this and buys a modkit to solve the problem. Same way it will be for the IBM hardware.
Maybe this even has a more negative impact for software sales than they envision:
If software manufacturers rely on this piece of technology to protect their investment completely (as with XBox and PS2), their software is going to go just as easily as buying the modkit. And because their software get's spread more easily (any person with a modkit can copy their software), they will lose more money - and need larger margins to keep afloat, which leads to a spiral of less software sales. Thus, in the end, noone but large players will stay behind.
I vote for a namechange:
Trusted computing becomes Assured economic software failure...
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
If this prevents the computer illiterate people from running malicious software (which probably makes up 99% of the world), I'm all for it. If you think this can be used to prevent legitimate software from running, I wouldn't be worried about it. How quickly do you think an anticompetitive lawsuit would be filed if that happened? There's a good chance this feature can be enabled/disabled (preferrably not programmtically).
Oh, like THAT will take the virus/worm writers all of 3 minutes to work around...
They'll just make the same mistakes in the hardware/firmware as they do over and over again in the software. Nothing will change, other than the less technically savvy losing more of their computer to the manufacturers and developers.
I work for the Department of Redundancy Department.
> This means that the boot loader can be signed to prevent you from running a non-Windows operating system,
Although I fear that as much as the next guy, actually I trust that having a windows-only boot loader would be such a clear sign of monopolistic behaviour that even Microsoft wouldn't get away with it in court.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
Since none of the big time hardware makers also make major software, why the heck do they give a second thought about software piracy issues at all?
And exactly why is AAC's DRM "less evil" than WMA's DRM? Because it is made by Apple and not MS??!?!
Anyone else like a big slice of bias with that? Anyone?
While trusted computing for general purpose home PCs is a dangerous concept for civil liberties, trusted computing does have places I think could be very useful.
Corporate PCs and servers. With a hardware enforced trusted computing policy, it will be much harder for users to bork the corporate network by installing a virus and spyware ridden warez game or weather bug thing.
Safety critical systems could also benefit, to prevent user modifications that could cause the system to operate in an unsafe manner.
Trusted Computing certainly isn't a cureall even in these cases, but its not a completely evil thing. It does have legitimate uses.
"Since the article mentions none of the downsides, we should: trusted chips will eventually be used by software manufacturers to make sure the computer's owner does not do anything with the software which the manufacturer does not want to permit."
Then people will start choosing the software that does permit them to do what they want. Might be a downside for uninformed users in the short run, but seems like a good thing in the long run.
If you want to know more about the difference, you can read an article about it here.
Given this particular definition, "trusted" is exactly the right thing to call this sort of hardware, although perhaps "blindly trusted computing" would be better.
There'll be a nice licensing scheme for the key.
Which will first be incompatible with Open Software (licences) and second cost so it can't be included in freely distributed software.
Microsoft, Adobe etc. will just hold up their hands, it's not *their* fault this 'free' software will not run...
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
to those students out there studying computing? or those independant software developers?
Will these chips suddenly stop any written program from working unless 'signed'?
What will they do to let peoples program as usual? special compilers which auto-sign programs for them?
And what happens if one of those suddenly got out to the rest of the world. all programs which are signed from it get blocked?
hypotheticaly, what happens if such a compiler from say, Microsoft got out. would they block ALL microsoft products?
I think not. The potential for abuse of this system is staggering, and its ultimate worthlessness is astronomical. All it takes is for the system for 'signing' such programs to 'escape' ( or be rescued, depending on your point of view ) from a major software developer , and the whole thing is worthless.
But trusted computing to the OSS world really means that no processes will run on my machines that I didn't specifically authorize
You are running processes on your OS operating system, that you DIDN'T authorize?! WTF!
By the way, even with Trusted computing, buffer overruns, and exploits will still happen.
Sure, after you've inserted your national ID into the smart card reader.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
IBM has had these Security chips available in their machines since 1999. I remember PII's with them built in.
All these are designed to do is interface with an IBM software product to encrypt files using a Hardware chip, do on the fly disk and network encryption and other security related protections that you couldn't do practically with just a CPU software solution.
Specificially, If you have a Thinkpad there's a good chance it has one of these right now. This was one of their selling points that if the System was ever stolen they couldn't get access to any of the data because it's all encrypted to the physicial hardware itself and only the original laptop could access it.
Their site for the current data on their security chip is here
This new chip definetly looks more advanced, and could possibly be used for DRM purposes, but in the end its going to do the same things as the older hardware and the older hardware could be used for the same thing.
In Soviet Russia, Trojan exploits YOU!
I'm not a "computer wizard" but isn't ALL of the data already stored in the hardware? Where else does one store their data? The Ether?
Normaly data is "in the hardware", but you can pull it up on the screen and see it and change it. It's not normally locked within the hardware and inaccessible.
The point of Trusted Computing is that there is a secret key locked inside a single chip and it never leaves that chip. You, the owner, are forbidden to see this key or to use it except in the way they permit you to use it.
And this key is used to lock (encrypt) pretty much all of the other data on your computer. You cannot look at or P2P your music files. You cannot even PLAY your music files, except in the manner the chip permits you to. Once you turn on the chip the chip owns your machine. It's not your computer anymore and you can't do squat except what other people specificly permit you to do.
And if you choose not to turn on the chip, well then none of the new software and files and websites work at all. You may ultimately be denied internet access unless you submit.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
If the system software can access it, so can a hacker.
The entire point of Trusted Computing is that the system software CANNOT access it. No software can access the data except the exact and unmodified software to which it was bound.
When you start a program it hashes that program. The chip uses that hash to create a decryption key. If you change the software you change the hash. If you change the hash you end up with a different and useless decryption key.
And another part of the new hardware is that even the operating system will be unable to look at the memory belonging to a Trusted program.
You can't get at the data without the original program, you cannot modify the original program, and no other software can peek at that program's memory. Depending how they implement the hardware the RAM itself might even be encrypted, so even a hardware attack would be useless unless you could break into the self-destructing CPU itself.
There is a damn good reason they are spending billions on this new system. It simply is not vulnerable to all of the usual attacks. It's not your usual futile DRM scheme. This is a plan to change the fundamental nature of computers, to deny you ownership and control of your own machine.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
It aims to describe the difference between TCPA, MS Palladium and DRM, and explains what TCPA is usable for (crypt personnal data, store passwords,etc.), and what TCP is unusable for (restrain software execution).