DRM Tinkering with Intel's PXA270?

putko asks: "Intel has a new line of chips with DRM built in. This appears to be the very first DRM-enabled chip to hit the streets. This microprocessor is unlike others available, because the user doesn't have complete control over the thing, and your computer can (theoretically) betray you. For a while now, there have been computers (IBM ThinkPad) that won't boot unless you give the password, but you could always rip out the hard drive and read it, right? With this chip, the keys and RAM are on the chip, and the flash is encrypted, so this really looks locked up tight. Has anyone worked with this chip, and is possible to build your own device that uses the Intel Trusted Wireless Platform to protect your secrets (like your software, perhaps)?" "I'm reminded of this due to Slashdot's recent story on the iPAQ, which uses the chip (and has some neat security features too). Somewhat surprisingly, nobody brought up the Doomsday scenarios, there. It should also be mentioned that there are companies selling incredibly tiny boards for it. Maybe you can run Linux on them?

Wouldn't it suck if the chip had the capabilities and you couldn't use them in your own projects -- e.g. if that was just reserved to big companies like Microsoft? On the other hand, if you can use the features, you might see some neat applications. Assuming you can program the DRM stuff, how do you avoid locking yourself out of the chip while developing? What extra pitfalls may developers run into using it?"

How to cook a toad

[Sanity]

You throw the toad straight into the pot of boiling water and it will jump straight out, but put it in a pot of cold water and slowly increase the heat, and the toad will be boiled to death.

We should be wary of *any* move towards turning computers from our servants into our prison guards.

DRM: Digital RESTRICTIONS Management

[MCRocker]

I was amused to see that in a recent interview with Richard M. Stallman he referred to DRM as Digital RESTRICTIONS Management.

Although I'm not a big fan of spin, the current political climate makes renaming things with misleading names a necessity. When you say "Digital RESTRICTIONS Management", it makes it fairly clear that it's a technology aimed at limiting personal liberties.

P.S. Yes, I know this is a repost, but...

Re:Welcome to hell boys!

[Alsee]

we just need to take a TC and set it up as a router and connect our real computer to it

However with Trusted computing:
(1) you cannot connect to the ISP at all unless you are running the mandated and unaltered software. That would include a firewall that restricts what data you can send. If they like that software can prevent your computer from accepting any local network connection, except from another Trusted computer. Any data sent to the ISP and out to the internet must go through that firewall and must be encrypted.

(2) Even if you do manage to pass the data through, your non-Trusted computer will be entirely locked out of an increasing number of ordinary websites. One of the biggest drivers of this will be the advertizing motivation - my encrypting the website and only being viewable on a Trusted machine and with an approved Trusted webbrowser, it becomes impossible to run any sort of pop-up blockers or ad blockers. Any attempt to block the advertizements renders the website unviewable. They can also make it impossible to copy images or text or anything else from the site. They can block "deep linking". They can prevent other sites from "leeching" their images and other files. They can enforce any sorts of terms of service they like.

the idea that it will only run programs allowed to be run ... It will once again fail.

That's a myth/misunderstanding, and it is absolutely not a reason for it to fail.

Their plan is quite insidious. Their number one priority is that there is absolutely no reason not to have a Trusted computer. A Trusted computer can do absolutely anything a non-Trusted computer can do. A Trusted computer can run absolutely any software a non-Trusted computer can run.

Software does not need to be "approved" for it to run.

A computer with a Trust chip is like a coputer with speakers. You can simply pretend the speakers / Trust chip aren't there, and it's exactly the same as a speakerless / non-Trusted machine.

So long as you don't activate the speakers / Trust chip, you have a plain old computer. However the moment you activate the Trust chip you go into a special "handcuff-mode" and you no longer own your computer.

So why would you ever go into "handcuff-mode"? Because the new Trusted software and Trusted media files and Trusted websites (and eventually Trusted ISPs) will only work in handcuff-mode. They will not work at all on a normal computer. So you have three choices. (1) Stick with an old computer, and none of the new stuff works and you eventually get locked out of the internet completely. (2) Get a new Trusted computer, but refuse to activate the Trust chip, and none of the new stuff works and you eventually get locked out of the internet completely. (2) Get a new Trusted computer, activate the Trust chip and "volountarily" wear the handcuffs and lose ownership of your computer, and all of the new stuff works (in handcuff mode).

-