Slashdot Mirror

← Back to Stories (view on slashdot.org)

DRM Tinkering with Intel's PXA270?

Posted by Cliff on from the don't-refuse-me dept.

putko asks: "Intel has a new line of chips with DRM built in. This appears to be the very first DRM-enabled chip to hit the streets. This microprocessor is unlike others available, because the user doesn't have complete control over the thing, and your computer can (theoretically) betray you. For a while now, there have been computers (IBM ThinkPad) that won't boot unless you give the password, but you could always rip out the hard drive and read it, right? With this chip, the keys and RAM are on the chip, and the flash is encrypted, so this really looks locked up tight. Has anyone worked with this chip, and is possible to build your own device that uses the Intel Trusted Wireless Platform to protect your secrets (like your software, perhaps)?" "I'm reminded of this due to Slashdot's recent story on the iPAQ, which uses the chip (and has some neat security features too). Somewhat surprisingly, nobody brought up the Doomsday scenarios, there. It should also be mentioned that there are companies selling incredibly tiny boards for it. Maybe you can run Linux on them?

Wouldn't it suck if the chip had the capabilities and you couldn't use them in your own projects -- e.g. if that was just reserved to big companies like Microsoft? On the other hand, if you can use the features, you might see some neat applications. Assuming you can program the DRM stuff, how do you avoid locking yourself out of the chip while developing? What extra pitfalls may developers run into using it?"

24 of 412 comments (clear)

  1. Welcome to hell boys! by garcia · · Score: 4, Interesting

    I have been writing/ranting on this topic for quite sometime on Slashdot (see here, here, and here). My worst predictions are coming true. In order for DRM to work it needs to be embedded in the OS, the BIOS, and various pieces of hardware.

    Yeah, there is a possibility that non-DRM'd pieces of hardware (including LinuxBIOS) will have a market but the vast majority of people want stuff to work and work w/o problems. Microsoft, Intel, Phoenix, etc, will all tell everyone that they will end viruses, worms, trojans, spyware, etc if they just use their hardware solutions.

    Yeah, well, that's great and all but you won't be doing anything on the net unless you are running trusted hardware. People's arguments that an "alternative" network will show up to solve that is bullshit. Just wait till your online banking, your taxes, and your foo are all on the "secure" Internet.

    Nevermind that, but it may become illegal (through creative lobby) to own and operate an unlicensed/unprotected piece of hardware. Enjoy finding an ISP that will let you connect.

    While this particular CPU might only find a niche market and may very well flop completely, I have a feeling that we will start seeing more and more of this sort of product coming out of the hardware giants. Who knows, maybe my paranoia will be justified?

    1. Re:Welcome to hell boys! by savagedome · · Score: 4, Funny

      Who knows, maybe my paranoia will be justified?

      Is it paranoia if they are really after you?

      --


      Free XBox, PS2
    2. Re:Welcome to hell boys! by Beltendu · · Score: 5, Informative

      Thing is, it's already showing up. I've seen the PXA270 as the processor in a number of PDAs already, including ones I was showing some interest in. And yet there's NO mention of any special DRM functionality in the processor in the advertising or even during the process of purchasing one (examples include Dell's new x50 and x30 series, and a number of HP's iPAQs). I haven't seen mention of DRM functionality in any reviews yet either, which makes this the first I've heard of it.

      Good to know, though. Time to go look into it a little closer and see if anyone plans on putting out a PDA with a VGA screen and a different processor. Today, AFAIK, the only VGA capable models all use the PXA270.

    3. Re:Welcome to hell boys! by el_gordo101 · · Score: 4, Informative

      Do you really tink IBM will let the PowerPC chips fail because of Intel phoenix and Microsoft working together? Do you think AMD will roll over and die?.

      IBM and AMD are also part of the whole Trusted Computing "initiative". From TFA: http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html

      --
      TODO: Insert witty sig
    4. Re:Welcome to hell boys! by iminplaya · · Score: 5, Interesting

      Home users will complain that things don't work correctly.

      Home users might find that this will be the first "computer" that does work correctly out of the box. This will be the computer appliance that they're looking for. The "hood will be welded shut", and that will be just fine with most users. Real computers will become the hobbyist's toy, just like short wave radio. Just as we have less people that know morse code, we will have less people that can work a keyboard. It will look like a McDonalds cash register with lots of pretty buttons(or more likely a touch screen), and will probably only connect to shopping sites.

      --
      What?
    5. Re:Welcome to hell boys! by M.+Baranczak · · Score: 3, Insightful

      Home users might find that this will be the first "computer" that does work correctly out of the box.

      No, we've had those for a number of years now.

    6. Re:Welcome to hell boys! by Alsee · · Score: 4, Insightful

      we just need to take a TC and set it up as a router and connect our real computer to it

      However with Trusted computing:
      (1) you cannot connect to the ISP at all unless you are running the mandated and unaltered software. That would include a firewall that restricts what data you can send. If they like that software can prevent your computer from accepting any local network connection, except from another Trusted computer. Any data sent to the ISP and out to the internet must go through that firewall and must be encrypted.

      (2) Even if you do manage to pass the data through, your non-Trusted computer will be entirely locked out of an increasing number of ordinary websites. One of the biggest drivers of this will be the advertizing motivation - my encrypting the website and only being viewable on a Trusted machine and with an approved Trusted webbrowser, it becomes impossible to run any sort of pop-up blockers or ad blockers. Any attempt to block the advertizements renders the website unviewable. They can also make it impossible to copy images or text or anything else from the site. They can block "deep linking". They can prevent other sites from "leeching" their images and other files. They can enforce any sorts of terms of service they like.

      the idea that it will only run programs allowed to be run ... It will once again fail.

      That's a myth/misunderstanding, and it is absolutely not a reason for it to fail.

      Their plan is quite insidious. Their number one priority is that there is absolutely no reason not to have a Trusted computer. A Trusted computer can do absolutely anything a non-Trusted computer can do. A Trusted computer can run absolutely any software a non-Trusted computer can run.

      Software does not need to be "approved" for it to run.

      A computer with a Trust chip is like a coputer with speakers. You can simply pretend the speakers / Trust chip aren't there, and it's exactly the same as a speakerless / non-Trusted machine.

      So long as you don't activate the speakers / Trust chip, you have a plain old computer. However the moment you activate the Trust chip you go into a special "handcuff-mode" and you no longer own your computer.

      So why would you ever go into "handcuff-mode"? Because the new Trusted software and Trusted media files and Trusted websites (and eventually Trusted ISPs) will only work in handcuff-mode. They will not work at all on a normal computer. So you have three choices. (1) Stick with an old computer, and none of the new stuff works and you eventually get locked out of the internet completely. (2) Get a new Trusted computer, but refuse to activate the Trust chip, and none of the new stuff works and you eventually get locked out of the internet completely. (2) Get a new Trusted computer, activate the Trust chip and "volountarily" wear the handcuffs and lose ownership of your computer, and all of the new stuff works (in handcuff mode).

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  2. Obligatory 2001 reference... by Lead+Butthead · · Score: 5, Funny

    Joe Blow: Open warez site please
    PXA270: I am sorry Joe, but I am afraid I can't do that...

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  3. Take a deep breath and relax... by wowbagger · · Score: 4, Interesting

    ... because this is nothing new.

    First of all, this is an *EMBEDDED* processor, not an x86-class CPU. It may be used in PDAs and the like, but it is not going to be running your desktop anytime soon.

    Secondly, embedded devices with encrypted onboard flash are nothing new - they've been around for years.

    --
    www.eFax.com are spammers
  4. Oops. by Darth+Muffin · · Score: 4, Funny
    "Has anyone worked with this chip, and is possible to build your own device that uses the Intel Trusted Wireless Platform to protect your secrets (like your software, perhaps)?"

    Yeah, I had all of that info you're looking for... but I forgot the password on that system ;)

    --
    Real programmers use "copy con program.exe"
  5. Your own trusted platform wtf?? by t_allardyce · · Score: 3, Funny

    More to the point.. how do you hack this good for nothing piece of shit?

    --
    This comment does not represent the views or opinions of the user.
  6. Two words.... by Lodragandraoidh · · Score: 4, Interesting

    Can anyone say 'Clipper Chip'?

    Remember what happened to that brilliant idea? This is it in a new guise, this time reborn to lock-in traditional media.

    Never fear, either too many objections will be raised to make it viable in the marketplace, or some smart person will figure out how it tics...

    --

    Lodragan Draoidh
    The more you explain it, the more I don't understand it. - Mark Twain
  7. From Intel's White Paper by acvh · · Score: 4, Informative

    Trusted Boot ROM - will ensure that the OS being booted is the one that the manufacturer installed. No more installing NetBSD on your pocketsized wireless gizmo.

    Media DRM - files can be created to work only with the OS, ROM and disk in the unit, and only for a specifed length of time.

    The features seem to be directed at wireless carriers and content providers, to prevent unauthorized use of their networks and content. So, if you don't like it, use other vendors.

    1. Re:From Intel's White Paper by Billly+Gates · · Score: 3, Interesting

      There are really no other vendors in the cell phone area.

      Think about it?

      If you were the CEO of some cellular company you could make a fortune if you had money from every single app written for your phone. Worse you could charge your users fees if they ever want to install software and you can make even more money!

      Why do you think the Xbox is drm locked and encrypted? Its so Microsoft can make more money at the expense of the market.

      RMS may be a little off the wall with proprietary software taking away freedoms but proprietary hardware is the real threat.

      We should put our efforts to fight this.

      Just the other day here on slashdot there was a story on DRM being added to dvd standards. Why? Broadcast flags are now requried for the FCC by June. Its insane and our whole openess and ingeuinity of the internet itself is in danger.

      We have to do something in orde to protect ourselves. Perhaps a NRA for computer hobbiests might be in order. We have no lobbiests on our side.

      --
      http://saveie6.com/
  8. How to cook a toad by Sanity · · Score: 4, Insightful
    You throw the toad straight into the pot of boiling water and it will jump straight out, but put it in a pot of cold water and slowly increase the heat, and the toad will be boiled to death.

    We should be wary of *any* move towards turning computers from our servants into our prison guards.

    1. Re:How to cook a toad by Angst+Badger · · Score: 5, Interesting

      You throw the toad straight into the pot of boiling water and it will jump straight out, but put it in a pot of cold water and slowly increase the heat, and the toad will be boiled to death.

      This is off-topic nitpicking, but real toads will jump out of the pot as soon as they get too warm. This is pretty much true of all amphibians and reptiles. Lacking the ability to thermoregulate internally, cold-blooded animals instinctually move toward and away from heat sources as necessary. When, for example, a lizard is too cold, it will move into the sun to bask. When it starts to get too warm, it will move back into the shadows.

      It's warm-blooded animals that are susceptible to this trick because they lack the necessary instincts. If you want to cook a human for example, you put him into a hot tub and slowly crank up the temperature. Long before you reach the boiling point or even any discomfort, he will pass from heat exhaustion to hyperthermia, and finally into unconsciousness, seizures, and organ failure. Read the warnings in a hot tub owner's manual sometime, or ask your friendly neighborhood paramedic how often failure to RTFM requires them to fish dead guys out of their hot tubs.

      So really, all this "how to boil a frog" nonsense really out to be "how to boil an end user". ;)

      --
      Proud member of the Weirdo-American community.
  9. When pigs win the X Prize by mikebelrose · · Score: 3, Insightful

    I wouldn't get too worked up, it's just another exercise in futility from the DRM people. You think they'd have learned by now that any programmable computer is inherently hackable. Any DRM can be removed or forged, the system would have no way to tell the difference between my home movies and a pirated copy of Pirates of Silicon Valley. Just as an example, what is to stop me from running an emulator or virtual machine, and then playing my DRM free media on such a system? How would it know it was running untrusted code if all it saw was javaw.exe?

  10. Inaccurate statement about the Thinkpad by xplosiv · · Score: 3, Interesting

    "For a while now, there have been computers (IBM ThinkPad) that won't boot unless you give the password, but you could always rip out the hard drive and read it, right?"

    If the password for the hard drive is set, you won't be able to move the drive to another system or it will look like the drive is dead. If you do know the master password and try it in another system, I believe it will wipe out the drive, it's pretty secure, and the main reason I use ThinkPads.

  11. My prediction by mrjatsun · · Score: 3, Insightful

    Microsoft requires all PC sold with Windows XYZ to use a Trusted Boot ROM. The Trusted Boot ROM verifies the Windows license is valid before booting. Whoops, you mean your PC won't boot Linux because it doesn't have a valid Windows license. What a unforseen side effect!

  12. DRM: Digital RESTRICTIONS Management by MCRocker · · Score: 5, Insightful

    I was amused to see that in a recent interview with Richard M. Stallman he referred to DRM as Digital RESTRICTIONS Management.

    Although I'm not a big fan of spin, the current political climate makes renaming things with misleading names a necessity. When you say "Digital RESTRICTIONS Management", it makes it fairly clear that it's a technology aimed at limiting personal liberties.

    P.S. Yes, I know this is a repost, but...

    --
    Signatures are a waste of bandwi (buffering...)
  13. Just another instruction set feature by ALecs · · Score: 4, Informative

    The company I work for has been working on a PXA270 board for a while now. I seriously doubt this chip will flop, since it's a MUCH NEEDED speed boost to Intel's ARM CPU line for embedded/handheld devices.

    Besides that, it's a great chip! 600+ MHz, low power like their previous PXA CPUs and plenty of features.

    This DRM feature is just another optional feature for designers to use. Right now, I don't see any real reason most designers would use such a feature set. They have no incentive to just lock-down a system willy-nilly. It won't generate any new sales.

    And yes, we are running Linux on this chip. :)

  14. Re:How to cook a toad - WRONG!!! by The+Pi-Guy · · Score: 5, Informative

    I'm a developer for these chips, and I have to say, this is much ado about nothing.

    This has been said before - the primary goal is to get the board part count down.

    The primary goal is to get the board part count down.

    Let me reiterate once more: The primary goal is to get the board part count down.

    With this chip, the only thing that it means is that you don't need o include a flash chip on the board.

    The system will still be reflashable through a JTAG interface - just as any other device with flash connected to a CPU would be. In that respect, this machine is no more holding us "hostage" than any other previously released iPAQ or Zaurus.

    I thereby declare you, sir, to be talking out of your ass.

  15. Re:From the "Ten Immutable Laws of Security" by Wesley+Felter · · Score: 3, Insightful

    Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore

    This is not correct if your OS supports confinement. It's a bad sign when the first item in the list is wrong.

  16. Re:How to cook a toad - WRONG!!! by asdfghjklqwertyuiop · · Score: 4, Interesting

    This has been said before - the primary goal is to get the board part count down.


    How about leaving out the DRM circutry? That sounds like a pretty effective and easy way to get the part count down.