Slashdot Mirror

← Back to Stories (view on slashdot.org)

TCPA Support in Linux

Posted by CmdrTaco on from the trust-no-1-or-something dept.

kempokaraterulz writes "Linux Journal is reporting that "The Trusted Computing Platform Alliance has published open specifications for a security chip and related software interfaces.". In the latest Gentoo Newsletter they talk about a possible 'Trusted Gentoo', and possible uses for hardware level security."

24 of 501 comments (clear)

  1. Do we really need it ? by CineK · · Score: 5, Insightful

    I mean - there are a lot of hardware security modules that can be used for building trusted systems right now.
    Isn't the only purpose of pushing things like TCPA locking the platform down ?

    --
    -- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb31350717901017685 42287578439snlbxq'|dc
    1. Re:Do we really need it ? by bechthros · · Score: 3, Insightful

      Seems to me it's a lose-lose situation. On the one hand, until it's hacked, you have users not being able to have their machine do what they want it to do. That's obviously bad thing number one.

      But number two comes a couple years down the road from widespread adoption, when some critical flaw in TCPA is found by hackers, TCPA is hacked, and innocent businesses that have come to depend on it for security are disrupted and exploited. And then we're looking around all doe-eyed, like, "but they said it was unbreakable security, they said it was trusted computing!" TCPA is just antoher level of command heirarchy, and subject to hack.

      "Trusted computing" has got to be one of the most insidious marketing doublespeaks I've ever heard in my life. All "Trusted Computing" consists of is computers who don't trust me.

      --
      They will never stop until somebody makes the
    2. Re:Do we really need it ? by Too+Much+Noise · · Score: 2, Insightful

      If that binary is modified, it can no longer access the sealed storage.

      This is good news for data corruption. All your data is fscked.

      If it were true, it's good news for a lot of corporations, too. Update WMP due to some security bug and you won't be able to access the authorisation data for playing the songs you purchased online. OOps! time to re-buy them! and even if you use a friendly store that will give you extra free downloads for purchased songs to cover that situation, you end up with: 1. parts of the disk space being lost (I assume that if you can't read the protected area you can't delete it either) and 2. reliance on the store not closing or losing their (presumably protected, too) customers' past transaction information due to simlar TCPA glitches.

    3. Re:Do we really need it ? by Minna+Kirai · · Score: 2, Insightful

      I might want only a limited set of applications accessing a certian storage area.

      You can accomplish all those things in a 100% software implementation of priviledge separation. No special TCPA hardware is needed.

      However, if you did have the special hardware, you would still need modified TCPA-aware applications and OS to make it work.

      So let's consider the two paths towards reaching your goal:
      A) A modified OS that restricts which of your applications are allowed to access which parts of your file system.
      B) A completely new PC and peripherals that have more expensive TCPA-compliant hardware, plus everything already listed in (A)

      Hopefully, you can see that the cost (in both money and complexity, which translates to opportunity for errors) of A+B is higher than the cost for A alone.

      The only thing TCPA's hardware modules do that couldn't be accomplished with pure software is make reverse engineering prohibitively expensive. It's designed solely to prevent you from knowing how to fully control your own PC.

    4. Re:Do we really need it ? by Minna+Kirai · · Score: 2, Insightful

      I can "trust" that MY software running on the RIAA's computer is similarly my original code

      No you can't. The RIAA has the money and contracts to give orders to the people holding the keys with which the software was signed. You don't have that level of influence yourself.

  2. what is it good for? by Anonymous Coward · · Score: 2, Insightful

    The only benefits I can see is increased security for encrypted communication or hard drive encryption. I am really trying to think hard of any other beneficial applications but can't come up with anything.

    1. Re:what is it good for? by vadim_t · · Score: 4, Insightful

      Well, it could be useful for a seriously locked down server.

      Imagine that you're an admin at some big company, with a hundred Linux boxes. You have this stuff on every of those boxes, and a computer for administration somewhere safe. When you install software you first check it, then sign it, then push updates to your servers.

      If somebody gets in, they'll have things quite difficult. Anything unsigned simply won't run at all. Rootkit modules, exploits, etc, will all simply not be able to run at all. This would take out a quite big part of the exploits an attacker could use. Remote ones would hopefully avoided by NX.

      This wouldn't protect against things like races, but it certainly could help quite a lot.

      The situation above is something I wouldn't have any problems with. If an admin wants to have an uber-locked down system where anything not signed by his key that's only present in a computer with no network connection in a secure room with an armored door doesn't run at all, then sure, why not. I'm fairly sure this can mostly be accomplished without hardware support at all, though.

      Now, it's when software publishers want to make it impossible for me to control my computer when I have problems with it. But if the user has full control of it, I think it could come quite handy in some cases.

    2. Re:what is it good for? by Qzukk · · Score: 3, Insightful

      When you install software you first check it, then sign it, then push updates to your servers.

      In the end, it depends on who gets to sign the software, and how this software is distributed once signed. In our corner of the court, we have the admin signing software for 100 boxes (does he have to sign each separately? Can you sign software for every box out there at once? If its not a specific-to-that-machine signature, how do you keep the attacker for signing software too?) for the purpose of protecting the servers from software you don't want to run.

      In the other corner of the court, it appears that we have big business interests who want to have all software signed, who would charge hundreds to sign software for other authors (verisign, et al will certainly be in the business), MPAA and RIAA will be wanting to make sure signed software obeys their rules (and will probably charge for this too), all to make sure your computers are protected from software they don't want you to run.

      Things like this IBM article help make the first scenario a reality, and I'm grateful for it. Now, who wants to be the first to be sued by Microsoft for some TCPA submarine patent that nobody knows about?

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  3. Give me enough rope... by DigiShaman · · Score: 3, Insightful

    to hang myself.

    Instruction: How to restrict your Linux box from yourself.

    --
    Life is not for the lazy.
  4. Linus Torvalds himself has blessed DRM by Xpilot · · Score: 5, Insightful

    Linus himself said DRM is ok, as long as it's used in the interests of the user. This is a good thing, think about it; EvilCorp(tm) wants to use DRM to cripple computers, but the PR guy will say "it's for the user". Of course their intent is nothing of the sort, but the Linux folks are the only ones who will actually implement something that *is* in the interest of the user. Then EvilCorp won't be able to lobby making Linux illegal, since Linux also uses DRM which does what EvilCorp claims it's doing "for the users". Well, hopefully.

    --
    "Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
    1. Re:Linus Torvalds himself has blessed DRM by scorp1us · · Score: 2, Insightful

      You touched on something there that I want to bring out further.

      Linux can show what user-centric trusted computing can/should do. Microfoft et. al. will be showing what Big Business trusted computing wants/can do.

      Eventually there will be those that will ask why it has to work against them so much when running Billy Bob's OS, and then they'll realize that their PC is not their PC, but the industry's PC.

      --
      Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
    2. Re:Linus Torvalds himself has blessed DRM by Minna+Kirai · · Score: 3, Insightful

      Linus himself said DRM is ok, as long as it's used in the interests of the user.

      Linus is not a lawyer. More importantly, he's not even a free software or open source evangelist. Unlike RMS or ESR, he doesn't even hang out with lawyers or devote serious thought to legal matters.

      Since DRM is a combined legal-technical area, it falls outside Linus's expertise, and his opinion carries little weight. (From a practical standpoint, TCPA is incompatible with the Linux philosophy of open-source modifications)

  5. If you can't beat 'em, join 'em. by Kickasso · · Score: 2, Insightful

    Better yet, lead 'em. It would be ridiculously funny if Trusted $FREENIX were released before Trusted Windows or Trusted MacOS.

  6. Comment removed by account_deleted · · Score: 2, Insightful

    Comment removed based on user account deletion

  7. not entirely so by hany · · Score: 3, Insightful

    From a practical standpoint, TCPA is incompatible with the Linux philosophy of open-source modifications

    IMO this is not exactly correct - is it against Linux philosophy of open-source modifications to secure my Linux box so nobody except me can make modifications to it?

    TCPA used in such way (i.e. in interest of user, not supplier, not government, ...) is quite in line with Linux philosophy of "you're in control" :) .

    But, as with all weapons, it has two edges. So, beware! :)

    --
    hany
  8. Re:TCPA - TCG by Wesley+Felter · · Score: 2, Insightful

    And after the TCG accumulates enough bad PR, I guess they'll change the name again...

  9. Re:TCPA is a DRM smokescreen by poofyhairguy82 · · Score: 2, Insightful
    The truth is that TC along with Remote Attestation is a new feature set for your computer which allows new ways for people to cooperate online. Some people oppose this because they don't believe that others should be allowed to cooperate in ways they don't approve of. They don't want you to be able to credibly commit to obeying certain rules in processing data. But they have no right to interfere in your private decision making processes.

    No...thats not it. I don't "oppose people having choice" or some crap like that. I oppose this becoming an industry standard that REMOVES my option of not having it. Once every computer has this, it won't be long before ISPs can say "we only want trusted machines on our network." It is the begining of the end for the computer cowboy; Trusting Computing is the first step to civilize the wild west called the internet. Sure for most users (those with tons of spyware on their computer, or with computers that their kids have loaded with enough illegal IP that a lawsuit might come any day in the mail) trusted computing might be seen as a good thing. But for someone who has taken these little multipurpose machines called computers and have used them as they wish despite lacking the blessings of the company's involved (such as me playing DVDs on my Linux box), Trusted Computing is a sign that the companies that have created this wild west are sick of not being obeyed.

    This might help some company keep its local network in shape, which is great for them and a reason for its eventual success. But with that comes a future where my computer follows the law despite my wishes (or I lose Internet access), which would make it a very boring hunk of silicon and circutry indeed.

    --

    Open Source Sushi

  10. Re:TCG and Linux make sense by praedor · · Score: 3, Insightful

    Hmmm. And yet I don't seem to need any form of TCPA/TCG or DRM. In all the years I've run linux full-time, I have never ever had naughty code or naughty hackers get in. I can't say that about any of the windoze users I know. Beyond that, I certainly don't need any system that can be used as a DRM system.


    Nope. Uh-uh. Not on my box. I'll copy my files and CDs as I feel the need and will not have anyone but me control when and how I go on to use such copies. This all looks like what it is, an attempt by corporations to gain control of the most important and useful aspects of your PERSONAL and private property computer. Screw TCPA/TCG (and DRM). Paint it all up with lipstick and rouge all you want but in the end it is about restricting what people are allowed to do with their own computers. Any benefits that come to the individual computer owner are accidental and peripheral to the actual designed and intended purpose.

    --
    In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
  11. Re:TCG and Linux make sense by Anonymous Coward · · Score: 1, Insightful

    What do you mean don't believe the FUD? What do you think your post is?

    Give us one point where Ross Anderson's arguments don't hold. You will be rebutted. Go on.

  12. Re:As sad as it is by cayenne8 · · Score: 4, Insightful
    " This is not flamebait. I hope someone with a brain mods you up...If anything, the original parent was the flamebait..."

    In general...sure...TCPA could have some positive effects on the computing community. However, it also has great potential to be slipped in...and eventually, by law, it must be used to lock things down. Only a few things at first...but, eventually could mandate a great deal of limitations as to what you can legally do with a computer. As much as the corporate entities are beginning to use the govt. to legislate things...and they really don't like the fair use we do have...it is easily possible to forsee this as a means to that end.

    Taken long enough...it could happen, which is why you need to take things like this slowly and with a great deal of skepticism early on.

    I heard it said before that "What one generations tolerates....the next generation embraces"

    Think of it this way...the article the other day on /. about how many US kids don't understand what the 1st amendment really means...they haven't been taught about it...and we're tolerating loss of freedoms. When they are grown and we're not around...they won't even know they existed in the old form...

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  13. Obligatory TCPA FAQ Link by TheSpoom · · Score: 2, Insightful

    You should read the TCPA FAQ if you have not already. It explains why this is a bad thing.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  14. Re:Trusted Linux is ILLEGAL by finkployd · · Score: 2, Insightful

    As usual with slashdot, you hold strong opinions regarding tcpa with absolutely no idea what it is.

    Tcpa lets you tell your machine to only run binaries signed by Microsoft. You can also tell it to only run binaries signed by IBM. Or you can tell it to only run binaries signed by debian. Or yourself. Or any combination. You tell it what you want it to do in this regard.

    The only valid argument against it is the remote atestation issue, which (using digital signatures) can attest the identity of a client over the network. Think windows file sharing refusing to work with a Samba client, even if they open the protocol, because the samba client was not signed by Microsoft. Or worse, IIS only allowing IE to connect to it. Or most likely, a streaming media server only allowing windows media player.

    Course, this has good and bad aspects as well. The technology exists, it has useful purposes, you cannot put the genie back in the bottle. If people use remote atestation irresponsibly as in the above scenerios, then it is not a technology problem, it is a people problem and should be dealt with accordingly. TCPA is just a logical next step to take with public key.

    Finkployd

  15. Re:As sad as it is by Anonymous Coward · · Score: 1, Insightful

    To have to burst your bubble of uninformed ostrich-head burying, there is no DRM method that both 1) functions and 2) permits the freedom not to use it.

    DRM is based on the idea of interlocking hardware and software, where there are no loopholes simply because you don't have control of your computer (while it's in DRM mode). All software is cryptographically "trusted" if and only if it is signed by an "authority."

    If you intend to use your computer to interact with the rest of the world, and the rest of the world is using DRM, you have no choice but to always use your computer in DRM mode.

    (To clarify, yes, there are some DRM specs which permit centrally-signed software to interact with non-centrally-signed software -- but these specs are by definition pointless because the loophole automatically voids any "protection" the system gains from signing. The weakest link in a chain determines its maximum strength.)

  16. Re:Trusted Linux is ILLEGAL by finkployd · · Score: 3, Insightful

    Completely wrong. The owners of machines don't get the keys needed to sign things for their own hardware. Only the builders of the hardware have those keys, and they are contractually obligated by agreements to the MPAA and RIAA not to divulge those keys to anyone (except employees in the course of their work).

    Wow, you just don't have a single clue about any of this do you? You can pop whatever keys you want into the hardware. If you want to create a system where only binaries signed by you can run, go for it. If you only want to run binaries signed by debian, redhat, or joe blow down the street, you can do that too. You can also turn off this checking and allow anything to run.

    The scary part of this is the remote attestation piece. THIS is what the riaa and mpaa want. It basically allows streaming media servers and media files to only be opened by programs signed (and verified by the hardware) by those they trust, like microsoft. A scary vision of this is that windows file sharing could disallow samba clients to connect to it even if the open the protocol, because samba was not signed by Microsoft.

    If the owners of the hardware were going to be the ones having the keys needed to run on that hardware, then I wouldn't have any problem with it.

    You are not going to get Microsoft's signing key and be able to sign your binaries as them, but you will certainly get their public key to verify their binaries and put that in your hardware. You can also generate your own key to sign with and put that public key in the hardware too.

    Do you honestly believe that anyone, anywhere would ever go for a system where all software running on Windows has to be signed by microsoft? They couldn't even do that with signing device drivers and such (although they tried, all it does is warn you). You think microsoft is going to stop selling visual studio and all their programming tools because nobody but them can create and sign binaries? Now take this a step further, do you think overseas PC makers are going to sell PCs that can only run windows? Even US companies would never do that.

    Good God man, actually take some time and learn about this stuff before you spout uninformed drivel everywhere. There are some real legit complaints about TCPA, but you seem to not understand the most basic aspects of it.

    Finkployd