TCPA Support in Linux

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Wednesday February 2, 2005 @05:39AM from the trust-no-1-or-something dept.

kempokaraterulz writes "Linux Journal is reporting that "The Trusted Computing Platform Alliance has published open specifications for a security chip and related software interfaces.". In the latest Gentoo Newsletter they talk about a possible 'Trusted Gentoo', and possible uses for hardware level security."

6 of 501 comments (clear)

Do we really need it ? by CineK · 2005-02-02 05:44 · Score: 5, Insightful

I mean - there are a lot of hardware security modules that can be used for building trusted systems right now.
Isn't the only purpose of pushing things like TCPA locking the platform down ?

--
-- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb31350717901017685 42287578439snlbxq'|dc
Linus Torvalds himself has blessed DRM by Xpilot · 2005-02-02 05:46 · Score: 5, Insightful

Linus himself said DRM is ok, as long as it's used in the interests of the user. This is a good thing, think about it; EvilCorp(tm) wants to use DRM to cripple computers, but the PR guy will say "it's for the user". Of course their intent is nothing of the sort, but the Linux folks are the only ones who will actually implement something that *is* in the interest of the user. Then EvilCorp won't be able to lobby making Linux illegal, since Linux also uses DRM which does what EvilCorp claims it's doing "for the users". Well, hopefully.

--
"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
Lacking One Thing by SpottedKuh · 2005-02-02 05:51 · Score: 5, Interesting

Though the specifications detailed in the article are definately a Good Thing, they lack (at least as far as I could tell) any way of preventing unauthorized physical access to the chip.

Physical access to machines is always a big issue in security, and one that is often overlooked. And while it's probably not a big deal for your home machine, consider large companies whose machines could conceivably be targetting for a physical attack to recover the keys directly from the TPM (Trusted Platform Module).

Stajano's "Ubiquitous Computing" book has excellent coverage of the rationale, issues, and complexity of attempting to prevent physical access to chips and devices which store sensitive information. It's an easy read, and well worth it: http://www-lce.eng.cam.ac.uk/~fms27/secubicomp/ind ex.html
Re:If you can't beat 'em, join 'em. by SpottedKuh · 2005-02-02 05:53 · Score: 5, Funny

Trusted Windows

Wait, wait...you lost me on that one.
As sad as it is by Anonymous Coward · 2005-02-02 06:05 · Score: 5, Informative

To have to burst your bubble of uninformed zealotry, there are plenty of good uses for trusted computing and DRM that do no interfere with your quest to get 'fr33 musicz 4 life' or whatever. Not all of this technology is for companies like the RIAA to protect copyrights, despite what Slashbots would have everyone think.
Re:Here comes the flood?? by Greger47 · 2005-02-02 07:27 · Score: 5, Interesting

This is the thing that I don't get. The supposedly secure boot process seems to be broken from start to finish.
The "trusted" boot functions provide the ability to store in Platform Configuration Registers (PCR), hashes of configuration information throughout the boot sequence. Once booted, data (such as symmetric keys for encrypted files) can be "sealed" under a PCR. The sealed data can only be unsealed if the PCR has the same value as at the time of sealing. Thus, if an attempt is made to boot an alternative system, or a virus has backdoored the operating system, the PCR value will not match, and the unseal will fail, thus protecting the data.
The whitepaper also mentions that in IBMs implementation the chip is connected to the SMbus.
This means that the entire security of the boot process hangs on whatever data the CPU feels like sending to the chip for hashing. I could as well make a patch for GRUB that sends the "secure" version of GRUB down the SMbus and actually executes whatever nastiness I have in store.
In the case of DRM this lets me run whatever OS I want. The only thing I have to do is to feed a copy of whatever OS Hollywood trusts to the chip and voila the chip will say I'm legit and Hollywood will give me access to their movies for me to pirate at my leisure. :)
As I see it, the only way to get this to work for real is if Intel steps up and builds TCPA support into the CPU itself such that the PCR register is continuously updated as each instruction is executed. And all existing external chips have to be blacklisted, ofcourse.
Or does the TCPA system have some other trick up their sleeve that makes this work even though it's implemented externally to the CPU?
/greger