Slashdot Mirror
Major PC Makers Adopt Trusted Computing Schema
An anonymous reader wrote to let us known about a News.com story regarding so-called trusted computing, and its adoption by the major PC manufacturers. From the article: "The three largest computer makers--Dell, Hewlett-Packard and IBM--have started selling desktops and notebooks with so-called trusted computing hardware, which allows security-sensitive applications to lock down data to a specific PC." Interestingly, while Microsoft is said to be behind the idea support won't be forthcoming for trusted computing until they release Longhorn next year, making this a hardware-vendor lead initiative.
What happens when your PC dies? How do you recover using the now useless backups? There's bound to be a way to bypass that. Sounds like the data requires a physical key (sentry?). Someone somehow will bypass it.
Now accepting PayPal donations!
Just remember, folks: "Trusted computing" is an Orwellian phrase that actually means your computer won't trust you. So if you want your computer to have to ability to say to you, "Sorry, I won't play that MP3 file" or "Sorry, that movie is not authorized for this PC," well step right up. Barnum & Co. -- er, sorry, I mean major PC hardware companies have some new machines to sell to you.
If Linux gets in on the game then surely this could be a positive thing for computer users.
See the Trusted Gentoo project for example.
Until we see locked down BIOSes then this is hardly a threat to Linux if it responds quickly.
Get a free iPod Nano 4GB!
IBM has had the hardware in place in their laptop line for the last several years. It makes repairs which require a motherboard swap a PITA because you have to be sure to order the part with the crypto in place if your current system had one, which might not know about the first time you do one, resulting in a several day delay....
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
This sort of crap runs contrary to Apple's philosophy, and I don't think they'll want it in their hardware (heck, they don't even copy protect their OS). However, they may get forced into it for compatibility. I believe in trusted computing - I trust myself not to be dumb.
I guess you didn't notice the letters IBM then?
Is this going to be portrayed as a reason to upgrade your PC, especially now the main family software, i.e. Office, e-mail, etc. have reached the point where upgraded the PC is essentially pointless?
I've read the article, and many related articles, but it is still not clear to me what this technology really means...
I am pretty sure there are answers to this technology, but I haven't found a clear concise source to make me feel any better about what this technology may bring upon OSS. I'm afraid it might be bad. Someone reassure me.
As an aside, is this really a direction technology needed to take? Is there really that much of a need for "trusted" computing? Sheeesh, I've not found this to be a huge issue, and I hope this technology incurs huge backlash when its inconvenience far exceeds its benefits.... (especially since the type of intrusion and hacking I've ever seen has little to do with protecting data and much more to do with social engineering).
So my understanding is that it is far too complicated to have the content only accesible by hardware (isolated HD or sectors directly controlled by the hardware which would need to convert to output without going through main memory).
I believe instead these systems work by only giving access to certain content areas if the booting software has the right key or matches the right checksum. However, once that access has been granted the software is in control and a software flaw in the software could allow for copying.
How long do you think it will be till they find a bug in longhorn?
If you liked this thought maybe you would find my blog nice too:
Another reason I'm glad I use Macs, really. Let's hope Linus's PowerMac really does drive Linux on PPC as much as we all hope it will. Then, let's hope IBM starts pushing PPC based systems more than the Xeon powered servers I always see advertised.
Do not touch -Willie
It's time to push for an hard for a free bios. You can help if you
can figure out how to install a new bios on a computer, especially a
laptop. I don't know why we can put linux on an xbox but nobody can
get a free bios on a laptop.
Stick to AMD machines, avoid Intel and IBM. Heh, IBM. We talk like
they're our allies but they're pushing patents and treacherous
computing. They're a _much_ bigger threat than SCO ever was.
If you haven't yet read stallman's dystopian short story The Right To Read,
this might be a good time.
Treacherous computing is the reason I'm a GNU+linux user.
Of course, such a system would have undesirable uses as well, DRM and the like...
"Don't want to interoperate with the rest of the secure users out there? Don't use hardware that is tied to THE secure OS."
If trusted computing reaches the point you can't get on the Internet unless you are running it, and at that point trusted computing means your completely relinquish control of your computer and your privacy, then maybe geeks should take this opportunity to start a network of their own free of corprate and government control. Think Pirate Radio except for the internet, the Pirate's Web, or Alternet.
At least at a local level you should be able to create a wirless mesh network free of the shackles the government and corporations are inevitably going to try to put on the Internet in the name of "security", "safety" and to protect their monopolies on music and films.
Its going to be a little harder to do the long haul part of the network, since you are going to have to do a lot of hops and latency will be terrible. Thankfully as disk drives and hardware get cheaper people can make liberal use of mirrors to that there are local copies of valuable stuff like Wikipedia and open source archives.
You will also probably be confined to latency sensitive online games only in your local community.
All in all I'm not sure it would be such a bad thing because:
- It would foster a greater sense of local community involvement, which is sorely lacking on the Internet.
- It would compel geeks to be resourceful and roll up their sleeves instead of just open up their wallet and dole out cash to the giant, abusive telecommunications giant every month.
- I wager the Internet is going to be in a pretty steady decline in usefulness as governments and corporations seek to exert ever more control over it and try to extract subscriptions and fees for anything interesting, or saturate you with advertising. Its also a near inevitability that they will seek to wipe out bit torrent, all p2p or anything that is used by pirates, even when they also have legitimate uses.
- People might start appreciating the value of the freedom things like open source give you once corporation controlled governments start taking them away. You usually don't value something until you lose it. Maybe it will be just the thing to ignite a sustainable and powerful political movement to regain control of our governments. As it is everyone is to fat, dumb and happy to do anything about it so corporation controlled governments are eviscerating out civil rights and no one give a damn as long as they have their porn, video games and reality TV.
All in all I favor college radio, which is the closes thing to pirate radio you can usually find. They play interesting, eclectic mixes of often good music because they are putting out content they like, not content that ClearChannel and the RIAA want to shove down peoples throats and make them like simply by depriving them of anything better.
Not sure that the Internet might not be rejuvenated if it goes back to its BBS, Modem roots. I wonder if spam, spyware, script kiddies and the like will be lesser or greater on the Pirate's net versus the "trusted" computing Internet. I wager the free lancers would be worse on the Pirate's net but the corporate controlled spam, spying, privacy invasion and intrusion will be worse on the "trusted" internet.
I wager we can pull off an Alternet as long as unregulated wireless is tolerated by the government and continues to improve. If once the Alternet starts rolling and the government, corporations seek to outlaw unregulated wireless and wipe it out, then it gets to be more interested. Could we run a usable and interesting mesh network in the face of a hostile, corporate controlled police state trying to wipe it out.
@de_machina
Ok... say all the other doomsday things somehow dont happen... there is one thing that WILL happen... note that in the description of how it works on microsofts site, that you control the parameters, and an agent oversees activities and such... people here keep thinking that it has to do with DRM, but actually it has to do with third party compatibility!!!! right now i can reverse engineer ms file formats for say Word.. i can then write an application that does something tha Word does not. if i pay microsoft then they will allow me access to the encrypted representation but if i am not then there will be no way for my new apps to work with the apps of microsoft. new software is seldomly a stand along affair. many companies exist by making addons, and all kinds of things, and they are not required to pay royalties to the original company because they are manipulating data that CAN be manipulated. worse than spying on you... it will kill interoperability by third party players with potentially disruptive technology... and since the main things in windows are embeded inthe operating system, almost all software will have to license some kind of access as the browser will lock up what it knows too. this has been a bug a boo of big companies for ages. they dont like that a small trim company can come along and expand their product down lucrative paths that they cant respond to given their size and internal cultures. so while general motors makes engines, you can buy add on and modifications from third parties, or make your own. general motors hates that it cant make ALL the money that is derivitive of their products. the same is true of tons of other products of which we have the FREEDOM to modify as we see fit to fit our needs.... another thing ms and the others hate are ms experts that dont pay to be part of the ms world to get their answers. i can see this locking out consultants that write or customize software unless they get permission through ms or another to have access to it. dont worry though.. the minute that something onerous does get in, you will see people making PC's that dont have it... they will run old operating systems and live with the problems or work around them like they do when they dont have a patch... the key here is that such technology is not legislated into place. so we as consumers do have a choice... 10 years ago things were changing faster than the lull we are in now, and capacity of the machines changed rapidly... but we now have approached the level where for 95% the machines that exist can do more than we can put them through!!! and thats the saving grace.. i will just boot up my p4 with win 98.. if software dont run, i will then just use something else that will.. software developers already have a hard time with such small margins and such high costs.. breaking them will not leave an open playing field as ms and the others think. its a reductionist view thats doomed to failure as they dont realize that maximum exploitation of their environment happens when there is a rich and varied ecosystem to support it... when it dries out there is less reason to innovate or move forward and your customers are not as happy.. which i guess is fine if you are running in telecom or banking.. information technology wants to have the same captive customers... all because everyone is so pinched that the only businesses that do real well any more are those with captive customers (usually through contracts that border and make excursions into usury). the move by companies to control their customers rather than service and please them is a scary trend that i fear will only get worse as time goes by.... we should never have granted companies entity status in the 1800's.. some of the seeds of our downfall was in that, and more have been planted along the way... and soon will bear fruit as the united states loses its preeminence to the companies it created that have left the nest of national level business and now are no longer beholding to the nest as they live in the global sphere. politicians are not too bright in the last few years... they dont realize that once a company goes global its no longer in its best interest to remain loyal to the country of origin!!!!!!!!!
I think the general understanding of "trusted computing" is missing the mark. The idea of TC is that the CPU garuntees that the code it executes has been authenticated, and that its transport to/from RAM/IO is also authtenticated.
This prevents casual logic analyzers and other hardware hacktools from reverse engineering the component level interoperability. While its not a garuntee of securing the design, it sure elevates the level of effort required to manufacture alternative hardware components.
Sound familiar? Does the song "microchannel" dance in your mind? Sure Microchannel failed beacause it was an IBM-only idea. Now, there seems to be growing support for across major PC vendors. But wait, there's more...
If you are reasonably assured that the hardware is 'authenticated', now you can upstream that concept to the software. Now you can use various hardware level cryptography to ensure that the hard disk has only authenticly signed boot signatures, and if it does not, the device will simply fail at a *hardware* level. Makes it hard to install viruses, er, I mean alternate OS'es.
Sound like "wishful" thinking? Look at the design specs for the XBOX. This is the first cut at secure computing platform, with some level of hardware & software authentication. The idea being it will be very difficult to release non-licensed titles for the device. Look how long it took before some clever (ok, VERY clever) ppl got Linux to run on it.
Have you seen any non-MS licensed developers releasing titles for the XBOX ? No, of course not - because the hardware/software authentication scheme is sufficiently robust enough to prevent that.
In short, when you buy a DELL, IBM pc under the "trusted computing" design, you'll have a choice of OS. Once. Just once. Until some very clever ppl figure out how to install linux there too...
The only PT Boat Journal on the web: http://www.PT171.org
See the Trusted Computing FAQ for the many reasons why this is a bad idea and why lock-in will in fact be a result, despite IBM's claims to the contrary. Written by Ross Anderson, Professor of Security Engineering at the UK's leading univeristy, this article is an excellent primer.
Apologies for the crappy URL; it seems I suck at them
No it's a bug in slashcode (I think) look at my other post.Now..
The IBM rebuttal first twists the words of the authors and takes it completely out of context, the authors were trying to tell things in layman's terms and everyone can see that. Then, in the security argument, it seems to ignore the fact that most security breaches occur due to software errors and the fact that once the "trusted" software itself is compromised, there's not much TC can do. And then it pushes of all the fears as mere speculation, whereas the fears are logical conclusions derived by careful analisys. Again, it takes things out of context and makes it appear as if the authors are trying to push speculation as fact. I've read the original documents, and this rebuttal doesn't hold up against them. If your fears were allayed to any extent by this rebuttal, then you must be very impressionable.
IIRC the major problem people have with this is the "remote attestation" part, which means that a remote computer can verify your system is trusted, where "trusted" means "conforms to some arbitrary set of rules". Sure the hardware itself does not force you to run anything in particular, however if parts of the internet start requiring you to run Windows (or MacOS!) in order to connect - which this technology absolutely allows - then we have problems. Especially if ISPs start requiring it.
A few years back, when I was a law student, I wrote my law review student note on trusted computing (published last year). I've made it available here if anyone is interested. Not sure I still agree with the thesis but hey, I was ensconced in academia when I wrote it.
http://actusre.us/cjam/woodford.pdf
"Advice is what we ask for when we already know the answer but wish we didn't." --Erica Jong
Have you bought any good bridges lately?
The IBM paper was mostly factually accurate, entirely deceptive, and contained at least one flat out lie. The one flat out lie is "they even say that the scheme is poorly executed for use as a DRM". The only way that is not a lie is if IBM has a very peculiar definition of "poorly". While everyone involved in Trusted computing is constantly chanting that it was not designed for DRM, each and every one of them has at one time or another directly admited that it is in fact a perfect platform for building "security systems" including "DRM Security systems". It is simply a matter of writing DRM software and the rollout of well documented network servers and databases. If you're a programmer I can easily walk you through step by step exactly how you deploy DRM on Trusted Computing. There's certainly several layers involved in Trusted Computing DRM, but it is anything but "poorly designed". In fact short of physically ripping open a chip and reading out your key it is damn near impenetrable.
Yes, there will be Trusted Linux. And it will be just as bad as Trusted Windows. In fact Trusted Computing DEFEATS THE GPL. Sure you can have the source code, but that source code is ABSOLUTELY UNUSABLE. If you change a single line of the code then the Trust chip prohibits the software from working. Sure the new software will run, but it won't work. The Trust chip will prohit it from reading any of the files, and over the internet the Trust chip "authenticates" it as incompatible software and the software will not be able to connect or communicate.
The one thing that is common to the article is that it is to protect data, not DRM'ed stuff
Sure Trusted Computing is designed to "protect data". It is explicitly designed to "protect data" AGAINST THE OWNER!!!!
The foundation of Trusted Computing is a pair of cryptographic keys locked inside a chip. The specifications REQUIRE that the owner be forbidfden to know his own keys. The specification explicitly states that it is to be secure against owner attack. The sepecication explicitly states that the the chip shall selfdestruct if the owner attempts to get his keys out of the chip. I find it amusing that they in fact that advertized this point on TV in the IBM Thinkpad Man-In-Black commercial. The one where the government agent-type guy says that the chip self destructs if you attempt to remove it. Of course they didn't advertize the other parts about the data and software being secure against the owner.
The specification requires that the owner be unable to use these keys, except as the system permits him to do so. The specification requires that the owner be unable to read or alter HIS OWN FILES, unless the system permits him to do so. The specification requires that it be impossible for you to ever recover your data if the chip dies. The specification requires that it be impossible for you to upgrade your computer and transfer your data, except to a new computer with the exact same manufacturer and model of chip, and only after the destruction of the data on the original machine. If that Trust chip manufacturer has gone out of business or no longer makes that model chip, then it is impossible to upgrade to a new computer without losing your files and buying your software again. When the old computer dies your files and software die with it.
The Trust chip is desigtned to spy on your computer and report over the internet what hardware you have and exactly what software you are running. The specification says that you can turn this report on or off, but it requires that you be unable to control or alter this spy report. If you turn that report off, then the system wuill not work at all. You will be unable to register and install software and you will be unable to access any "secure" files.
There was a very comical and honest item on the Trusted Computing Group's website FAQ. On privacy it says that in order to use the system you must opt-in. Yep, if you d
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
It may sound like "tin foil hat paranoia", but there is in fact a "conspiracy" of over 200 corporations pushing Trusted Computing and Governments (US and EU and others) are in fact also "conspiring" to push Trusted Computing and there are in fact Trusted Computing initiatives inside the UN.
The Trusted Computing Group has in fact stated that they are creating a system that would deny you an internet connection unless you are running a Trusted Computer. The US presiden'ts Cyber Security advisor did in fact give a speech calling upon ISP's is impose exactly this sort of system as a mandatory part of their internet Terms of Service. A call to "Secure the National Information Infrastucture". It was at a Washington D.C. Global Tech Summit. And the audience applauded.
Yes, it would take a couple of years before they could take that final step of making Trusted Computing mandatory for internet access, but you are kidding youself if yuou think it is impossible. The plan is that the Trust chip will be standard hardware on everty motherboard, if not inside the CPU itself. Yes, Intel is already putting Trust chips inside CPUs, though it is not yet activated, and every other CPU manufacturer also has a project for Trusted CPU. So every single new PC will be Trusted Compliant hardware. Once Longhorn is released every single PC supplier will be supplying nothing but Trusted Compliant machines. Microsoft has announced that nonTrusted hardware WILL NOT BE FULLY WINDOWS COMPATIBLE. No PC supplier can realisitically survive selling hardware that is Windows-INCOMPATIBLE. Everyone who buys a new PC will simply be HANDED a Trusted Compliant machine. Through the normal obselesence and upgrade cycle, the vast majority of PC's get replaced in any four year period. If Longhorn comes out in 2006, add about 4 years to get 2010, at that point the vast majority of installed PCs may be Trusted Compliant. At that point it does in fact become very possible for ISP's to begin making Trust Compliance a mandatory part of their Terms of Service.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Th vendors are just preying on fear.
Engineering is the art of compromise.
I've wondered how much dark fiber there is laying around the world and if anybody would notice if you started using it. I'm pretty sure fiber infrastructure was way overbuilt thanks to everyone listening to Bernard Ebber's fantasy predictions for global demand for bandwidth.
... gasp ... share music they probably would seek to snuff out all wireless networks unless they were certified and trusted.
I imagine once you started using dark fiber on any scale eventually the owner would notice. Alternately I'm wondering if you can tap fiber cables and run a rogue signal on it without the owner noticing it.
I wonder if ISP's working under the new trusted computing mandate would let you run a data stream point to point on their networks, using hosts that at least appear trusted but would basicly being working as routers between Alternet and Corpranet, ideally encrypting everything in the Alternet stream to keep the NSA and friends from spying on it while its in Corpranet.
Fiber through back yards would be a nice idea for high bandwidth in small areas but you would inevitably have people that wouldn't let you run it through your yard and you would have a huge hurdle to clear everytime you had to cross a street or other significant expanses you don't own.
Wireless is obviously better for the community network though you would be completely at the mercy of the FCC or your country's equivalent regulator. Would also be very vulnerable to being spyed on by Corpranet unless its strongly encrypted. As soon as corprate controlled government figured out Alternet was being used to
@de_machina
An expensive lesson about Thinkpad security:4 40/804
http://www.gripe2ed.com/scoop/story/2005/3/14/235
Now, what if this were the case for EVERY computer... I foresee a thriving and extremely lucrative business in TC data recovery, where rather than merely sending Ontrack or whomever your wonked HD, you have to $$$$end them the entire computer (um... can TC include the monitor??)
~REZ~ #43301. Who'd fake being me anyway?