Slashdot Mirror
Major PC Makers Adopt Trusted Computing Schema
An anonymous reader wrote to let us known about a News.com story regarding so-called trusted computing, and its adoption by the major PC manufacturers. From the article: "The three largest computer makers--Dell, Hewlett-Packard and IBM--have started selling desktops and notebooks with so-called trusted computing hardware, which allows security-sensitive applications to lock down data to a specific PC." Interestingly, while Microsoft is said to be behind the idea support won't be forthcoming for trusted computing until they release Longhorn next year, making this a hardware-vendor lead initiative.
At the time, digital-rights advocates raised concerns that the technology could be used by software makers and media companies to control people's PCs, putting Microsoft on the defensive. The dispute even led the software giant to change the name of its technology from Palladium to the Next-Generation Secure Computing Base, or NGSCB.
And yes, we all know that now that the name of their security technology is different Microsoft can't "team up" with the hardware makers to lock down PCs to a single OS. It wouldn't be in the best interests of either side to do that right? Oh wait, MSFT already has contractual agreements that basically force this to happen why not take it a step further and make people not only pay extra for the OS pre-installed/distributed w/the PC but also make them have no choice but to run it once they get it.
I love the wording in the article... Oooh it's the hardware vendors taking the initiative and not Microsoft (like Microsoft is always at the forefront of technology or something). Is that supposed to make me feel better that the entire computing platform will be locked down leading to the end of free distribution of anything, the Internet as we know it, etc?
Didn't Ben Franklin say something about this? Yeah.
How about trusted users? The computers aren't the problem, it's the users. It takes a confident voice to say, I'm person X and I am working on the mainframe, I need your username and password. Big words like mainframe scare people. People can't be trusted.
"I cannot think of any need in childhood as strong as the need for a father's protection." -- Sigmund Freud
What happens when your PC dies? How do you recover using the now useless backups? There's bound to be a way to bypass that. Sounds like the data requires a physical key (sentry?). Someone somehow will bypass it.
Now accepting PayPal donations!
Hug my mac tightly tonight, and trust it to only have one master: me.
ShortFormBlog: Writing a little. Saying a lot.
...that was the sound of me moving from x86 to PPC.
(As long as debian keeps up support.)
Just remember, folks: "Trusted computing" is an Orwellian phrase that actually means your computer won't trust you. So if you want your computer to have to ability to say to you, "Sorry, I won't play that MP3 file" or "Sorry, that movie is not authorized for this PC," well step right up. Barnum & Co. -- er, sorry, I mean major PC hardware companies have some new machines to sell to you.
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
this: http://www.gentoo.org/news/20050202-trustedgentoo. xml and, linked from there, this:
http://www.research.ibm.com/gsal/tcpa/tcpa_rebutta l.pdf
If Linux gets in on the game then surely this could be a positive thing for computer users.
See the Trusted Gentoo project for example.
Until we see locked down BIOSes then this is hardly a threat to Linux if it responds quickly.
Get a free iPod Nano 4GB!
Trustworthy computing... brought to you by a monopolist convicted using anti-trust laws.
rms on trusted computing
IBM has had the hardware in place in their laptop line for the last several years. It makes repairs which require a motherboard swap a PITA because you have to be sure to order the part with the crypto in place if your current system had one, which might not know about the first time you do one, resulting in a several day delay....
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
This sort of crap runs contrary to Apple's philosophy, and I don't think they'll want it in their hardware (heck, they don't even copy protect their OS). However, they may get forced into it for compatibility. I believe in trusted computing - I trust myself not to be dumb.
I've read the article, and many related articles, but it is still not clear to me what this technology really means...
I am pretty sure there are answers to this technology, but I haven't found a clear concise source to make me feel any better about what this technology may bring upon OSS. I'm afraid it might be bad. Someone reassure me.
As an aside, is this really a direction technology needed to take? Is there really that much of a need for "trusted" computing? Sheeesh, I've not found this to be a huge issue, and I hope this technology incurs huge backlash when its inconvenience far exceeds its benefits.... (especially since the type of intrusion and hacking I've ever seen has little to do with protecting data and much more to do with social engineering).
Just in case anyone wants to see the software side of what's happening with trusted computing, here's Microsoft's plans to integrate certain software technologies with these new hardware components. It's called Microsoft Palladium.
So my understanding is that it is far too complicated to have the content only accesible by hardware (isolated HD or sectors directly controlled by the hardware which would need to convert to output without going through main memory).
I believe instead these systems work by only giving access to certain content areas if the booting software has the right key or matches the right checksum. However, once that access has been granted the software is in control and a software flaw in the software could allow for copying.
How long do you think it will be till they find a bug in longhorn?
If you liked this thought maybe you would find my blog nice too:
... is bound to be a pain in the arse if you get a new PC.
I suspect that the idea is that you'd use hardware-based encryption (which must be optional, otherwise general removable media would be worthless) and the OS would be expected to support it through some service layer. But anything it does in hardware should be emulatable in software. So, the solution is only truly useful if all parties agree to play nice. That seems to be a ludicrous expectation.
It seems to me that the strategy is wrong. There's no mechanism that isn't ultimately circumventable, so simply eliminate the complex hurdles and work such that there's nothing to circumvent and no reason to do so (change the model of how you operate).
Another reason I'm glad I use Macs, really. Let's hope Linus's PowerMac really does drive Linux on PPC as much as we all hope it will. Then, let's hope IBM starts pushing PPC based systems more than the Xeon powered servers I always see advertised.
Do not touch -Willie
...this is something that businesses want (ones that already control your computing environment, like at work), and I really don't see it being aimed at the typical consumer.
I would also say that there will always be a market for open computers. The market always has ways around this.
This does not "lock" a computer to make it free from viruses or spyware. It "locks" a computer to keep it from playing non-DRM content. Basically, it takes control of the PC away from the user and hands it over to the RIAA, BSA, and the MPAA
If someone says he and his monkey have nothing to hide, they almost certainly do.
I don't know how thoroughly we've all digested it yet, but open source has arrived, and in addition to changing what people expect of their software, it has raised the bar considerably for corporations like Microsoft. It is already eating their breakfast in the server space, and it is growing to the point where in a few more years there is potential to threaten their client desktops as well, starting with businesses and other large, lucrative deployments. We as an industry are starting to recognize, and ultimatly demand, the benefits of freedom.
On the one hand I like Microsoft buying into the wild-eyed "Alamo" mentality of the content trust, trying to arm wrestle every customer for control, because the more aggressive they get with Digital Restrictions Management, the more it will drive everyone into the arms of competitors, including open and free software.
I wish I could say I thought trusted computing was doomed to fail, but frankly I think it can be considerably successful. If the end result is that your computer is not managed by you, and 3rd parties like Microsoft can take the XBox busines model (and probably, simplicity of interface) deeper into PC territory, this is probably a relief for a variety of consumers beleaguered with "general purpose" computing and all that it entails, viruses, spyware, etc. Better software architecture could solve their problems, but outside control can solve it almost as well.
I guess what will ultimately happen is balkanization, as more aggressive attempts at controlling the platform will split consumers into low and high ends. At the low end, the "game console" converges into a media system and a simple home computer, where every application is trusted and the vendor is the gatekeeper. They'll be happier because, like video consoles today, the hardware is cheap and the costs are deferred into the software and services. At the high end, the general purpose PC that is currently a staple in the home will fade into niche status - a tool for hobbyists and professionals. What fills the void in between, in the end, is hopefully a free-software-based system that is simple enough for all consumers to use, that provides them with an alternative to commercial products, perhaps marketed by a white knight corporation much as IBM has taken free software to the server world.
Tired of Political Trolls? Opt Out!
Ever since I've been in this field the allure of computers for me has been that you have a general-purpose device that, with a little ingenuity, can be made to do just about anything. A computer does exactly what you tell it to do. Now your average PC buyer can't even appreciate the difference between not knowing and not caring about what's inside their shiny new computers. But I can and I'll be damned if I ever spend any of my hard-earned cash on a device that will do what someone else tells it to do and not what I tell it to do.
Can't say I'm surprised. We knew this was coming several years ago. I bought a new keyboard last week and was shocked at the number of MS keyboards on display featuring the little fingerprint reader built right in. Within a few years we'll probably have the gubmint mandating all new PCs be equipped with TC elements. To keep us safe from terrorists no doubt.
On the bright side this will be hacked from here to kingdom come. In that sense it's good they're showing their hand now so intrepid BIOS hackers and EEs can start peeling away the mystery. What's that? The latest software won't work without TC? TC-compliant apps will work better together? Yeah. Right.
It's going to be so nice, knowing that my data in my PC can't be taken away, erased, trashed, or otherwise caused to be lost. This will keep my stuff secure, for me.
Finally, I'll be able to trust my computer.
Make sure to read this:
The Right To Read by RMS.
You can't handle the truth.
Bad geek, bad geek...
What'cha gonna do?
What'cha gonna do when your new hardware won't boot Linux for you?
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
What happens when you try to use your untrusted OS to go onto a website to download content?
How do you explain to your relatives that internet access is blocked because the ISP cannot confirm your trusted status?
At first glance, putting your head in the sand and running away from the problem is feasible, but if this plays out as far as people expect, then your machine is not your own, and the only way round it is total compliance.
Think of an x-box as 1st generation.
Without some VERY clever trickery, you cannot run uncertified software, and you can pretty much give up all hope of playing online.
liqbase
It's time to push for an hard for a free bios. You can help if you
can figure out how to install a new bios on a computer, especially a
laptop. I don't know why we can put linux on an xbox but nobody can
get a free bios on a laptop.
Stick to AMD machines, avoid Intel and IBM. Heh, IBM. We talk like
they're our allies but they're pushing patents and treacherous
computing. They're a _much_ bigger threat than SCO ever was.
If you haven't yet read stallman's dystopian short story The Right To Read,
this might be a good time.
Treacherous computing is the reason I'm a GNU+linux user.
Here is what the opponents of Trusted Computing have to say.
Trust the computer!
---- Take the Space Quiz!
I think MS and Intel have underestimated people's determination not to be shafted by The Man.
When I am king, you will be first against the wall.
Of course, such a system would have undesirable uses as well, DRM and the like...
(holds up Jedi hand....)
..........nothing to see here.....
...............these aren't the droids you're looking for......
......you may pass.........
:(
This is a trusted computer....
o/~ Join us now and share the software
Ok... say all the other doomsday things somehow dont happen... there is one thing that WILL happen... note that in the description of how it works on microsofts site, that you control the parameters, and an agent oversees activities and such... people here keep thinking that it has to do with DRM, but actually it has to do with third party compatibility!!!! right now i can reverse engineer ms file formats for say Word.. i can then write an application that does something tha Word does not. if i pay microsoft then they will allow me access to the encrypted representation but if i am not then there will be no way for my new apps to work with the apps of microsoft. new software is seldomly a stand along affair. many companies exist by making addons, and all kinds of things, and they are not required to pay royalties to the original company because they are manipulating data that CAN be manipulated. worse than spying on you... it will kill interoperability by third party players with potentially disruptive technology... and since the main things in windows are embeded inthe operating system, almost all software will have to license some kind of access as the browser will lock up what it knows too. this has been a bug a boo of big companies for ages. they dont like that a small trim company can come along and expand their product down lucrative paths that they cant respond to given their size and internal cultures. so while general motors makes engines, you can buy add on and modifications from third parties, or make your own. general motors hates that it cant make ALL the money that is derivitive of their products. the same is true of tons of other products of which we have the FREEDOM to modify as we see fit to fit our needs.... another thing ms and the others hate are ms experts that dont pay to be part of the ms world to get their answers. i can see this locking out consultants that write or customize software unless they get permission through ms or another to have access to it. dont worry though.. the minute that something onerous does get in, you will see people making PC's that dont have it... they will run old operating systems and live with the problems or work around them like they do when they dont have a patch... the key here is that such technology is not legislated into place. so we as consumers do have a choice... 10 years ago things were changing faster than the lull we are in now, and capacity of the machines changed rapidly... but we now have approached the level where for 95% the machines that exist can do more than we can put them through!!! and thats the saving grace.. i will just boot up my p4 with win 98.. if software dont run, i will then just use something else that will.. software developers already have a hard time with such small margins and such high costs.. breaking them will not leave an open playing field as ms and the others think. its a reductionist view thats doomed to failure as they dont realize that maximum exploitation of their environment happens when there is a rich and varied ecosystem to support it... when it dries out there is less reason to innovate or move forward and your customers are not as happy.. which i guess is fine if you are running in telecom or banking.. information technology wants to have the same captive customers... all because everyone is so pinched that the only businesses that do real well any more are those with captive customers (usually through contracts that border and make excursions into usury). the move by companies to control their customers rather than service and please them is a scary trend that i fear will only get worse as time goes by.... we should never have granted companies entity status in the 1800's.. some of the seeds of our downfall was in that, and more have been planted along the way... and soon will bear fruit as the united states loses its preeminence to the companies it created that have left the nest of national level business and now are no longer beholding to the nest as they live in the global sphere. politicians are not too bright in the last few years... they dont realize that once a company goes global its no longer in its best interest to remain loyal to the country of origin!!!!!!!!!
Good thing those repressive commie Chineese support IP rights so strongly! People in other countries aren't so much stupid consumers as Americans. It'll take like 30 seconds for some manufacturer in Taiwan to come out with a DRM-free motherboard and own the market.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I think the general understanding of "trusted computing" is missing the mark. The idea of TC is that the CPU garuntees that the code it executes has been authenticated, and that its transport to/from RAM/IO is also authtenticated.
This prevents casual logic analyzers and other hardware hacktools from reverse engineering the component level interoperability. While its not a garuntee of securing the design, it sure elevates the level of effort required to manufacture alternative hardware components.
Sound familiar? Does the song "microchannel" dance in your mind? Sure Microchannel failed beacause it was an IBM-only idea. Now, there seems to be growing support for across major PC vendors. But wait, there's more...
If you are reasonably assured that the hardware is 'authenticated', now you can upstream that concept to the software. Now you can use various hardware level cryptography to ensure that the hard disk has only authenticly signed boot signatures, and if it does not, the device will simply fail at a *hardware* level. Makes it hard to install viruses, er, I mean alternate OS'es.
Sound like "wishful" thinking? Look at the design specs for the XBOX. This is the first cut at secure computing platform, with some level of hardware & software authentication. The idea being it will be very difficult to release non-licensed titles for the device. Look how long it took before some clever (ok, VERY clever) ppl got Linux to run on it.
Have you seen any non-MS licensed developers releasing titles for the XBOX ? No, of course not - because the hardware/software authentication scheme is sufficiently robust enough to prevent that.
In short, when you buy a DELL, IBM pc under the "trusted computing" design, you'll have a choice of OS. Once. Just once. Until some very clever ppl figure out how to install linux there too...
The only PT Boat Journal on the web: http://www.PT171.org
I don't know what country you live in, but in the USA our laws are made by corporations. If "pirate networks" gain in popularity, they will be outlawed and people who promote them or run them will be put in jail.
hardware dongles? Or DVD CSS for that matter?
You might say "but but but but but but" this is going to be different, more secure, stronger.
Or something. But you're still going to be selling the public hardware, that they control. Hell, some of these computers will never be accessing the internet or any network at all. How will you control what they do after you turn them into the hands of the customer?
You made hardware dongles for expensive programs, they were broken. You made hardware copy protection for console game platforms, it was broken (even when games were shipped as a cartridge, eventually people made cloners)
You've made DVD players you thought were unbreakable, unleashed them on the masses, then they were broken, so to spite everyone you created new laws to try to stop people from doing it (DMCA)
You created directTV and dish network. They're hacked. And before that? Satallite TV was scrambled, but there were descramblers.
ANY hardware based "encryption" or "dongle" or "trusted computing initiative" is security through obscurity. Do you think every person who ever worked for all these conglomerate companies will be able to keep a secret?
The first person who finds out you use pins 1 and 6 on the chip to pass keying information will end up leaking it to the public. Said public will start watching those pins and find out what needs to be sent to "ok" a program running.
So you tell me your "dongle" is smack dab in the middle of the CPU, no sniffing possible?
Someone will just realease the keys then. It's only a matter of time. In the meantime, you're just blowing smoke up the asses of all the customers you have who want this product, and pissing off all the customers who don't want this product.
Give it a rest. PC's were pretty cool until you started breaking them. If you make them too hard to use, the world as a whole will find something new to play with.
HP is already on the fritz because they've merged too many times and found out they can't be the next IBM. Imagine if everyone stops buying from you and starts buying from a toaster company?
A few years back, when I was a law student, I wrote my law review student note on trusted computing (published last year). I've made it available here if anyone is interested. Not sure I still agree with the thesis but hey, I was ensconced in academia when I wrote it.
http://actusre.us/cjam/woodford.pdf
"Advice is what we ask for when we already know the answer but wish we didn't." --Erica Jong
Th vendors are just preying on fear.
Engineering is the art of compromise.
No need to worry yet: AFAIUnderstand, the news is mostly about a chip that holds the private key and generates the key pair on demand.
An (external) device like this might come in handy if there is a break-in and hop... the public key is undamaged, the system alerts, the intruder is screwed (no log deletion etc.). However, I wonder how long will it take to make the chip obsolete (the criptography evolves, the chip does not!).
The chip is shipped for some time now with (some) IMB laptops, and has a GPL driver and Linux support.
And btw, IBM, one of the adopters, is not interested in "one OS to rule them all". Look: MS forcedly dominates, prices rize, IT budgets rise, no one buys IBM's Iron.
Moreover, IBM is interested in commodization of OS market. They've spent billions on Linux and OSS, and they are reaping the reward -- increased demand in servers and services.
WYSIWIG, but what you see might not be what you need