Mac OS X Intel Kernel Uses DRM

An anonymous reader submits "Several people have discovered that the new Intel kernel Apple has included with the Developer Kit DVD uses TCPA/TPM DRM. More specifically, it includes "a TCPA/Palladium implementation that uses a Infineon 1.1 chip which will prevent certain parts of the OS from working unless authorized."

Damn Microsoft!

[Geekenstein]

I hate those bastards! I knew they were going to try and sneak this crap past us! They were plo...oh wait, did you say Apple?

Wow! Spectacular use of technology Steve! You're my hero!

Re:Damn Microsoft!

[gordgekko]

The DRM makes the OS runs snappier!

Re:Damn Microsoft!

[KillShill]

the copyright infringers didn't put the DRM in the machines. trying to prevent people from copying on a computer is like preventing fish from getting wet.

you'll more than likely piss off the users/fish far more than you'll prevent copying.

but that's not even relevant to this issue.

how is paying for mac os x and installing it on an x86 computer you already own, copyright infringement? paying for the software obviously means that the vendor has complete control over what you do with it.

it's a sad world we live in... because we're all responsible for our ills, in one way or another.

Re:Damn Microsoft!

[Seumas]

You know... as much as it sucks, you have to admit that if people weren't pirating things, there'd be no need for DRM.

That's the same way I feel when a cop wants to search me illegally or otherwise hassles me. Or when my employer wants to make me take a drug test even though I don't even so much as smoke cigerettes or drink alchohol and my job involves me sitting at a desk reading and writing things of little consequence.

Yep. I just think to myself "This sucks, but I don't need to be angry at the police or employers for violating my rights or my privacy. I need to be angry at the weekend pot smokers who make it necessary for people to infringe on my privacy or violate my constitutional rights".

And when the cops shoot a black man for having a candybar in his pocket or shoot an unarmed non violent black man four dozen times at close range, I just think "It sucks, but if black people weren't out there killing every person they come across, these police wouldn't have to senselessly murder any of them".

Seriously man... Get real.

Re:Damn Microsoft!

[Drakino]

Ugg. How many times does it have to be said?

THESE ARE DEVELOPER MACHINES AND DO NOT REPRESENT HARDWARE THAT APPLE WILL SHIP.

There. Apple has said many times they don't plan on using a BIOS in the shipping products, and have hinted at EFI. But the first developer machines have a BIOS, so everyone ignores Apple and assumes it will have a BIOS. Apple has a huge investment in driving forward with 64bit with all the marketing they have done, and yet everyone expects PowerMacs with the same Pentium chips in the developer machines that aren't 64 bit.

Nowthis DRM thing comes up. Will Apple do similar in shipping hardware? It's hard to say. But right now, noone here can say yes or no for sure (unless your sitting at Apple's HQ working on the new products right now). I myself wouldn't be suprised if they do indeed put some kind of protection on, as the Mac OS has always had some kind of odd hardware requirement that prevents it from easially just running on a clone PowerPC box.

Just settle down and wait until real products ship. Because if you have OS X 10.4.1 for Intel, you either have the hardware to run it on due to your developer program, or you pirated the ISO image off some torrent site and have it illegially.

Yeah, sure, OS X will probably be runnable on a non Apple box some day. But guess what, it's likely to be a hacked up solution that kinda sorta works, and leaves you wasting time that could have been spent earning money to just buy a $500 Mac Mini. For me, my Apple hardware is a big reason I moved to OS X. Running OS X on my Dell just wouldn't be the same.

Re:Damn Microsoft!

[RenatoRam]

but as to the drug testing, unless you did not agree to such a thing when you started your job, well, it's kind of like having to deal with a Non-Compete clause. You agreed to it.

I don't know... in more civilized law systems some rights are upheld EVEN if you signed them away.

That's why they are called "unalienable", you know.

Re:Damn Microsoft!

[FireFury03]

You know... as much as it sucks, you have to admit that if people weren't pirating things, there'd be no need for DRM.

Honestly, how can you blame companies for trying to protect their profits when thousands of people are ripping them off every day?

Instead of just blindly saying "pirates are bad" and then handcuffing everyone, even the law abiding people who make them money, they should examin _why_ people pirate. Obviously there is the "pay vs. free" thing, but there are other factors for why people pirate stuff.

A lot of piracy is at least partly down to the pirated material being "better" than the originals in many ways - take TV shows for example. Why do people download them from torrents instead of watching them on TV? Certainly for me, the reason for doing it is that I have to wait well over 3 months after the original air-date for most stuff to get shown here in the UK. I.e. the illegal distribution method is a lot better than the legal one.

Another example: I buy music CDs. Once I have bought them then they get ripped to MP3 so I can easilly get at the music without sorting through stacks of CDs and the CDs themselves only get used on my personal CD player and in the car. So if I buy a CD that's "copy protected" which won't let me do this, it's useless to me, whereas the MP3s of the same CD I can download work fine. I.e. the illegal copies allow me to do what I need (and should be able to do with something I've legally bought), and thus are "better".

A large proportion of people _want_ the legal version of something, but they're not going to buy it if the illegal version is so much better. The producers should look at this and rather than stamping out the illegal competition through restrictions they should improve their own systems so that they "outcompete" the illegal stuff.

Re:Damn Microsoft!

[mrchaotica]

Sure, unless you believe the doctrine of first sale applies. I don't "license" my computer; I buy it. Any information on it or with it is mine just like the hardware is, because I never agreed to any kind of license at the time of purchase.

And before you try to tell me "but that's not how it works," I say fuck "how it works." The scum who think up these fake "licenses" can cram them up their ass! They can claim that EULAs exist and are valid all they want, but it doesn't make it true.

Re:Damn Microsoft!

[Ravenn]

... we're all responsible for our ills, in one way or another.

No, I'm being held responsible for someone else's ills. That's the bit that gets to me. I'm being presumed guilty before I even buy a computer, and therefore restricted in the use of my own property.

I have to deal with speed limits being lowered to deal with idiots who speed, bag searches at supermarkets because of idiots who shoplift, and even more intensive screenings at airports because of morons who want to use innocents for their own personal socio-political stupidity. Now I'm also being restricted in my personal hobby interest and profession?

I think I'll be sticking to Linux, where groups like Debian will remove software because it comes under a license that's too restrictive.

Re:Damn Microsoft!

[Kjella]

And here, ladies and gentlemen, we have another person who have fallen for the FUD and no longer believes you can own a copy - you either own the copyright, or you license it. The copyright, the right to make copies, has always been protected by copyright law. If you sell me a Harry Potter book (the copy), you do not need to have a license agreement with me.

Licensing has nothing to do with the right to make copies. It is about controlling how and what you do with your copy, and to avoid consumer rights we recieve by a sale. For example, to only allow playback on approved devices to limit features (disable fast forward), collect player royalties, enforce artifical market barriers (zones)
or to tie licenses to specific hardware or activation schemes to prevent resale, or to remove the rights you normally would have under fair use and other laws.

Anything that isn't lent, rented or leased, I consider sold. You sell me CDs, DVDs, iTMS songs and Windows XP. Not the copytight, the copy. That is my personal philosophy at least. The law is bought.

Kjella

Isn't this expected?

[Buran]

I had thought that it was widely known that OS X won't run on anything not sold by Apple as a Mac.

Gentlemen, start your debuggers

[Jeremi]

The first person to crack this DRM implementation will win a free story about it on Slashdot!

Zealotry

[NitsujTPU]

More specifically, it includes "a TCPA/Palladium implementation that uses a Infineon 1.1 chip which will prevent certain parts of the OS from working unless authorized."

Oh no, my two sources of zealotry are colliding. Eeek! It can't be evil if Apple does it, right... but DRM is always evil, right? /. I need you! Tell me what to think!

Don't get your panties in a bunch.

[Durandal64]

Apparently Apple's DRM kernel extension only gets involved when Rosetta is executing code. In other words, if you're running native code, there's no checking. But apparently some critical parts of the kernel are still being executed by Rosetta. And reimplementing the `AppleTPMACPI.kext' in a completely harmless manner (such that it always returns a "Yes go ahead" signal) is an option. As is replacing it at runtime via mach_override.

These boxes aren't even for sale yet. I'm sure that it'll be cracked before that even happens.

Not in the kernel

[annodomini]

The headline states "Mac OS X Intel Kernel Uses DRM". According to TFA, it's Rosetta (the PPC emulator, which isn't written by Apple) that uses DRM, not the kernel of the OS itself: We've discovered that the Rosetta kernel uses TCPA/TPM DRM. Some parts of the GUI like ATSServer are still not native to x86 - meaning that Rosetta is required by the GUI, which in turn requires TPM. In fact, we already know that the kernel doesn't use DRM and can run on any Intel box you want, because it's open source and can be downloaded here. It's the GUI that Apple wants to be locking in to their hardware, not the kernel. I suspect that they probably will make something other than Rosetta check the TCPA chip, but that's not what is going on right now.

Actually...

If you analyzed the mach_kernel binary file on the Developer Kits, you would see that the kernel is vastly different than the Darwin 8.2 that Apple released as open source. For one thing, it automatically calls the oah750 daemon (better known as Rosetta) every time that it finds a non-universal PPC executable.

Before the kernel uses Rosetta to execute the PPC application (i.e. ATSServer in the case of starting a GUI), it calls the TPM kernel extension and checks the private keys in the TCPA chip. This is the only thing, as far as is apparent, that prevents Mac OS X from flawlessly running on a non-Apple system.

Awww.

[Graymalkin]

Everyone here has been waiting for OSX-x86 ISOs to hit torrent sites so they can run OSX on their whitebox PCs. As has been seen many times before, not every ADC member holds up their end of the bargain with regard to their NDA. Knowing this full well it was rather obvious Apple would have to take some sort of action to keep their OS from being widely pirated within days of the first dev kits being delivered.

There's a lot of hand waving here about companies removing people's rights and slippery slope arguments along the lines of "if they do X they will eventually do Y for reason Z". This entirely ignores the fact that Tiger-x86 is probably the hottest thing to hit torrent sites in a long time. It was bad enough when developer releases of Tiger for PowerPC were making the rounds and people were making stupid assessments of the system months before release. The development kits and pre-release copies of OSX are meant to be in Mac developer hands, not Joe Dork down the street on his PC.

It is not a particular right to run OSX on anything but a Mac, the OSX EULA that you have to agree to in order to install the system specifically states that. Apple locking OSX onto Macs means they can continue to sell the machines with a straight face. No one would bother to buy a Mac if they could just grab a copy of Tiger and slap it on their PC at home. Apple would have little incentive to continue Mac development if there were no Macs being sold.

How is the TPM used?

[SiliconEntity]

I know a great deal about TPMs, I have a computer with a TPM. They are very common. Many high end laptops and desktops have TPMs. Here is an up to date list of systems that have TPMs. They include manufacturers such as HP, IBM, Acer, NEC, Dell, Gateway, Toshiba, Fujitsu, and Samsung. You've probably heard of some of them. It's easy to get a computer with a TPM. Probably in a few years it will be hard to get a computer without one.

What does a TPM do? Essentially it is just a crypto chip. It can hold keys, and sign and encrypt data with them. It's completely passive. It never takes control of your system or does anything invasive. It doesn't even monitor the bus or snoop on data flows. It merely hashes, signs and encrypts data, on request from the CPU.

How is it used for DRM? It can't be done today. They way it would be used, sometimes in the future, is to ship the chip with a unique key pre-installed in it, and with a certificate from the manufacturer on that key. Then the BIOS and OS get enhanced to do a "trusted boot" in which every software component gets its hash reported to the TPM. This allows the TPM to send out a crypto-signed "attestation" about the software configuration on the computer. It is signed by the built-in key, and that key is known to be a legitimate TPM key by virtue of the certificate that was created at manufacture time.

This lets a remote server verify that you're running a genuine version of Media Player or iTunes and not some hacked thing that will strip the DRM and put it out on the net. Your system can report its software configuration and that attestation can't be forged, because you don't control a TPM key that has a cert on it from a TPM manufacturer.

It's a complicated system, and no part of it exists today. Manufacturers don't ship TPMs with pre-installed keys, and they don't issue certificates. Nobody wants to touch that stuff with a ten foot poll. I know, I've tried to get a computer with a certified TPM for research purposes, but they're just not available.

How would Apple use a TPM to keep the OS from running on non-Apple PCs? This is the $64 question, but I haven't seen much information about it. If they just look for the presence of a TPM, that won't help much - see above for all the computers out there that have TPMs.

My guess is that it is more likely that the mechanism Apple will use or is using to keep from running on non-Apple hardware is not the TPM. They will probably use a custom chip. The TPM is extremely standard, the Trusted Computing Group has hundreds of pages documenting it. It would be crazy to twist that standard.

Rather, I'm guessing that Apple uses the TPM for crypto purposes, possibly with an eye towards eventual DRM if and when the necessary massive infrastructure ever gets built. Due to its unique position as designer of both the computer and the software, Apple might even be in a unique position with regard to rolling out some form of TPM based DRM, just as they were among the first to create a commercially successful DRM system in iTunes. My speculation is that Apple is not using the TPM to stop hackers porting its software, they're using the TPM because it's useful. It just happens that the hackers don't have many systems with TPMs.

If so, then, it is merely accidental that the use of the TPM is a road block for experimenters determined to run the Apple software on non Apple PCs. It's possible that if they looked at the list they would find some computers lying around that had TPMs in them, and if they tried on those computers, the TPM software would work fine. Maybe the OS would then run in its current form. It sounds like it's worth a try, anyway.

Re:copyrights

[stoborrobots]

The copyrighters right to copyright is not protected by the U.S. Constitution

...
Section 8 - Powers of Congress

Yep - that would be the ability of the US Congress to control whether or not the copyrighters have a right to copyright. Note that it provides congress with a power, it does not provide the people with a right.

Importantly, it has the clause "to promote the Progress of Science and useful Arts" - once copyright is no longer filling that role, it should not be in place...