Slashdot Mirror
DRM Based on Trusted Computing Chips
An anonymous reader writes "We've always know that Trusted Computing is really about DRM, but computer makers always denied it. Now that their Trusted Computing chips are standard on most new PCs, they've decided to come clean. According to Information Week, Lenovo has demonstrated a Thinkpad with built-in Microsoft and Adobe DRM that uses a Trusted Computing chip with a fingerprint sensor. Even worse: 'The system is also aimed at tracking who reads a document and when, because the chip can report back every access attempt. If you access the file, your fingerprint is recorded.'"
You can find a list of known Trusted Platform Module (TPM) manufacturers and implementations from the TPM Matrix
He warned us long ago. Of course, even now the masses will fail to be alarmed. "It's only a demo." Etc. "Boil 'em slow, they'll never know." Oh well.
That only applies to OEM copies of Windows, not boxed. Still sucks, I know.
"If he were a plant, people would roll him up and smoke him."
You could do that now with current, older hardware. The business, company or organisation using this technology to identify their employees would not be in control of it. The hardware and software companies will be, as well as anyone else they're in league with.
Change is not always good. Why do I want to pay for equipment that I will not own?
These "TRUSTED" machines are untrust worthly. You will not be able to control what runs on them. Some one else will decide if you can use your own equipment. Just like the lies with HDTV and HMDI. It is about setting up toll booths deep in your own pockets.
The problem with fingerprints is that it's inherently a very insecure way of authentication for two reasons:
Firstly, you can't change it if it leaks out. A password or a credit card number can be easily changed and the damage minimised in case of an information leak. Doing this with a fingerprint is much harder.
Secondly, the fingerprint is very hard to keep secret. Your body has this annoying ability to leave copies of your identification token all over the place, very easy for anyone to pick up. If you were worried about the ability to scan proximity tags (RFID), then you should be really scared about the use of fingerprints as authentication tokens.
If you don't believe me how easy it is to pick up, read this about how to make a copy of ones fingerprint using common household items.
How would this sort of thing affect something like VMWare?
Exellent question.
The Trust chip spys on exactly what software you run. It watches and logs every piece of software right from the BIOS to the bootloader to the operating system, and then it logs either certain applications or all applications you have run since bootup.
The Trust chip securely reports on the exact identity of the software. If you attempt to make even the slightest change in the BIOS or Operating System or anywhere else, the Chip logs that difference.
So the answer is that it is impossible for VMWare to work. VMWare cannot emulate the Trust chip because it does not know the unique crypto key locked inside of the Trust chip, and it cannot emulate the Trust chip by using a substitute key because you cannot forge the Trusted Computing Group's cryptographic signature to activate that key. So the VMWare only has two choices:
(1) VMWare BLOCKS the Trust chip - meaning the software does not work.
(2) VMWare BREAKS the emulation mode and passes I/O directly into and out of the Trust chip without filtering, without modification. The trust chip then "knows" and reports that VMWare is running and that the system is virtualized and again the software does not work.
Trusted Computing defeats/kills virtualization software like VMWare. The very point of Trusted Computing is to prohibit virtualization and to deny people control over their own computers.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.