Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should We Be Afraid of TPM Chips?

Posted by ryuzaki0 on from the trusted-by-whom dept.

AcidArrow asks: "I was looking to buy a new laptop and since I wanted to be on the bleeding edge, I thought one with the new core duo chips would be just what I need. Among the features on the laptops I was looking was 'Trusted Platform Module chip for the safety of your data'. Now, I don't know of any real uses for a TPM chip yet, but is this something that should worry me, or keep me from buying a laptop with said 'feature'? I don't intend to use it and I would like to disable it, if possible, but I don't want to make it easier for anyone to track down what I'm doing on my laptop."

6 of 112 comments (clear)

  1. Be afraid only if you can't use it .. by torpor · · Score: 5, Insightful

    .. yourself, personally, for your own uses. If the TPM 'feature' is only something that a mfr, or software vendor, can exploit to protect data, then its something that you definitely don't want to use.

    But if there were uses for TPM which directly translated into a user feature - like being able to save .DOC files to your USB stick, encrypted to your own TPM serial, for example - then I would say yeah, its something that can be used.

    But frankly, TPM isn't there for you. Its there for software vendors and 'media suppliers' to use in branding content to your machine. Whether thats good or not, is entirely up to whether or not the end user wants less control over where the data can travel .. so far, the only use for it appears to be in keeping MP3 and other Media files, which you did not author, local to your own machine.

    I'd be interested to hear cases where TPM-stamps can be used to actually protect user-author'ed data, though. Would be handy for studio-type people .. like, if I could get my Cubase/Protools session files stamped specifically to my machine, and they can't be used anywhere else, under certain circumstances that could be very handy ..

    But that sort of protection is just as easily provided by tools like GPG and such, and still would depend on the software vendor exploiting that feature, so .. yeah .. it just goes round and round.

    --
    ; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
    1. Re:Be afraid only if you can't use it .. by HaloZero · · Score: 4, Insightful

      But if there were uses for TPM which directly translated into a user feature - like being able to save .DOC files to your USB stick, encrypted to your own TPM serial, for example - then I would say yeah, its something that can be used.

      I can safely say that I do not want this. I use my jumpdrive to keep a backup of three directories; a script automagically copies fresh versions of a particular tree into a branch on my jumpdrive. This is done for portability and backup purposes. If, for example, my .doc and .mpp and *.* files were encrypted with my ThinkPad's TPM serial, then recovery from another machine (lets say that my laptop is stolen, or otherwise destroyed [with fire]) is pointless - there's no way to replicate that serial.

      Long story short: TPM serialization == bad for backups.

      --
      Informatus Technologicus
  2. Nothing to fear by dotslash · · Score: 5, Informative

    Firstly you can disable the chip from BIOS or driver software

    Secondly there are some good uses for it: I use it to store web site passwords, keys and certificates. On my laptop (Thinkpad T43) it is connected to the fingerprint scanner so I can enforce two-factor auth. (finger swipe AND passphrase). I also store the keys for encrypted disk volumes in the TPM (also part of the software IBM/Lenovo offers for the TPM).

    No software can access the TPM without my consent, because it requires finger and password.

    1. Re:Nothing to fear by Jherek+Carnelian · · Score: 4, Interesting

      You might want to do a little research on the efficacy of finger-print identification systems - in short it is pretty much nil. The cheap ones can usually be fooled by simply retrying a bunch of times with the finger at different angles, the more expensive ones can be easily fooled with the equivalent of a jello mold of the valid fingerprint - which can often be lifted directly off the scanner itself via the skin-oil left by the most recent user. So your 2-factor authentication is really more of a 1.1-factor authentication.

  3. Just about every new laptop by linguae · · Score: 5, Informative

    ...seems to have a TPM chip. Thinkpads, MacBook Pros, some Gateway machines, just about every major new laptop manufacturer that I know of has already installed TPM chips in their laptops.

    The important thing to remember, though, is that a TPM chip means nothing if you don't use an OS or software that utilizes the chip for nefarious purposes. If you stick to Windows XP, current versions of OS X (they only use the TPM chip to see if it is a genuine Macintosh), or a free OS (like Linux or BSD), then they won't utilize the TPM chip to restrict your moves. However, you might want to check out any upgrades to the proprietary OSes or proprietary software before you upgrade. You might also want to avoid DRM'd media as well and find alternatives before it is too late.

    Now, if you really don't want a TPM chip in your machine, just buy the last model of the machine that you want that doesn't have a TPM chip. Apple, for example, still sells their G4 line of PowerBooks and iBooks. You'll have to weigh the advantages/disadvantages; do you want to sacrifice performance over a trusted computing chip that has little control depending on your software choices?

  4. Re:People are so afraid.... by MarkGriz · · Score: 4, Funny

    "It seems slashdotters are so afraid of these chips they won't even comment on them."

    Maybe they tried but the TPM chips in their computer blocked them.
    I'm glad I don't hav#&DFGsj3lwkj.s9)
    NO CARRIER

    --
    Beauty is in the eye of the beerholder.