Slashdot Mirror

← Back to Stories (view on slashdot.org)

Army to Require Trusted Platform Module in PCs

Posted by ryuzaki0 on from the wind-talkers dept.

Overtone writes "Federal Computer Week is reporting that the U.S. Army will require hardware-based security via the Trusted Platform Module standard in all new PCs. They are a large enough volume buyer that this might kick start an adoption loop."

12 of 337 comments (clear)

  1. Re:call me cynical, but by Dachannien · · Score: 3, Informative

    AMD drank the Kool-Aid some time ago.

  2. This does not lockout Linux by DrJimbo · · Score: 5, Informative
    TFA says:
    Is TCG creating specifications for just one operating system or type of platform?
    No. Specifications are operating system agnostic. Several members have Linux-based software stacks available. In addition to our work on the PC platform, we have a specification for Trusted Servers and are working to finalize specifications for other computing devices, including peripherals, mobile devices, storage and infrastructure.

    --
    We don't see the world as it is, we see it as we are.
    -- Anais Nin
    1. Re:This does not lockout Linux by SiliconEntity · · Score: 4, Informative

      It all depends on who controls the root certificates that are used by the trusted computing hardware to verify the signatures of the BIOS and of the boot image.

      I'm sorry, but you don't know how Trusted Computing works. Almost everything you have been told about it is a lie.

      There are no root certificates used by TC hardware to verify the signatures of the BIOS and the boot image.

      What happens is that the BIOS, OS loader and potentially the OS itself send information to the TPM chip about the hashes of the software that is loading. User software can then, if it chooses, query the TPM chip and get a cryptographically send message telling what these hashes are. The software can use this to report the software configuration that booted.

      The root certificates get involved because the TPM crypto key never leaves the chip. The TPM manufacturer has a root certificate which it uses to sign each TPM key. This way people can tell that a message actually comes from a valid TPM and not a fake. It prevents virtualization of TPMs. This is what allows software to report its configuration in a trustable way. It is what gives the system its name, Trusted Computing.

    2. Re:This does not lockout Linux by mpcooke3 · · Score: 2, Informative

      While doubtlessly you are technically correct, for desktop computing i'm not sure it makes much difference.
      Since only the windows hash will allow secured files to be open and secured apps to be run.

      Microsoft will easily be able to convince the MPAA/RIAA that the only safe hash is the windows one and make the office formats "secured" to the windows hash. Some organisations like debian may not wish or be able to restrict peoples rights to their own machine so there will be no reason for anyone to value their hash (also you can bet microsoft will give kickbacks to companies that allow their formats to only play back under a windows hash).

      Ultimately everything that normal users want like to read files, play music, watch films, read emails could result in requiring a windows hash, at what point microsoft might as well just be doing all the signing with their own Root key all other OS hashes are useless. Except this way is slightly preferrable to Microsoft because the technology looks platform neutral.

  3. Re:Macs only? by lukas84 · · Score: 5, Informative

    Lenovo Thinkpads and Lenovo ThinkCentres. (Select Models).

    My R51 has one.

  4. Re:Trusted by SiliconEntity · · Score: 5, Informative

    From what I understand, Trusted in this context is used as in "I entrust it with my security" rather than "I find it worthy of my trust."

    No, that's a common fallacy; in fact, it's an intentionally constructed fallacy. Trusted in this context means that you have evidence to trust that the computer will behave in a specified way, particularly from the point of view of remote access. Normally when you connect to a computer remotely you have no way of knowing what it's doing. It could be essentially running any software at all. But if you connect to a Trusted Computer, it provides cryptographic evidence about its software configuration. Knowing what software it is running gives you grounds to know how it will behave; and to trust that behavior. That is the real meaning of Trusted Computing.

  5. Re:call me cynical, but by hector_uk · · Score: 2, Informative

    "OMG, you may not mention that our pet poster-boy company is just as evil as the very very evil monopolist. You have to say "Oooooh, but in AMD's case, blah blah blah ...", and since Apple's MacOS X includes mandatory activation even surpassing the invasiveness of Vista, you also have to say "Oooooh, but in Apple's case, blah blah blah ..."." OS X requires no activation, it does not even have a CD key, every retail copy is identical so it's impossible for apple to tell if you pirate it, that registration screen is mainly to set up user details such as your address book and that apple can send you crap to your email address if you neglect to check tick boxes. what the fuck does this have to do with anything.

  6. Re:Two sides by segedunum · · Score: 4, Informative

    BZZZT wrong... with a Linux based software stack, you should be able to sign your own code and thus ensure only code you've signed and code signed by others YOU trust can be run...

    Signing your own code is not what he's talking about. Signed, and encrypted, code downloaded to run on your machine from elsewhere and how it is used is totally at the mercy of what vendors stipulate can be done with it. If they want an effective way of timebombing software because you haven't paid up then they have the framework to do that. If they want to break data protection laws and start communicating usage statistics and other sordid details, encrypted and safe from prying eyes, then they now have a means for doing that. It also means that it is almost certainly going to be nigh on impossible to switch to a competing vendor's products.

    Some people seemingly have no idea what the trust in Trusted Computing actually means. What it means is that external people and organisations, particularly software vendors, content companies etc. have a way for them to trust my computer or equipment. Whether I can trust the computer or electronic equipment I own, and what software run on there actually does, is an entirely different matter. It's a fundamental shift in the idea of how computers work that will probably end in anarchy and chaos.

    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

  7. just in case... by joe+155 · · Score: 4, Informative

    ...you're interested I read a rather interesting article about trusted computing the other day ( http://www.gnu.org/philosophy/can-you-trust.html ). He makes some good points.

    --
    *''I can't believe it's not a hyperlink.''
  8. Next Generation Security by trend007 · · Score: 3, Informative

    Hi all,

    TCG/TCPM stuff, though not completely finished (the DAA mechanism that was introduced in v1.2 is a good example of how the TCG adapted to outside criticisms, and they're starting to work on v1.3) and surely not understood (the word "trust" is a huge factor in that), is having the same effect as PKI a few years back. Except that nowadays times of ignorance and fear (in particular of the big companies behing the TCG) multiply this effect by thousands. "Trust" is more and more acting like the point of concentration of the security problems, its complexity being coupled with new emerging (and very innovative) threats.

    First think of the TPM as a chip that provides standard cryptographic functions (RAS SHA-1, HMAC, AES), so instead of doing it in software anyone will be able to use hardware implementations. Furthermore there are facilities for key creation and management. With the special focus on this "security chip" (such chips already existed in various forms), the designers hope to improve drastically the level of security of modern computer science (95% of emails are spam, botnets of millions of computers, hackers make huge money out of their job, ransomware, etc. etc.).

    Obviously this TECHNOLOGY (and please always keep this in mind: it's a tool, it is to be used by other applications, most importantly OSs, to improve security; apart from secure boot, that is not compulsory at the moment, there's no obligation to use the TPM even if it's here) is not perfect, it will evolve. It will have to CONVINCE, to get TRUST. As I'm saying to most of my Trusted Computing colleagues, I think that challenges set by the opponents of TCG are actually a means to improve the security of this technology (but beware of popularity-seeking criticisms, not all the criticisms are well-founded).

    Read tha FAQ:
    https://www.trustedcomputinggroup.org/faq/TPMFAQ/

  9. Re:Trusted by mrchaotica · · Score: 2, Informative

    Actually, Trusted in this context means "the people in control can trust my computer to be secure against me," where "the people in control" refers to those who hold the private key to the TPM. In the case of the general public, this is the Trusted Computing Group (which includes such bastions of personal freedom as Microsoft); in the case of the Army it should be the Army, but I fear it will still be the Trusted Computing Group.

    See, that's what's so bad about Trusted Computing: if the owner of the PC had the private key, it would be great. But because some external entity has the private key, it's evil -- and it was intended to be that way!

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  10. Re:Oooh great... by xanalogical · · Score: 2, Informative

    > a set of regions locally ruled by governors, viceroys or client kings in the name of another

    Empires come in different flavors, not just militaristic but economic, philosophical, legalistic, etc.

    The American Empire partly arises from a careful weakening of the sovereign membrane between countries, such that they begin act as one, with direction from a power center outside of many of them. Some examples:

    1. The US hooking into the European SWIFT financial network to monitor non-US transactions.

    2. The US requiring air flights that _both_ originate and terminate in other countries, such as Canada, to comply with US laws, in _case_ the flight strays over US airspace (reciprocal rules do not apply re US flights that might stray into Canadian airspace).

    3. US tracking of Canadian financial and medical transactions, because the companies in Canada are multinationals with offices in the US, and therefore such transaction data *leaks* across the border into various processing centers.

    4. An effort to apply US copyright and patent laws around the world, for a more uniform legal environment.

    5. The destruction of many privacy safeguards in Europe because the US finds they get in the way of security and business.

    The US is dictating terms to other countries - it is not a give-and-take healthy interaction of equals, with foreign ideas having an equal chance to take root in the US. The other nations look more and more like those "client kings", ruling with the permisson of the multinationals, many of which are based in the US.

    I'm NOT saying something silly like Bush is an emperor. I'm saying the US is calling the shots, for many countries. Probably a better term would be the American Hegemony - the dominance of one group over other groups, with or without the threat of force, to the extent that, for instance, the dominant party can dictate the terms of trade to its advantage; or more broadly, that cultural perspectives become skewed to favor the dominant group.