Slashdot Mirror

← Back to Stories (view on slashdot.org)

Army to Require Trusted Platform Module in PCs

Posted by ryuzaki0 on from the wind-talkers dept.

Overtone writes "Federal Computer Week is reporting that the U.S. Army will require hardware-based security via the Trusted Platform Module standard in all new PCs. They are a large enough volume buyer that this might kick start an adoption loop."

8 of 337 comments (clear)

  1. Re:call me cynical, but by Dachannien · · Score: 3, Informative

    AMD drank the Kool-Aid some time ago.

  2. This does not lockout Linux by DrJimbo · · Score: 5, Informative
    TFA says:
    Is TCG creating specifications for just one operating system or type of platform?
    No. Specifications are operating system agnostic. Several members have Linux-based software stacks available. In addition to our work on the PC platform, we have a specification for Trusted Servers and are working to finalize specifications for other computing devices, including peripherals, mobile devices, storage and infrastructure.

    --
    We don't see the world as it is, we see it as we are.
    -- Anais Nin
    1. Re:This does not lockout Linux by SiliconEntity · · Score: 4, Informative

      It all depends on who controls the root certificates that are used by the trusted computing hardware to verify the signatures of the BIOS and of the boot image.

      I'm sorry, but you don't know how Trusted Computing works. Almost everything you have been told about it is a lie.

      There are no root certificates used by TC hardware to verify the signatures of the BIOS and the boot image.

      What happens is that the BIOS, OS loader and potentially the OS itself send information to the TPM chip about the hashes of the software that is loading. User software can then, if it chooses, query the TPM chip and get a cryptographically send message telling what these hashes are. The software can use this to report the software configuration that booted.

      The root certificates get involved because the TPM crypto key never leaves the chip. The TPM manufacturer has a root certificate which it uses to sign each TPM key. This way people can tell that a message actually comes from a valid TPM and not a fake. It prevents virtualization of TPMs. This is what allows software to report its configuration in a trustable way. It is what gives the system its name, Trusted Computing.

  3. Re:Macs only? by lukas84 · · Score: 5, Informative

    Lenovo Thinkpads and Lenovo ThinkCentres. (Select Models).

    My R51 has one.

  4. Re:Trusted by SiliconEntity · · Score: 5, Informative

    From what I understand, Trusted in this context is used as in "I entrust it with my security" rather than "I find it worthy of my trust."

    No, that's a common fallacy; in fact, it's an intentionally constructed fallacy. Trusted in this context means that you have evidence to trust that the computer will behave in a specified way, particularly from the point of view of remote access. Normally when you connect to a computer remotely you have no way of knowing what it's doing. It could be essentially running any software at all. But if you connect to a Trusted Computer, it provides cryptographic evidence about its software configuration. Knowing what software it is running gives you grounds to know how it will behave; and to trust that behavior. That is the real meaning of Trusted Computing.

  5. Re:Two sides by segedunum · · Score: 4, Informative

    BZZZT wrong... with a Linux based software stack, you should be able to sign your own code and thus ensure only code you've signed and code signed by others YOU trust can be run...

    Signing your own code is not what he's talking about. Signed, and encrypted, code downloaded to run on your machine from elsewhere and how it is used is totally at the mercy of what vendors stipulate can be done with it. If they want an effective way of timebombing software because you haven't paid up then they have the framework to do that. If they want to break data protection laws and start communicating usage statistics and other sordid details, encrypted and safe from prying eyes, then they now have a means for doing that. It also means that it is almost certainly going to be nigh on impossible to switch to a competing vendor's products.

    Some people seemingly have no idea what the trust in Trusted Computing actually means. What it means is that external people and organisations, particularly software vendors, content companies etc. have a way for them to trust my computer or equipment. Whether I can trust the computer or electronic equipment I own, and what software run on there actually does, is an entirely different matter. It's a fundamental shift in the idea of how computers work that will probably end in anarchy and chaos.

    http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

  6. just in case... by joe+155 · · Score: 4, Informative

    ...you're interested I read a rather interesting article about trusted computing the other day ( http://www.gnu.org/philosophy/can-you-trust.html ). He makes some good points.

    --
    *''I can't believe it's not a hyperlink.''
  7. Next Generation Security by trend007 · · Score: 3, Informative

    Hi all,

    TCG/TCPM stuff, though not completely finished (the DAA mechanism that was introduced in v1.2 is a good example of how the TCG adapted to outside criticisms, and they're starting to work on v1.3) and surely not understood (the word "trust" is a huge factor in that), is having the same effect as PKI a few years back. Except that nowadays times of ignorance and fear (in particular of the big companies behing the TCG) multiply this effect by thousands. "Trust" is more and more acting like the point of concentration of the security problems, its complexity being coupled with new emerging (and very innovative) threats.

    First think of the TPM as a chip that provides standard cryptographic functions (RAS SHA-1, HMAC, AES), so instead of doing it in software anyone will be able to use hardware implementations. Furthermore there are facilities for key creation and management. With the special focus on this "security chip" (such chips already existed in various forms), the designers hope to improve drastically the level of security of modern computer science (95% of emails are spam, botnets of millions of computers, hackers make huge money out of their job, ransomware, etc. etc.).

    Obviously this TECHNOLOGY (and please always keep this in mind: it's a tool, it is to be used by other applications, most importantly OSs, to improve security; apart from secure boot, that is not compulsory at the moment, there's no obligation to use the TPM even if it's here) is not perfect, it will evolve. It will have to CONVINCE, to get TRUST. As I'm saying to most of my Trusted Computing colleagues, I think that challenges set by the opponents of TCG are actually a means to improve the security of this technology (but beware of popularity-seeking criticisms, not all the criticisms are well-founded).

    Read tha FAQ:
    https://www.trustedcomputinggroup.org/faq/TPMFAQ/