Army to Require Trusted Platform Module in PCs

← Back to Stories (view on slashdot.org)

Army to Require Trusted Platform Module in PCs

Posted by ryuzaki0 on Thursday July 27, 2006 @05:45PM from the wind-talkers dept.

Overtone writes "Federal Computer Week is reporting that the U.S. Army will require hardware-based security via the Trusted Platform Module standard in all new PCs. They are a large enough volume buyer that this might kick start an adoption loop."

6 of 337 comments (clear)

Min score:

Reason:

Sort:

This does not lockout Linux by DrJimbo · 2006-07-27 17:55 · Score: 5, Informative

TFA says:
Is TCG creating specifications for just one operating system or type of platform?
No. Specifications are operating system agnostic. Several members have Linux-based software stacks available. In addition to our work on the PC platform, we have a specification for Trusted Servers and are working to finalize specifications for other computing devices, including peripherals, mobile devices, storage and infrastructure.

--
We don't see the world as it is, we see it as we are.
-- Anais Nin
1. Re:This does not lockout Linux by SiliconEntity · 2006-07-27 20:18 · Score: 4, Informative
  
  It all depends on who controls the root certificates that are used by the trusted computing hardware to verify the signatures of the BIOS and of the boot image.
  
  I'm sorry, but you don't know how Trusted Computing works. Almost everything you have been told about it is a lie.
  
  There are no root certificates used by TC hardware to verify the signatures of the BIOS and the boot image.
  
  What happens is that the BIOS, OS loader and potentially the OS itself send information to the TPM chip about the hashes of the software that is loading. User software can then, if it chooses, query the TPM chip and get a cryptographically send message telling what these hashes are. The software can use this to report the software configuration that booted.
  
  The root certificates get involved because the TPM crypto key never leaves the chip. The TPM manufacturer has a root certificate which it uses to sign each TPM key. This way people can tell that a message actually comes from a valid TPM and not a fake. It prevents virtualization of TPMs. This is what allows software to report its configuration in a trustable way. It is what gives the system its name, Trusted Computing.
Re:Macs only? by lukas84 · 2006-07-27 18:08 · Score: 5, Informative

Lenovo Thinkpads and Lenovo ThinkCentres. (Select Models).

My R51 has one.
Re:Trusted by SiliconEntity · 2006-07-27 20:07 · Score: 5, Informative

From what I understand, Trusted in this context is used as in "I entrust it with my security" rather than "I find it worthy of my trust."

No, that's a common fallacy; in fact, it's an intentionally constructed fallacy. Trusted in this context means that you have evidence to trust that the computer will behave in a specified way, particularly from the point of view of remote access. Normally when you connect to a computer remotely you have no way of knowing what it's doing. It could be essentially running any software at all. But if you connect to a Trusted Computer, it provides cryptographic evidence about its software configuration. Knowing what software it is running gives you grounds to know how it will behave; and to trust that behavior. That is the real meaning of Trusted Computing.
Re:Two sides by segedunum · 2006-07-27 21:12 · Score: 4, Informative

BZZZT wrong... with a Linux based software stack, you should be able to sign your own code and thus ensure only code you've signed and code signed by others YOU trust can be run...

Signing your own code is not what he's talking about. Signed, and encrypted, code downloaded to run on your machine from elsewhere and how it is used is totally at the mercy of what vendors stipulate can be done with it. If they want an effective way of timebombing software because you haven't paid up then they have the framework to do that. If they want to break data protection laws and start communicating usage statistics and other sordid details, encrypted and safe from prying eyes, then they now have a means for doing that. It also means that it is almost certainly going to be nigh on impossible to switch to a competing vendor's products.

Some people seemingly have no idea what the trust in Trusted Computing actually means. What it means is that external people and organisations, particularly software vendors, content companies etc. have a way for them to trust my computer or equipment. Whether I can trust the computer or electronic equipment I own, and what software run on there actually does, is an entirely different matter. It's a fundamental shift in the idea of how computers work that will probably end in anarchy and chaos.

http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
just in case... by joe+155 · 2006-07-27 21:19 · Score: 4, Informative

...you're interested I read a rather interesting article about trusted computing the other day ( http://www.gnu.org/philosophy/can-you-trust.html ). He makes some good points.

--
*''I can't believe it's not a hyperlink.''