Slashdot Mirror
Army to Require Trusted Platform Module in PCs
Overtone writes "Federal Computer Week is reporting that the U.S. Army will require hardware-based security via the Trusted Platform Module standard in all new PCs. They are a large enough volume buyer that this might kick start an adoption loop."
Is TPM actually shipping in any product other than the Intel Macs?
To be exact, the problem is that one of their superiors got bribed by a criminal company. If someone whose duty is to manage security doesn't recognize snake oil and backholes in TPM even with all the publicly available opinions, it's either the person guilty of sabotage or is unfit for that position -- and if his superiors allowed such an inept person on such an important position, at least one of the superiors is guilty of sabotage as well. Wait... so people who spend most of their time blowing up mosques are suddenly "freedom fighters"?
They deserve to be named anything else than "terrorists" about as much as Kerry deserves to be named something else than "corrupt populist" or your fearless leader "despot", "liar" and "criminal" (yeah, I may be a dirty foreigner, but I can read the Constitution he swore on or the laws he broke). The military is fine, the mafia that controls it from above is not.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
If you buy a business-oriented motherboard from Intel, there is generally an option for a board with TPM. My 915GEVLK has the integrated video and audio and gigabit LAN I wanted, along with TPM which I can disable in BIOS. So long as it's not drastically raising the price of the board, there's nothing wrong with letting the end user have an extra chip or two that he can choose to use or not.
I'll be your candy shop of infinite deliciousity if you'll be my discotheque of endless rump-shaking.
All of Apple's Intel-based Macs have a TPM module, in order to restrict Mac OS X to running on genuine Apple hardware.
Does this decision pave the way for Apple to become a preferred supplier as shortly their entire model lineup will feature TPM modules with a relatively secure operating system?
Specialist Mac support for creative pros, Melbourne
This doesn't answer the question at all.
It all depends on who controls the root certificates that are used by the trusted computing hardware to verify the signatures of the BIOS and of the boot image. If you think it'll ultimately be someone who is "friendly" to Linux and open source in general, think again. There's a very good chance that Microsoft, or someone beholden to them, will wind up with control.
If that happens, Microsoft will have complete control over the set of OSes that can run in "trusted mode" on these computers. And you can expect entities like the Army to insist that there be no way to run an "untrusted" OS on these computers without some sort of magic certificate or something, which conveniently only entities like the Army will get.
I, for one, don't want to depend on the good graces of a company like Microsoft for such a thing.
So yes, it does lock out linux, unless we get really, really lucky. Who here wants to bet on that? Not I.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
In principle then, FOSS operating systems should be able to use TPM to enhance the trust that their owners have in them, in contrast to the way in which MS systems will use it to enhance the trust that content providers have in the platform. It all comes down to the way it's used.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
If I gather correctly, the TPM takes care of providing decryption keys to the operating system once it can confirm the system is in a known state. What I still don't understand is how this "known state" together with the necessary decription keys are communicated to the TPM in the first place. Is there a central authority that takes care of this? If so, how would this affect Open Source operating systems?
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
IIRC (and if army is not completely crazy) army does not plan to use TCP as a way to give RIAA and MPAA control of army PCs.
If that assumption is correct, army will be supplying encryption keys into TCP, not PC manufacturer, not RIAA, not MPAA, not Sony, etc.
It also means, that TCP, as deployed in army, will be able to be "owned" (meaning "0wn3d", controlled, etc.) by the owner of the PC (in this case army), not media cartels.
And that finaly means, that even I or you may be able to found such TCP usefull, usefull for us.
On the other hand, those more paranoid may object, that army will get different TCP in their PCs than "common consumers". The only difference may be just that little thing: who supplies encryption keys - meaning: "not common consumer".
hany
No doubt they are all busy helping repress the freedom fighters in the Iraq and making it part of the American Empire.
You're confused. The last American Empire was the Inca empire, which was conquered by the Spanish in the 1500s. Several European empires later held parts of America. There is no American Empire today.
As for freedom fighters, be clear about to whom you're referring. There are many freedom fighters in Iraq, including Iraqis, Americans, Britons, and people from many other countries. They are in uniform, and they take great care to avoid civilian deaths wherever possible.
There are also a contingent of cowardly, rabid theocrats who are inflicting mayhem on any large crowd of people they can find, in hopes of establishing their particular perversion of religion as a dominant force in the region. If you're referring to the suicide junkies as "freedom" fighters, then you're a blithering idiot.
the military are a joke.
Be glad you live in a country where telling a joke doesn't get you flogged to death for heresy, you ungrateful little twat.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I'd say it's more like "We didn't like how you were doing things before, so we're going to change them." Call it an expansion of the Monroe Doctrine, if you will. And yes, the prospect of getting large amounts of oil from a nation other than Saudi Arabia was most certainly a factor.
Not saying that any of this SHOULD have happened. It just sounds like your reasoning is grounded solely in your dislike for Bush, and that makes a poor basis for a rational argument.
"Ask not what your country can do for you." --John F. Kennedy
And its real use is Digital Rights Management: this doesn't just mean preventing people from playing MP3's, but ensuring that only the software that the document author or the software vendor authorizes to open a document can open that document. There are actually good security uses for such authentication. Unfortunately, it also means that documents become much more traceable, and that the encryption keys for almost all such software, especially purchased software keys, are sitting in a database somewhere that the NSA can subpoena or just steal at will.
So kiss personal privacy goodbye with these tools. The Trusted Computing CD burners and encryption widgets can and will have backdoors in them involving the vendor keys to access the data you do not want them to access.
No, there is a problem. In fact, it's a huge problem. The problem is, the users are NOT in the position to trust or distrust binaries!
Because Microsoft et. al. designed the system to be secure against the user, they made it a point to withold the private key so that all signing is done by them, not the user. Considering that the entire point of the GPL is to have the user in control, "Trusted" (or rather, Treacherous) Computing is fundamentally incompatible with the GPL!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Why isn't the user in the position to trust binaries? In a TPM-supporting Linux stack, the only people in control of the trust or distrust are the administrators of the system. The hardware doesn't block software, the software uses the hardware to authenticate it. The software can then block it based on the rules set up by the administrator.
Yes it's true. After you make changes to the sourcecode of software and re-compile it, it's no longer 'Trusted'. BECAUSE THAT'S THE WHOLE POINT! ... but I didn't change anything. Perhaps I have a virus." It's again a way to verify that changes you didn't make, arn't being run. In that respect it grants the user more control over their computer, because it provides them with more information.
Back off of piracy and conspiricy issues. If I write 'FSM-wordprocessor' and get it signed, you and everyone else gets to trust that I & the signing agency have verified that the software is exactly as I intended it to be. Currently if Bob decides to create a virus, he can create one that rewrites one of my modules to do what it was originally intended to do, as well as whatever malicious thing he want's it to do. Currently there is no way for me to verify that when I run 'FSM-wordprocessor', I am running the original code, or the one with the virus. Trusted computing does that. That's why the military wants it. It fulfills a vital security role for them.
For the average user, it also fulfills a vital role. "Hey my OO2.0 pops up as not trusted
The only time trusted computing doesn't make sense, is when you are working in a development environment. In any live production environment, knowing that what you think you are running is what is actually running is a good thing. When you are doing development, obviously you can't get things certified each time you recompile it - hell on a bad day, that would be 30-40 recerts for a subroutine. What you need is degrees of trust.
If you want to tweek & recompile the kernel, go ahead & then hit it with a 'personal trust' cert. But don't hand it to me & say this is the greatest mod to the kernel ever & expect me to trust it. The problem is not with 'Trusted Computing' the problem is with implimentation. If there is only Trusted/UnTrusted, then there's an issue. If I can define who I trust and what I trust, then things are good. If I can only trust what somebody else tells me is trustworthy, then it's bad.
The problem is going to be when you take your personal signed kernel and try to run trusted software that is going to go looking for a 'High Order' cert. Let's face it, if my concern is securing data - state secrets or 'Boy Band of the Week vol 1' - I can't verify that the data is secure if you have changed the kernel, since you could be ghosting every buffer to a non-secure memory space. Now is that a problem? only if you are trying to use software that explicitly requires the OS to be certed. Most FOSS isn't going to care. The stuff that does is going to be related to securing other people's Data. IE. you won't be able to run 3rd Party Secure Data Relay Proxie v4 on an unCerted Kernel because the 1st & 2nd p
"remember the USB drives showing up at bazaars?"
Here's a clue, the Army/Air force/Marines/Navy may be dumb at times, but sometimes - just sometimes, they get it right.
Disinformation is alive and well.
Trusted hiring? Well thought out, opportunities for information theft?
Priceless.