Slashdot Mirror

← Back to Stories (view on slashdot.org)

Army to Require Trusted Platform Module in PCs

Posted by ryuzaki0 on from the wind-talkers dept.

Overtone writes "Federal Computer Week is reporting that the U.S. Army will require hardware-based security via the Trusted Platform Module standard in all new PCs. They are a large enough volume buyer that this might kick start an adoption loop."

8 of 337 comments (clear)

  1. Oooh great... by masklinn · · Score: 5, Insightful

    The question still remains whether the user himself can trust the trusted computing platform.

    If your government or seller or whatever doesn't trust you, doesn't even try in the least, how the hell are you supposed to trust him? The most logical path would be to fully distrust him. And therefore to distrust and refuse trusted computing platform.

    --
    "The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
  2. This does not lockout Linux by DrJimbo · · Score: 5, Informative
    TFA says:
    Is TCG creating specifications for just one operating system or type of platform?
    No. Specifications are operating system agnostic. Several members have Linux-based software stacks available. In addition to our work on the PC platform, we have a specification for Trusted Servers and are working to finalize specifications for other computing devices, including peripherals, mobile devices, storage and infrastructure.

    --
    We don't see the world as it is, we see it as we are.
    -- Anais Nin
  3. Re:Macs only? by lukas84 · · Score: 5, Informative

    Lenovo Thinkpads and Lenovo ThinkCentres. (Select Models).

    My R51 has one.

  4. Trusted Computing Great for Corporate/Government by QuantumFTL · · Score: 5, Insightful

    I personally abhor the notion of Trusted Computing on my personal computer, but if you're using a computer provided to you by the government or a corporation for the express purpose of working, it's their right to control what goes on on that computer. It's possible that this will help to stem the tide of malware (at least in corporate environments) by rejecting execution privledges, and allow IT staff to better enforce policies about what can and cannot be run on their computer. It would also help stop things like the Free USB Key Attack (formerly discussed on slashdot).

    Of course, this could also make users feel like they are not trusted, and could even lead to overconfidence in the security of the system. Still I see it as a major plus, at least unless I get saddled with it at home.

  5. Does this pave the way for Apple hardware? by PhunkySchtuff · · Score: 5, Interesting

    All of Apple's Intel-based Macs have a TPM module, in order to restrict Mac OS X to running on genuine Apple hardware.
    Does this decision pave the way for Apple to become a preferred supplier as shortly their entire model lineup will feature TPM modules with a relatively secure operating system?

    --
    Specialist Mac support for creative pros, Melbourne
  6. Slightly different but... by Flying+pig · · Score: 5, Insightful
    We recently visited a customer who seem to be on the verge of announcing that anybody accessing their systems with any sensitive information will be required to use e-Gap, a dongle based security system from a Microsoft subsidiary (and not to be confused, as Google does, with electronic Grant Application and Processing.) The internal IT people told us e-Gap would refuse to allow a client to connect if it did not have working anti-virus installed, and that in order to verify this, active-x objects would be downloaded to inspect the system. If I have this wrong, apologies, but I'm reporting what I was told.

    This is a worrying scenario. Apart from the minor issue that external users will not want to pay for the dongles and that the internal customer is seeing his IT bill spiral, Trusted Computing seems to be heading to a Mexican standoff situation as follows:

    Device 1: Permit me to inspect your system by downloading and running this program.
    Device 2: Only after YOU have allowed me to verify your credentials by uploading and running this program.
    Device 1: No, it is I who am deciding whether you are to be trusted!
    Device 2: No, it is I who am deciding that!
    Device 1: Anyway, my content is digitally signed by Microsoft, and you must trust it.
    Device 2: Microsoft? Not a hope in Hell. I require all downloads to be digitally signed by Steve Jobs in person with a DNA signature.

    And so on. Quis custodiet ipsos custodes? And how long before an army unit gets wiped out because of a defective dongle?

    --
    Pining for the fjords
  7. Re:Trusted by SiliconEntity · · Score: 5, Informative

    From what I understand, Trusted in this context is used as in "I entrust it with my security" rather than "I find it worthy of my trust."

    No, that's a common fallacy; in fact, it's an intentionally constructed fallacy. Trusted in this context means that you have evidence to trust that the computer will behave in a specified way, particularly from the point of view of remote access. Normally when you connect to a computer remotely you have no way of knowing what it's doing. It could be essentially running any software at all. But if you connect to a Trusted Computer, it provides cryptographic evidence about its software configuration. Knowing what software it is running gives you grounds to know how it will behave; and to trust that behavior. That is the real meaning of Trusted Computing.

  8. Microsoft has already won by mcc · · Score: 5, Insightful

    This would be a really worrying thing, but the fact is TPM has already won. It won the instant that Apple adopted TPM and the communities who were publicly worrying and complaining about Palladium and Trusted Computing for all those years went suddenly silent and shrugged the instant that nebulous notions like "freedom" came into conflict with solid, purdy white plastic.

    Here is the thing: TPM's adoption was waiting not on an adoption cycle exactly, but an apathy cycle. TPM was never something that the consumer was supposed to approve of, want, or even really know was there. The adoption of TPM was mostly counting on the consumer not having any idea what they were buying, counting on the blinking 12:00 effect, counting on the idea that most consumers would not even know TPM was in their computer until the first time that they try to do something and the computer says "no".

    TPM isn't there for the consumer. It's there to protect the computer from the consumers. It's there to allow software and content vendors to trust your computer, to trust your computer to ensure it will act in their interests and not yours. These vendors are the ones that TPM is being done for the benefit of, not the consumer. This means that in order for TPM to win, it isn't necessary for the consumer to "adopt" it. All that has to happen is for the consumer to fail to actively reject it when it is quietly dropped into the hardware they were going to buy anyway.

    And that's already happening. So although the military would legitmately represent an adoption cycle-- the military, of course, has a legitimate and logical need to create networks within which the machinery is trusted and the user is absolutely not-- it doesn't really matter. The military isn't the kind of adoption TPM needs to reach enough critical mass that vendors can begin requiring it in new applications, I don't think-- it's not like military hardware is going to be used to run lots of games and DRMed consumer media, as far as I know. The worrying thing is TPM's level adoption in the consumer segment, since that's where it has potential to do actual harm. And that's already begun, and so far nothing is happening to stop it...

    --
    Irritable, left-wing and possibly humorous bumper stickers and t-shirts