Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Trusted HW Standard For Windows 8 To Support Chinese Crypto

Posted by timothy on from the as-if-I-can-read-chinese-at-all dept.

An anonymous reader writes "A new version of the Trusted Platform Module, called TPM2 or TPM 2.0 by Microsoft, has apparently been designed specifically for the release of Windows 8 this week. The details of this new standard have been kept secret. But a major update to the original TPM standard, which came out 10 years ago, seems to have been very quietly released on the Trusted Computing web site (FAQ) earlier this month. Following in the footsteps of the original, this version is quite a challenging read (security through incomprehensibility?). But this new version also seems to support some controversial crypto algorithms that were made public by the 'State Encryption Management Bureau' of China for the first time about 2 years ago. This is roughly the time that Microsoft seems to have begun working in earnest on TPM2, Windows 8, and probably even Surface. But that's probably just a coincidence. This crypto is controversial because of serious EU concerns with domestic restrictions on the implementation, use, and importation of cryptography in China."

4 of 87 comments (clear)

  1. Good crypto is born secret, even in the US by fustakrakich · · Score: 5, Funny

    If it has publicly released, its usefulness is questionable.

    --
    “He’s not deformed, he’s just drunk!”
  2. Re:secret standards? by CanHasDIY · · Score: 4, Insightful

    The same way secret interpretations of law work, I suppose.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  3. Re:TPM Of Evil by fuzzyfuzzyfungus · · Score: 4, Informative

    Well guys, I don't know about you, but I have only one question: Is it a separate chip on the motherboard? Because if it is, I'm hosting SMC desoldering classes the day this thing hits the market. Who'd have thought the day would come when we'd have to modchip our own damn computers...

    Depends on the implementation. Some TPMs are not exactly hard to remove(that riser card on the LPC headers is sold as an option for that particular motherboard, so they made it easy to add or remove.

    Some, like the chip on which that Asus module is based, or a bunch of the Infineon and Atmel ones, are reasonably civilized TSSOPs. Not hard to remove, allegedly packaged to be hard to tamper with at a chip level; but it's your problem if the firmware/BIOS/whatever flips out and refuses to do anything until the TPM is restored(and each one has a unique, and kept secret from you, RSA key burned in, so you have fun cloning/impersonating it to a hostile chipset...)

    If, on the other hand, you have a system with something like the Intel GM45 chipset, you'd better have your microscope and ion beam ready because the TPM is on the same silicon as the motherboard chipset.

    The TPMs from the likes of Broadcom are somewhere in the middle: They are integrated directly with some of the company's ethernet(and possibly other; I'm only familiar with the ones in some GigE products) chips; and aren't exactly going to be trivial to remove; but your computer will still work if you take a screwdriver to that part, unlike the Intel ones.

  4. Re:It's actually the opposite by wonkey_monkey · · Score: 4, Funny

    NSA doesn't have the worlds fastest computers

    [citation classified]

    --
    systemd is Roko's Basilisk.