Slashdot Mirror
Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?
An anonymous reader writes "What is the best/newest hardware without trusted computing (TC) / Trusted Platform Module(TPM)? I am currently running ancient 32-bit hardware and thinking about an upgrade to something x64 with USB3, SATA3 and >1 core on the CPU ... but don't want TC/TPM. I have no need to run anything like Blu Ray movie disks or Microsoft Windows that requires TC/TPM or the UEFI boot process. Is anybody else still trying to avoid TC/TPM? What have your experiences been? Any pointers?" Worth reading on this front, too: Richard Stallman on so-called Trusted Computing,.
Don't buy a TPM module? Just because a motherboard supports it doesn't mean you have to turn it on... or am I missing something?
I have no need to run anything like Blu Ray movie disks or Microsoft Windows that requires TC/TPM or the UEFI boot process.
Non sequitur much? What do Blu-Ray movies have to do with a TPM or UEFI secure boot? Also, Windows 8 can be run just fine without UEFI secure boot and doesn't need a TPM. UEFI secure boot is only needed to sell a certified product. Trying to drum up some FUD or what?
My god man, how many Wal-Marts could you possibly need?
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
I'd get in touch with ThinkPenguin. The company avoids trusted computing, non-free dependencies, and other digital restrictions that are bad for users. HP, Lenovo/IBM, Dell, Toshiba, Sony, and Apple are enemies of user freedom and should be avoided. They ship systems with digital restrictions and/or propitiatory pieces that prevent users from replacing things like the wifi in what is otherwise a standard slot. As a result if you get a system with a unsupported wifi card you can't replace it- or in other examples eventually move to a distribution that is 100% free like Trisquel or Parabola GNU/Linux.
ThinkPenguin's been working with the free software foundation on various issues like USB wireless cards and other projects. They helped bring a new chipset to the free software community (ar9271 and the older ar9170). They also don't ship parts/computers dependent on non-free drivers/firmware. The only real exception is the BIOS. That might change if the company gets enough support. Right now it is a non-trivial and significant task to fix. Particularly when every user wants a different configuration and demands the absolute latest in specs (like Haswell for example).
I don't see a problem with it, unless it can't be disabled. If you want all the freedoms, one of those freedoms is to enable or disable a TPM when you want. Maybe the only reason you want a TPM is so you can have one to test ways to circumvent it.
The story about the TPM was a load of horseshit FUD. TPMs are good if you want secure crypto key storage. If you don't, use a tinfoil hat.
"Secure boot" is the thing you want to avoid if you're suitably paranoid.
Just buy it with TPM and turn it off. It's just like 3D televisions--it's a permanent addition to the feature list, regardless of how many people actually want or use it. Yeah it sucks that you pay for stuff you don't use. I'm sure you'll survive the experience.
And if you're paranoid that turning it off won't REALLY turn it off, how do you know a motherboard without a TPM module doesn't REALLY have a super-secret disguised TPM module? If you're that paranoid, you'll have to build the motherboard yourself.
TPM is just a secure hardware keystore. It allows you to store secret keys in it. Don't want it? Don't activate it.
It is most commonly used in corporate machines, but can be used in Linux to support LUKS for full-disk encryption.
As usual, people fear what they don't understand. The trick to TPM is *WHO HAS THE KEYS*. If *I* have the keys, it is a great feature. TPM itself isn't inherently bad any more than any safe is inherently bad.
Stallman's piece focuses exclusively on TPM being implemented as a mandated piece where either the gov't or the media industry has the keys. Focusing on one theoretical use case and determining the entire system is evil is just plain wrong.
Learning HOW to think is more important than learning WHAT to think.
Yawn. Obsolescence built in, with each OSX "upgrade" Apple drop support for a whole generation of hardware. Quad core xeons are now in limbo. Yes, that standard Intel and PCI system is already at a dead end. When the next cat OS is released with a slightly changed icon set, the next top end systems will be excluded.
And as for imacs, zero upgradability other than RAM and high failure rates, also suffer from OSX obsolescence.
So, no, don't go down the Apple route unless you intend to replace the whole system to stay current, even if it doesn't need it.
TCM/TPM is often a business only feature. Consumer motherboards *frequently* don't support it. But full disk encryption programs can, and some do.
In other words, yes, you can totally opt out of buying a motherboard with TPM, including a top-of-the-line Haswell motherboard or an AMD chip, if that's your fancy. But if you buy one, you can also use it as a layer of security for a product like TrueCrypt (I do not know if TrueCrypt specifically supports it, that's just an example). And if you don't want it, you can turn it off.
Stallman's piece focuses exclusively on TPM being implemented as a mandated piece where either the gov't or the media industry has the keys. Focusing on one theoretical use case and determining the entire system is evil is just plain wrong.
Both scenarios are more or less "theoretical", but the most likely to end up widely implemented is exactly the one RMS focuses on. That is why he focuses on it. It's also the reason why the entire thing came into being. The other stuff is a nicety for the geeks, nothing more. That nicety doesn't make the purpose behind it less wrong or evil.
"Stallman's piece focuses exclusively on TPM being implemented as a mandated piece where either the gov't or the media industry has the keys. "
Not quite, the same way F2P games and always online DRM made it so far. Most people are tech illiterate, all that's needed to get TPM out there is a dumb public and some widget they will always buy mindlessly like phones. I expect phones and/or some aspect of videogames to be where TPM is first implemented. The upper classes in america are obsessed with manipulating the public mind for their own corporate profits. I suspect there are people working right this moment to find a way to push more hardware DRM and legal bullshit. I imagine we'll first see this from the game industry and then it will seep into other industries.
The idea that Stallman is 'alarmist' given how dystopian, authoritarian and anti-freedom american copyright and patent law has become and its negative effect on people owning the digital products they buy is already cause for alarm. The fact that digital goods are effectively infininite and people are talking moronically about selling 'used digital games' (bizarre aspect of american capitalist thinking in the non scarce digital world).
See this article, game developers and publisher are seriously totally in bizarro world trying to get rid of the used game market.
http://www.gamasutra.com/blogs/DanRogers/20130806/197733/THE_FUTURE_OF_RESELLING_DIGITAL_VIDEO_GAMES.php
No they don't. They started shipping with them in the mid 2000's, but never built a driver for one, and stopped including it in their hardware in 2009.
Thanks for playin', though.
TPM is normally not included in consumer motherboards. You have to purchase a separate TPModule that plugs into the motherboard's TPM header, and thats assuming the motherboard even has that header in the first place (read the specsheet). The Asus Z77 Deluxe in this machine for example - has no TPM header, and thus has no TPM. Newer versions of that motherboard firmware does include SecureBoot support - but older versions do not. However that must be manually activated, as it defaults to disabled (and consequently must be re-activated every time you reflash/update the firmware). In addition, custom keys are supported.
TPM requires (for Intel) support from the CPU - and some consumer level CPUs (notably the K series) lack that support. The extremely common 3570K for example - cannot use TPM. So in the above case, support is missing on the motherboard level, and on the CPU level. The newer Haswell variants (for both) still has the same inability.
Are you clueless? He's not "talking sense". The whole point here is that it's becoming increasingly difficult to not-buy a TPM. A lot of motherboards now have this shit welded in place, and its presence is often not listed when you're shopping to buy a computer.
An "Ask Slashdot" on how to avoid purchasing Trusted Computing is entirely appropriate. Hell, there should be a goddamn front page story in the New York Times telling people that many computers are being shipped with TPMs, and informing the general public where to shop if they don't want to fork over money for an anti-owner TMP chip pre-welded into whatever computer they buy.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
There was some interesting research presented at Blackhat that pointed out the problems of using the TPM as a root of trust in your platform: https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf The essence of the research is that the TPM is not adequate as a root of trust in the platform because the code that drives the TPM/does the system measurements resides on a mutable EEPROM (the bios flash chip). Therefore any attacker that can gain access to the bios flash chip via an exploit (the researchers presented one) or via an unlocked flash chip (see Yuriy Bulygin's related work) can forge the TPM measurements that serve as the root of trust in your system. This is important because software like Bitlocker uses these TPM measurement values to determine whether or not to decrypt your harddrive...
As usual, people fear what they don't understand.
I've studied the entire TPM technical specification. I understand it in minute detail.
The trick to TPM is *WHO HAS THE KEYS*. If *I* have the keys, it is a great feature.
EXACTLY!
And the entire point here is that you DON'T have the keys. The TPM technical specification is quite explicit that the owner of the computer is FORBIDDEN to ever get his keys. Specifically this means the PrivEK (Private Endorsement Key) and the SRK (StorageRootKey). The owner is forbidden to have his StorageRootKey, because the StorageRootKey is explicitly designed to encrypt data on the harddrive such that the owner of the computer cannot read or alter it. The owner is forbidden to have his Private Endorsement Key because this key is used to secure the Remote Attestation process against the owner. Remote Attestation is where the chip securely (secure against the owner) securely tracks your hardware and the software you run, and sends that spy-report out to other computers over the internet. If the owner had his Private Endorsement key, these Attestation spy-reports wouldn't be secure against the owner.
TPM is just a secure hardware keystore.
It's more than that, but an important part of it is that it's a "secure hardware keystore". Specifically, it is designed to be SECURE AGAINST THE OWNER. The Trusted Platform Module Technical Specification explicitly refers to the owner of the chip as an attack-threat which the chip MUST be secure against.
Stallman's piece focuses exclusively on TPM being implemented as a mandated piece where either the gov't or the media industry has the keys.
The "Master Keys" are held by the Trusted Computing Group. The crucial individual keys are locked inside the Trusted Computing chips, secured against the owners.
Focusing on one theoretical use case and determining the entire system is evil is just plain wrong.
Lets make it really simple. The moment they give owners some option to read their keys out of the chip, or give owners the option to buy chips that come with a printed copy of they keys, then I will jump up front and center proclaiming that Trusted Computing is wonderful and harmless... I'll lead the charge smacking down anyone claiming it's evil.
However the Trusted Computing Group has explicitly refused all demands for any sort of "Owner Override" and explicitly forbid owners to ever get a hold of their own keys. That is because the entire point of Trusted Computing is to secure computers AGAINST their owners. The entire point of Trusted Computing is that "Owners can't be trusted", so they want to be able to "Trust" computers to be secure against the owners.
The moment they allow owners to get their keys then I agree that the owner is in control.
Note that the standard argument against allowing owners to get their keys is that a virus or malware or something might get a hold of the key if it's accessible from the chip, or if it's on the harddrive anywhere. Which is a patently bullshit argument for refusing to let me buy a chip with a PRINTED COPY of my master keys. Malicious software can't read paper. End of argument. Then I can toss the printed keys in my safety deposit box at my local bank, and you can't make any believable argument that it's somehow "for my security" that you're refusing to let me get my own goddamn keys.
A simple rule for everyone:
Just say "I want my keys", NO KEYS, NO SALE
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I've studied the entire TPM technical specification. I understand it in minute detail.
I don't doubt you've looked at it. But clearly you've looked at it from the perspective of how you think it impinges on your liberty rather than from the perspective of a security engineer trying to achieve simple properties such as executing code that isn't manipulated by an attacker. That's fine, that's the perspective I expect most slashdotters to be coming at it from. But I'm pretty encouraged by how many people in this thread have pushed back against the normal FUD I expect to see here.
The TPM technical specification is quite explicit that the owner of the computer is FORBIDDEN to ever get his keys
Forbidden from getting them out of the TPM, not forbidden from using them in ways that allow for guaranteeing security properties.If you can just export the key from the TPM onto your normal OS, how would you ever know you were talking to a TPM instead of malware pretending to be a TPM? If you could just ask the TPM to sign something for you with the protected keys, why could the attacker not arbitrarily ask for forged data to be signed?
The owner is forbidden to have his Private Endorsement Key because this key is used to secure the Remote Attestation process against the owner. Remote Attestation is where the chip securely (secure against the owner) securely tracks your hardware and the software you run, and sends that spy-report out to other computers over the internet. If the owner had his Private Endorsement key, these Attestation spy-reports wouldn't be secure against the owner.
An amazingly hyperbolic statement for someone who claims to have read the specs.
1) "The chip" tracks your hardware does it? You understand that the TPM is a completely passive chip waiting for people to come along and send it data, don't you?
2) Same point, again. If you export the EK into the OS, any malware anywhere can forge the attestation state, saying that the system is in a state it is not in. That could mean it's infected when it's not, so it gets reimaged by corporate IT, it can say it's not infected when it is, so the attacker has the run of the network.
3) Only a few large companies are actually using TPMs and remote attestation for things like trusted network connect (just NAC with a TPM-signed configuration), but in reality your FUD-drenched picture of the "spy-reports" (really? wow) being sent out gives the trusted computing folks too much credit. Since no one's using it at the OS level, most all attestation report data is just the BIOS collecting data about itself. And as people showed at BlackHat recently, vendors like Dell don't actually do a very good job of collecting relevant information, collecting just the bare minimum to make bitlocker work - https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf
TPM is just a secure hardware keystore.
It's more than that, but an important part of it is that it's a "secure hardware keystore". Specifically, it is designed to be SECURE AGAINST THE OWNER. The Trusted Platform Module Technical Specification explicitly refers to the owner of the chip as an attack-threat which the chip MUST be secure against.
Citation needed ;) I'm sure you're misinterpreting some physical tamper-resistence line. I agree with that person, it's really just a keystore (and a really really slow RC4/SHA1 implementation).
The "Master Keys" are held by the Trusted Computing Group. The crucial individual keys are locked inside the Trusted Computing chips, secured against the owners.
.
It's great that you've read the specs and all, and somehow latched on to the imaginary phrase "secure against the own
mean while, you can run Windows 8 on any Pentium 4.
Actually no you can't. Windows 8 unlike Windows 7 requires PAE, NX, and SSE2. NX was introduced into later Pentium 4 Prescott models, but not earlier Willamette and Northwood models. Win 8 Betas did run on these platforms, but RTM will refuse to install on them.
Also not only does Windows 8 not need secure boot, it doesn't even need UEFI...
I swear these paranoid types need to spend a bit of time getting their learn on about new technologies before whining about them....
The amount of knee-jerk that goes on with this shit is pretty amazing.
Quoting fucking MICROSOFT.COM News Center:
"Trustworthy hardware. The Trusted Platform Module is a hardware security device or chip that s a great tool for the enterprise, but until now has been an optional piece of technology for consumer devices. TPM provides a number of crypto functions, including securely storing keys and performing cryptographic measurements. We re working to require TPM 2.0 on all devices by January 2015"
You're seriously going to call me "paranoid" when Microsoft has an official public statement that they plan to make this Trusted Computing shit mandatory starting less than a year and a half from now?
Over a half-billion computers have already been shipped with this shit welded to the motherboard. THAT'S why the Ask Slashdot story is asking how to avoid this shit. A lot of computers already come with this shit on the motherboard, and not all of the sales materials list that it's in there.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
It doesn't have to be outside my control. It only has to be outside of my laptop's control, which is a crucial difference.
A TPM that came with my keys printed on a piece of paper, and which would allow me to replace the keys it uses would do just fine for what you say.
There's lots of screaming about it, that is backed up by a big lack of knowledge about it.
I've studied all one-hundred-plus pages of the TPM technical specification. I know how it works in detail.
It really seems like something that some people just want to be a big evil issue so they pretend it is.
At one point the TPM technical specification explicitly names the owner of the computer as a potential "attacker", and explicitly states the chip must be secure against the owner. And in about a hundred places it endlessly mandates that the chip is forbidden to allow anyone, which includes the owner, to ever access the master keys.
I could see the issue if this was being required, but it isn't.
Microsoft has declared they plan to make it mandatory starting less then a year from now.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Help me judge which of you is right.
Alsee says I can't have the keys to the TPM which comes with the computer I buy. You disagree with Alsee.
No, he explicitly agreed with me on that point:
I said: "The TPM technical specification is quite explicit that the owner of the computer is FORBIDDEN to ever get his keys"
He said: "Forbidden from getting them out of the TPM"
That's agreement.
He merely followed up with a lame explanation "not forbidden from using them in ways that allow for guaranteeing security properties". The Trusted Computing definition of "security properties" explicitly includes security against the owner. "Guaranteeing security properties" means you are unable to read or alter your own files in Sealed Storage. An example "security property" would be that you cane read (and run) a Sealed-Storage program without securely verifying that the date it is within the approved software-rental period. Or think DRM music file, the "security property" is that the chip won't let you play the music except with the approved DRM-music player, and only if it decrements the number of plays remaining in the pay-per-play count.
It also means enforcing the security of Remote Attestation, which in plain English means a cryptopgraphically secure "spy report" sent out to other people over the internet telling them exactly what software you are running. For example if you had your master keys you could tell a website that you aren't running an ad-blocker when you actually are. That would violate the anti-owner "security properties".
That's why your forbidden to have your keys.... then other people could not Trust that your computer would enforce anti-owner "security properties" against you.
Standard line argument is that it's all A-ok because it's all "opt-in". If you don't "opt-in" all "security properties" are still enforced against you, enforced in the sense in that nothing works (you can't violate security if nothing works and you can't do anything). If you don't "opt-in" you're denied any ability to read or modify Trusted-secured Files, if you don't "opt-in" you're denied the ability to run Trusted-secured programs at all, if you don't "opt-in" you won't be able to access websites at all if they use the Trust system to ensure you don't copy pictures or to check if you're running an ad-blocker. And if you don't "opt-in", then in a few years you might be denied internet access. The Trusted Computing group has created something called Trusted Network Connect, and Microsoft has an equivalent version called Network Access Protection. That's a system where a network (or your ISP) can ask for a Trusted Health Check. A "Health Check" is that spy report I mentioned before, it reports the exact software running on your computer. The "Health Check": ensures that you're not infected by a virus(*), and ensures that you're running an approved operating system with ALL of the mandatory patches, and enforces that you're running any mandatory "security software" they want you to run, and that you're not running anything they don't want you to run. And if you don't "opt-in" then you can't pass the "Health Check", and your computer is "quarantined".... no network access access. Obviously no ISP could ever deploy something like that.... not unless most customers already had Trust Chips in their Computers.... oh yeah Microsoft is making Trust Chips mandatory in all new PC's 16 months from now. But even then it would obviously be several more years before most people had Trusted PC's, before ISPs could deploy that sort of "Trusted Health Check" to get internet access. But don't worry, this is all a good thing.... it's just a Health Check.... to ensure you're not infected and spreading viruses
As he explained, there's nothing evil about the system.... they
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Bullshit just buy AMD as I don't think they even have a board that HAS TPM and what they are doing to fix that will leave the choice IN YOUR HANDS because instead of baking it into the board they'll have the "business class" chips with an ARM DRM chip they bought from ARM Holdings to do TPM and crypto and...well pretty much anything security related you want. Don't want the feature? All you do is don't buy the business class chips, simple as that.
My system has a 6 core CPU, 8GB of RAM (expandable to 16GB but for what i do frankly that would be overkill) and chews through any job I throw at it and NO TPM,same with my netbook which has dual cores and 8GB, same for my two boys quad and hexa, my dad's quad desktop...you get the idea.
Hell you can go over to Tiger and buy a TPM free quad laptop for $420 flat, or if you don't mind taking the whole 40 minutes it takes to slap one together you can get a fully loaded hexacore desktop for $310 after rebate, so not only can you support not having a TPM but you can save a good chunk of change which can be used on an SSD or faster GPU, win/win.
ACs don't waste your time replying, your posts are never seen by me.