Yup, which is exactly what would happen if someone tampered with the stored lease on a TPM system. The only difference is it might be stored in encrypted form on the hard drive, but that wouldn't make it any harder for an attacker to corrupt the stored lease.
No. TPM provides read/write access control attributes on its NVM spaces such that SW apps runs in OS can NOT modify the data stored. However, in hard drive, there is no such control. But I agree TPM is not the only soloution and there can be other methods with the support of BIOS.
[blockquote]Anywhere you want. No one can tamper with it because it's signed by the lease server, and if it's modified, then the signature won't match. This is cryptography 101. The code that checks the signature can't be tampered with either if it's stored in ROM[/blockquote]
I suppose in your way the code and public key are both put in the trusty ROM and the clear text lease info and its signature can be stored in hard drive. when someone tampers with the signature or clear text, the system will be just screwed...
[quote]but it has nothing to do with TPM. That's just BIOS.Phoning home doesn't require the client to encrypt anything; the client only has to verify the server's signature.[/quote]
BIOS can not protect itself unless there is a one time programmable code that does the integrity check upon the very start of every system boot. TPM provides such a facility (OTP memory) as well as signature verification function that is critical for server authentication. I agree that TPM is not very necessary but very handy in offering OTP and signature functions.
OLPC borrowed the anti-theft idea from CMPC estentially but implmented it in a somewhat different and weaker way.
below gives a description of the common idea:
In order to prevent OLPC laptops from being taken away from children to whom they will be given, OLPC will apparently "phone home" every day as part of a an anti-theft process: "It works by running, as a privileged process that cannot be disabled or terminated even by the root user, an anti-theft daemon which detects Internet access, and performs a call-home request -- no more than once a day -- to the country's anti-theft servers. In so doing, it is able to securely use NTP to set the machine RTC to the current time, and then obtain a cryptographic lease to keep running for some amount of time, e.g. 21 days. The lease duration is controlled by each country."
since OLPC stores the priviliged process in a hard drive which can be totally erased thus cause the system lose the security protection. in contrast CMPC stores the security informaiton in TPM which can not be maniputated by SW. Destroying TPM & BIOS also means the MB will be greatly affected which results dysfuncitoning of certain parts, which is highly indesirable for normal hackers.
- Richard
it is not about FUD...but the digital gap OLPC creats with its low spec while increasing its price at the other hand...purely marketing hypes.
so you think kids will upgrade their laptops to the higher end ones each year when they get to the higher grade in the school? no way!
well. I do not think I am ignorant of TPM capabilities and can tell you TPM is not an application but a technology enabler! It provides you with secuirty means and root of trust for a computing platform! It is the application that determines its usage models.
AFAIK, CMPC uses TPM for the anti-theft purposes but nothing else. so you do not have to jump to join the waggon of anti-CMPC because of it contains a TPM. OLPC also claims it can support this feature after knowing CMPC has delivered such a solution. However OLPC's solution is rather breakable via SW means because of lack a hardware hardned security solution!
I don't know if you are just a fan of OLPC or an employee working on OLPC.
let me update you on following facts:
about performance:
OLPC uses AMD Geode CPU at 366 MHz while CMPC runs at Intel Celeron Mobile 900 MHz. so who's the really winner?
about resolution:
You must know, if you know a bit of tech, that LCD screen size matters much more than its resolution, while screen size largely determines the BOM price. What OLPC uses is either 7' or 9' LCD while Classmate PC offers both and support a variety of resolution from 800*480 to 1024*768...but all computer literate people would know a larger resolution on the 7' or 9' screen will make fonts look rather too smaller to be read or making eyeballs very painful eventually.
about operating system:
Classmate PC supports both worlds from ground up: Linux and Windows XP Pro
about trusting platform module:
I don't know why you are so freaked about TPM... like an ancient man were afraid of morden weapons. but you must be fair to understand its usage. To my knowledge TPM is not used for DRM sorts of thing but for anti-theft purpose since a kid carrying a mobile laptop is so vulnerable to thieves and robbers in the street.
yeah. as this guy wanted to separte Tibet from the country, it WAS JUST VERY NECESSARY DOING SO.
Putting US in the same situation, what would you be expected to do?
50 -> 50--?
why you have such moron-like thinking? do you really know a bit of history?
China in the long river of history has NEVER been attacking/invading other countries. Instead US owns the most number of Nukes and numerous global arm forces and a long list of bad records of entering the soils of other countries...
Slashdot Mirror
[blockquote]Anywhere you want. No one can tamper with it because it's signed by the lease server, and if it's modified, then the signature won't match. This is cryptography 101. The code that checks the signature can't be tampered with either if it's stored in ROM[/blockquote] I suppose in your way the code and public key are both put in the trusty ROM and the clear text lease info and its signature can be stored in hard drive. when someone tampers with the signature or clear text, the system will be just screwed...
where do you then keep the clear text lease info on the client without being tampered by an unauthorized party?
[quote]but it has nothing to do with TPM. That's just BIOS.Phoning home doesn't require the client to encrypt anything; the client only has to verify the server's signature.[/quote] BIOS can not protect itself unless there is a one time programmable code that does the integrity check upon the very start of every system boot. TPM provides such a facility (OTP memory) as well as signature verification function that is critical for server authentication. I agree that TPM is not very necessary but very handy in offering OTP and signature functions.
it is not about FUD...but the digital gap OLPC creats with its low spec while increasing its price at the other hand...purely marketing hypes. so you think kids will upgrade their laptops to the higher end ones each year when they get to the higher grade in the school? no way!
well. I do not think I am ignorant of TPM capabilities and can tell you TPM is not an application but a technology enabler! It provides you with secuirty means and root of trust for a computing platform! It is the application that determines its usage models. AFAIK, CMPC uses TPM for the anti-theft purposes but nothing else. so you do not have to jump to join the waggon of anti-CMPC because of it contains a TPM. OLPC also claims it can support this feature after knowing CMPC has delivered such a solution. However OLPC's solution is rather breakable via SW means because of lack a hardware hardned security solution!
about performance: OLPC uses AMD Geode CPU at 366 MHz while CMPC runs at Intel Celeron Mobile 900 MHz. so who's the really winner?
about resolution: You must know, if you know a bit of tech, that LCD screen size matters much more than its resolution, while screen size largely determines the BOM price. What OLPC uses is either 7' or 9' LCD while Classmate PC offers both and support a variety of resolution from 800*480 to 1024*768...but all computer literate people would know a larger resolution on the 7' or 9' screen will make fonts look rather too smaller to be read or making eyeballs very painful eventually.
about operating system: Classmate PC supports both worlds from ground up: Linux and Windows XP Pro
about trusting platform module: I don't know why you are so freaked about TPM... like an ancient man were afraid of morden weapons. but you must be fair to understand its usage. To my knowledge TPM is not used for DRM sorts of thing but for anti-theft purpose since a kid carrying a mobile laptop is so vulnerable to thieves and robbers in the street.
yeah. as this guy wanted to separte Tibet from the country, it WAS JUST VERY NECESSARY DOING SO. Putting US in the same situation, what would you be expected to do? 50 -> 50--?
why you have such moron-like thinking? do you really know a bit of history?
China in the long river of history has NEVER been attacking/invading other countries. Instead US owns the most number of Nukes and numerous global arm forces and a long list of bad records of entering the soils of other countries...