TCPA Support in Linux 501
kempokaraterulz writes "Linux Journal is reporting that "The Trusted Computing Platform Alliance has published open specifications for a security chip and related software interfaces.". In the latest Gentoo Newsletter they talk about a possible 'Trusted Gentoo', and possible uses for hardware level security."
Do we really need it ? (Score:5, Insightful)
Isn't the only purpose of pushing things like TCPA locking the platform down ?
what is it good for? (Score:2, Insightful)
Comment removed (Score:3, Insightful)
Linus Torvalds himself has blessed DRM (Score:5, Insightful)
If you can't beat 'em, join 'em. (Score:2, Insightful)
Re:Linus Torvalds himself has blessed DRM (Score:3, Insightful)
Linux can show what user-centric trusted computing can/should do. Microfoft et. al. will be showing what Big Business trusted computing wants/can do.
Eventually there will be those that will ask why it has to work against them so much when running Billy Bob's OS, and then they'll realize that their PC is not their PC, but the industry's PC.
Re:Linus Torvalds himself has blessed DRM (Score:3, Insightful)
Linus is not a lawyer. More importantly, he's not even a free software or open source evangelist. Unlike RMS or ESR, he doesn't even hang out with lawyers or devote serious thought to legal matters.
Since DRM is a combined legal-technical area, it falls outside Linus's expertise, and his opinion carries little weight. (From a practical standpoint, TCPA is incompatible with the Linux philosophy of open-source modifications)
Comment removed (Score:2, Insightful)
Re:what is it good for? (Score:5, Insightful)
Imagine that you're an admin at some big company, with a hundred Linux boxes. You have this stuff on every of those boxes, and a computer for administration somewhere safe. When you install software you first check it, then sign it, then push updates to your servers.
If somebody gets in, they'll have things quite difficult. Anything unsigned simply won't run at all. Rootkit modules, exploits, etc, will all simply not be able to run at all. This would take out a quite big part of the exploits an attacker could use. Remote ones would hopefully avoided by NX.
This wouldn't protect against things like races, but it certainly could help quite a lot.
The situation above is something I wouldn't have any problems with. If an admin wants to have an uber-locked down system where anything not signed by his key that's only present in a computer with no network connection in a secure room with an armored door doesn't run at all, then sure, why not. I'm fairly sure this can mostly be accomplished without hardware support at all, though.
Now, it's when software publishers want to make it impossible for me to control my computer when I have problems with it. But if the user has full control of it, I think it could come quite handy in some cases.
Re:what is it good for? (Score:4, Insightful)
In the end, it depends on who gets to sign the software, and how this software is distributed once signed. In our corner of the court, we have the admin signing software for 100 boxes (does he have to sign each separately? Can you sign software for every box out there at once? If its not a specific-to-that-machine signature, how do you keep the attacker for signing software too?) for the purpose of protecting the servers from software you don't want to run.
In the other corner of the court, it appears that we have big business interests who want to have all software signed, who would charge hundreds to sign software for other authors (verisign, et al will certainly be in the business), MPAA and RIAA will be wanting to make sure signed software obeys their rules (and will probably charge for this too), all to make sure your computers are protected from software they don't want you to run.
Things like this IBM article help make the first scenario a reality, and I'm grateful for it. Now, who wants to be the first to be sued by Microsoft for some TCPA submarine patent that nobody knows about?
not entirely so (Score:4, Insightful)
From a practical standpoint, TCPA is incompatible with the Linux philosophy of open-source modifications
IMO this is not exactly correct - is it against Linux philosophy of open-source modifications to secure my Linux box so nobody except me can make modifications to it?
TCPA used in such way (i.e. in interest of user, not supplier, not government, ...) is quite in line with Linux philosophy of "you're in control" :) .
But, as with all weapons, it has two edges. So, beware! :)
Re:TCPA - TCG (Score:3, Insightful)
Re:TCPA is a DRM smokescreen (Score:3, Insightful)
No...thats not it. I don't "oppose people having choice" or some crap like that. I oppose this becoming an industry standard that REMOVES my option of not having it. Once every computer has this, it won't be long before ISPs can say "we only want trusted machines on our network." It is the begining of the end for the computer cowboy; Trusting Computing is the first step to civilize the wild west called the internet. Sure for most users (those with tons of spyware on their computer, or with computers that their kids have loaded with enough illegal IP that a lawsuit might come any day in the mail) trusted computing might be seen as a good thing. But for someone who has taken these little multipurpose machines called computers and have used them as they wish despite lacking the blessings of the company's involved (such as me playing DVDs on my Linux box), Trusted Computing is a sign that the companies that have created this wild west are sick of not being obeyed.
This might help some company keep its local network in shape, which is great for them and a reason for its eventual success. But with that comes a future where my computer follows the law despite my wishes (or I lose Internet access), which would make it a very boring hunk of silicon and circutry indeed.
Re:Do we really need it ? (Score:4, Insightful)
But number two comes a couple years down the road from widespread adoption, when some critical flaw in TCPA is found by hackers, TCPA is hacked, and innocent businesses that have come to depend on it for security are disrupted and exploited. And then we're looking around all doe-eyed, like, "but they said it was unbreakable security, they said it was trusted computing!" TCPA is just antoher level of command heirarchy, and subject to hack.
"Trusted computing" has got to be one of the most insidious marketing doublespeaks I've ever heard in my life. All "Trusted Computing" consists of is computers who don't trust me.
Re:TCG and Linux make sense (Score:4, Insightful)
Hmmm. And yet I don't seem to need any form of TCPA/TCG or DRM. In all the years I've run linux full-time, I have never ever had naughty code or naughty hackers get in. I can't say that about any of the windoze users I know. Beyond that, I certainly don't need any system that can be used as a DRM system.
Nope. Uh-uh. Not on my box. I'll copy my files and CDs as I feel the need and will not have anyone but me control when and how I go on to use such copies. This all looks like what it is, an attempt by corporations to gain control of the most important and useful aspects of your PERSONAL and private property computer. Screw TCPA/TCG (and DRM). Paint it all up with lipstick and rouge all you want but in the end it is about restricting what people are allowed to do with their own computers. Any benefits that come to the individual computer owner are accidental and peripheral to the actual designed and intended purpose.
Re:TCG and Linux make sense (Score:1, Insightful)
Give us one point where Ross Anderson's arguments don't hold. You will be rebutted. Go on.
Re:As sad as it is (Score:5, Insightful)
In general...sure...TCPA could have some positive effects on the computing community. However, it also has great potential to be slipped in...and eventually, by law, it must be used to lock things down. Only a few things at first...but, eventually could mandate a great deal of limitations as to what you can legally do with a computer. As much as the corporate entities are beginning to use the govt. to legislate things...and they really don't like the fair use we do have...it is easily possible to forsee this as a means to that end.
Taken long enough...it could happen, which is why you need to take things like this slowly and with a great deal of skepticism early on.
I heard it said before that "What one generations tolerates....the next generation embraces"
Think of it this way...the article the other day on /. about how many US kids don't understand what the 1st amendment really means...they haven't been taught about it...and we're tolerating loss of freedoms. When they are grown and we're not around...they won't even know they existed in the old form...
Re:Do we really need it ? (Score:2, Insightful)
This is good news for data corruption. All your data is fscked.
If it were true, it's good news for a lot of corporations, too. Update WMP due to some security bug and you won't be able to access the authorisation data for playing the songs you purchased online. OOps! time to re-buy them! and even if you use a friendly store that will give you extra free downloads for purchased songs to cover that situation, you end up with: 1. parts of the disk space being lost (I assume that if you can't read the protected area you can't delete it either) and 2. reliance on the store not closing or losing their (presumably protected, too) customers' past transaction information due to simlar TCPA glitches.
Obligatory TCPA FAQ Link (Score:3, Insightful)
Comment removed (Score:3, Insightful)
Re:As sad as it is (Score:1, Insightful)
DRM is based on the idea of interlocking hardware and software, where there are no loopholes simply because you don't have control of your computer (while it's in DRM mode). All software is cryptographically "trusted" if and only if it is signed by an "authority."
If you intend to use your computer to interact with the rest of the world, and the rest of the world is using DRM, you have no choice but to always use your computer in DRM mode.
(To clarify, yes, there are some DRM specs which permit centrally-signed software to interact with non-centrally-signed software -- but these specs are by definition pointless because the loophole automatically voids any "protection" the system gains from signing. The weakest link in a chain determines its maximum strength.)
Comment removed (Score:4, Insightful)
Re:Do we really need it ? (Score:3, Insightful)
You can accomplish all those things in a 100% software implementation of priviledge separation. No special TCPA hardware is needed.
However, if you did have the special hardware, you would still need modified TCPA-aware applications and OS to make it work.
So let's consider the two paths towards reaching your goal:
A) A modified OS that restricts which of your applications are allowed to access which parts of your file system.
B) A completely new PC and peripherals that have more expensive TCPA-compliant hardware, plus everything already listed in (A)
Hopefully, you can see that the cost (in both money and complexity, which translates to opportunity for errors) of A+B is higher than the cost for A alone.
The only thing TCPA's hardware modules do that couldn't be accomplished with pure software is make reverse engineering prohibitively expensive. It's designed solely to prevent you from knowing how to fully control your own PC.
Re:Do we really need it ? (Score:3, Insightful)
No you can't. The RIAA has the money and contracts to give orders to the people holding the keys with which the software was signed. You don't have that level of influence yourself.