The Future of Trusted Linux Computing

ttttt writes "MadPenguin.org tackles the idea of Trusted Computing in its latest column. According to author Matt Hartley, the idea of TC is quite reasonable; offering a locked-down environment offers several advantages to system administrators with possibly troublesome users. 'With the absence of proprietary code in the mix users will find themselves more inclined to trust their own administrators to make the best choices ... And so long as any controlled environment is left with checks and balances [like] the option for withdrawal should a school or business wish to opt out, then more power to those who want a closed off TC in an open source world." LWN.net has an older but slightly more balanced look at the TC approach.

Huh?

[fitten]

With the absence of proprietary code in the mix users will find themselves more inclined to trust their own administrators to make the best choices

Proof of this statement?

Re:But Linux is already trusted.

[MyLongNickName]

But Linux and most Linux programs are already more "trusted" then Windows can ever be. From being open source, how can you not trust it?

Did you even read the summary? Or were you just going for first post?

This is about locking down the workstation so that users can't monkey around. I do not care how well the code is written, a malicious user can create a security issue if he/she has the ability to do so.

Re:O RLY?

[webmaster404]

Which is why if your that paranoid, you look at the source yourself and compile it from that source, its not that hard and there is no way that you somehow got code you didn't want. If you overlooked somthing that is your fault, you compiled it, you looked over the source, thats something you can't do in the Windows world with stealth updates and the like

Trusted Computing is by definition closed.

[Spy der Mann]

Or are the users getting their CPUs' source code and recompile them? Or at least call their LinCPUx fans to do it for them?

Trusted Computing requires trusting the CPU manufacturer in the first place. And in this world, where the telcos have disclosed our conversations to the govt without us finding out but several years later, can we really trust that the government hasn't pressured the CPU makers to add a backdoor here and there?

Trusted Computing is practically closed, and incompatible with the spirit of Open Source/Free Software. Ergo, Trusted Computing cannot be trusted. Sorry.

please try to hold back the propoganda

[amigabill]

With the absence of proprietary code in the mix users will find themselves more inclined to trust their own administrators to make the best choices

Sorry, but I think that's putting your words into everyone else's mouths. Or fingertips, or whatever. The vast majority not only don't have this opinion about open vs proprietary code affecting how much they trust the choices their admins make, they also wouldn't have a freakin' clue as to what you're going on about in that sentence. The vast majority don't know what open-source is, how it differs from proprietary source, they don't know any reason why they'd care either way, and they'd probably give you a pretty funny look for attributing this philosophy to them.

I like Linux and open-source, and have an appreciation for it. But I don't trust my admin at work more when he talks about Linux than when he's talking about Solaris. It's his job to make the best choices of any and all products available, and I trust him to choose whichever is most appropriate for our company, even if he feels that happens to be a proprietary product. It's not my place to impose on him to only ever choose open-source, and there's cases in our work where open-source offerings are less ideal.

Deception

[IgnoramusMaximus]

These sorts of propaganda pieces have only one purpose: to sneak one past us. Trusted Computing (as presently defined by the corporate founders of the TC Consortium) has two major purposes which are deadly to all things "open":

• To make sure that the computer can be trusted by a "contents owner" thus precluding the owner of the computer itself from being able to trust it
• To allow for so-called "remote atestation" which has the effect of 3rd parties (banks and the like) to be able to trust the computer, again to the exclusion of its owner. The additional effect of this is that banks and other online entities will be able to ensure that only Windows systems, with "approved" apps are used. No spoofing of user-agent tags anymore, end of Linux use in most of the commercial Internet.

In short, this article aims to lure the unwary into gullible acceptance of TC with an illusion of completely deceitfully presented and impractical (no one except the mega-corps will ever get the access to the main TPM keys) applications.

Turing strikes again!

[Anonymous Coward]

Indeed yes. The question "am I compiling a compiler?" is as undecidable as the question "am I compiling a program that will halt?" (Ken Thompson's suggestion is still interesting, though.)

Re:I'm completely new to this TCM thing...

[Cyberax]

TPM in Thinkpads allows stores private/public keys in a secure hardware storage.

The kernel is signed and the hardware bootloader checks that the signature is valid (using TPM). So we can at least guarantee that the system is in consistent state during kernel loading. Later we can use numerous methods to control kernel integrity (SELinux, AppArmour, etc.).

Theoretically, Microsoft can make you to use TPM to validate their kernel during booting (because tainted kernel can be used to circumvent DRM).

So we just need to be able to turn off the TPM chip if it's not required.

Re:O RLY?

[YU Nicks NE Way]

Either a wanker or an extremely clever commenter on the true value of human inspection. I suspect the poster was a wanker, but, oh, my, do I hope that he or she was extremely clever.