Dartmouth Project Combines Linux With TCPA 227
SiliconEntity writes "A new project from Dartmouth College demonstrates significant advances in combining Linux with TCPA. The software turns a Linux PC into a 'virtual secure coprocessor', which is able to check that none of its software is compromised and even (in a future version) prove its integrity to a remote system. Full GPL source code is available for the 2.4 kernel.
This work is separate from the earlier IBM research which also combined Linux with TCPA, with the new project apparently more complete and with a road map towards a very functional Linux based trusted computing system. This could be an important technology for Linux to challenge Microsoft as it pushes forward with NGSCB (aka Palladium)."
The source code (Score:4, Funny)
Please make sure that all the efforts are undertaken to remove any references to the construct 'main()' as it will infringe on SCO copyrights
Re:The source code (Score:5, Informative)
Luckily no important part of Linux uses that construct. It is mentioned a few times in the documentation and comments, but we can remove that without breaking anything. (Hint: Linux is a kernel, not a program.)
Re:The source code (Score:4, Informative)
$ find linux-2.6.0-test5 -name '*.c' | xargs grep '^int main('
linux-2.6.0-test5/drivers/scsi/aic7xxx/aic asm/aica sm.c:int main(int argc, char *argv[]);
linux-2.6.0-test5/drivers/atm/fore200e_ mkfirm.c:in t main(int argc, char** argv)
linux-2.6.0-test5/arch/i386/boot98/tools/bu ild.c:i nt main(int argc, char ** argv)
linux-2.6.0-test5/arch/i386/boot/tools/buil d.c:int main(int argc, char ** argv)
linux-2.6.0-test5/arch/sparc/boot/piggyback
linux-2.6.0-test5/arch/sparc/boot/btfixup prep.c:in t main(int argc,char **argv)
linux-2.6.0-test5/arch/sparc64/boot/piggy back.c:in t main(int argc,char **argv)
linux-2.6.0-test5/arch/um/kernel/skas/uti l/mk_ptre gs.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/sys-i386/util/m k_thread_ kern.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/sys-i386/util/m k_sc.c:in t main(int argc, char **argv)
linux-2.6.0-test5/arch/um/util/mk_constan ts_kern.c
linux-2.6.0-test5/arch/um/util/mk_task_ke rn.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/main.c:int main(int argc, char **argv, char **envp)
linux-2.6.0-test5/arch/mips/boot/elf2ecof f.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/cris/arch-v10/ker nel/asm-of fsets.c:int main(void)
linux-2.6.0-test5/arch/cris/arch-v10/b oot/tools/bu ild.c:int main(int argc, char ** argv)
linux-2.6.0-test5/arch/m68knommu/kernel/asm -offset s.c:int main(void)
linux-2.6.0-test5/arch/arm26/boot/comp ressed/misc. c:int main()
linux-2.6.0-test5/arch/arm26/kernel/asm-of fsets.c: int main(void)
linux-2.6.0-test5/arch/m68k/kernel/m68 k_defs.c:int main(void)
linux-2.6.0-test5/arch/m68k/tools/amig a/dmesg.c:in t main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/prep/dum my.c:int main(void)
linux-2.6.0-test5/arch/ppc/boot/openfi rmware/dummy
linux-2.6.0-test5/arch/ppc/boot/simple
linux-2.6.0-test5/arch/ppc/boot/utils/ addSystemMap
linux-2.6.0-test5/arch/ppc/boot/utils/add RamDisk.c
linux-2.6.0-test5/arch/ppc/boot/utils/mkb ugboot.c: int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/utils/mk prep.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/utils/mk tree.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/utils/ad dnote.c:in t main(int ac, char **av)
linux-2.6.0-test5/arch/ppc/boot/utils/mknot e.c:int main(void)
linux-2.6.0-test5/arch/ppc/kernel/find _name.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc64/kernel/asm-o ffsets.c: int main(void)
linux-2.6.0-test5/arch/ppc64/boot/pigg yback.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc64/boot/addSys temMap.c:i nt main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc64/boot/addRamD isk.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc64/boot/mknote. c:int main(void)
linux-2.6.0-test5/arch/arm/kernel/asm- offsets.c:in t main(void)
linux-2.6.0-test5/arch/arm/boot/compre ssed/misc.c: int main()
linux-2.6.0-test5/arch/parisc/kernel/asm-o ffsets.c
Re:The source code (Score:2)
Parameterless function calls/definitions (eg: main()) may be either, but SCO's lawyers have #defined all of K&R's work to be theirs.
Re:The source code (Score:2)
Alright, to play your little game:
arkane@whq-hyperion
arkane@whq-hyperion linux $
Do stop while you're ahead.
Re:The source code (Score:2)
just main() brings:
Re:The source code (Score:2)
Not compatible with eachother ? (Score:5, Interesting)
The exact relation between TCPA and the former Palladium is not clear; one suspects that at some point in the TCPA design process, Microsoft decided to withdraw and build their own variant.
This probably means the two technologies will not be compatible with eachother, files created under one will not be able to be opened under the other.
Don't like pdfs? Here's the TCPA paper in HTML (Score:4, Informative)
Oooh! Verifiable integrity and an encrypted FS. (Score:4, Funny)
Re:Oooh! Verifiable integrity and an encrypted FS. (Score:3, Funny)
You fool! If you wear more than one layer the psychotronic carrier waves will resonate and penetrate the barrier!
Difference between Palladium and TCPA (Score:5, Informative)
So similar architecture from technical point of view - but different aims yield different results.
Re:Difference between Palladium and TCPA (Score:5, Insightful)
The difference between Palladium and TCPA is really that while Palladium is a whole system for a building user hostile computers, TCPA is just an enabler.
What TCPA does is sign a hash of the OS that is loaded with an "endorsement key", embedded in the TCPA by the vendor and unaccessible to the user. Thus the TCPA chip is a able to do two things: it can verify to an outside source (that trusts the vendor) that the machine is a running a specific operating system (ie one that supports DRM and thus can be "trusted"), and it can encrypt data from one operating system so that another operating system cannot decrypt it.
TCPA provides everything that is needed at the hardware level to write any user hostile system on top of it, because the successive verification of signatures prevents any tampering with the code (even if the OS is open sourced). Palladium could be implemented with TCPA as it's only hardware aspect.
Thus, the argument that is sometimes seen here that TCPA would prevent the computer from booting Linux or any other operating system is false (incorrect scare tactics against these systems are unfortunate, they do more harm then good). What TCPA will do, is enable sites on the Internet to not allow you to read the data they give out, unless you are running an operating system that is user hostile and DRM friendly (and not in the "this site doesn't support mozilla" fashion, which can always be hacked around, but in a cryptologically safe fashion).
Re:Difference between Palladium and TCPA (Score:5, Interesting)
Like many things, TCPA is a neutral technology. If the TCPA just sits on the board unused, you'd never know it's there at all. With Palladium, your system will be actively user hostile and RIAA/MPAA/MS friendly.
TCPA in itself won't prevent booting Linux. The fear is that a BIOS could then be written that won't load an OS that isn't signed by Bill Gates. TCPA merely enables that non-functionality. In addition, it is entirely possible to have a CPU come up in crippled mode until it validates the BIOS against the TCPA so that an unsigned BIOS won't run either. That is the fear, a total lock-down.
On the other hand, if the user has the signing key (I say user, since in reality, whoever has the signing key is the owner), TCPA permits (but does not assure) user friendly, outsider hostile strong system security.
The problem is that we are all aware that certain corporations in the U.S. would happily torture all of their customers to death if it was shown that after all of the lawsuits are settled, they make an extra $0.10 over the next 5 years than they would otherwise. They will be more than happy to build a user hostile system and lease it to their customers if they can find a way to kill off the competition.
Even if the lease is called a sale, I maintain that it's in reality a lifetime lease since, as I said, whoever has the signing key is the real owner of the system.
One possible roadblock to that would be to get the above paragraph enshrined in law. Not only would that force vendors to be more honest in their sales of Palladium enabled systems, it would place a nice large tax burden on a corporate holder of the signing key since they would be forced to acknowledge that they actually own all that hardware out there. More likely, it would kill the whole thing since under that law, hardware vendors would have to treat the transaction as a gift to MS and themselves as a lease broker for MS.
Re:Difference between Palladium and TCPA (Score:2)
That's a false distinction. You can leave Palladium turned off as well. It just means that you won't be able to run applications that require Palladium. But it's the same with TCPA, you can leave it off but then you won't be able to run applications that require that technology.
And Palladium is
Re:Difference between Palladium and TCPA (Score:2)
I don't think this is right, from what I know.
I think the issue is simply "known identity". These initiatives will (finally) provide a standardized, painless, secure mechanism for user/compute
Re:Difference between Palladium and TCPA (Score:2)
What TCPA does is sign a hash of the OS that is loaded with an "endorsement key", embedded in the TCPA by the vendor and unaccessible to the user.
This is incorrect; I don't have time to explain what a TCPA-compliant TPM does, but you can find out all you'd like to know here [trustedcomputing.org] (look at the section entitled Documents"). In particular, this document [trustedcom...ggroup.org].
However, although your description of the mechanism is incorrect, your explanation of the potential effect is right. Among other things, the TCPA makes it pos
Fair use law (Score:2)
It's a sad, but yes, legislation to protect fair use is very necessary. Previously, fair use was a defense against a copyright infringement suit, and nobody worried about it being
Re:Difference between Palladium and TCPA (Score:4, Insightful)
1) Of what use is a Linux system, if no content can be decrypted on it?
Not much.
2) Will content-providers make content available to versions of Linux which can't be "trusted"?
Undoubtably not. But what format they release the data in is their concern.
It is important to remember that the only political issue here is fighting laws against compulsary DRM and laws against circumventing it where it exists. We should not fall into the whiner trap of trying to claim that we are somehow entitled to "content" in open formats. We are not.
The manner in which we should fight DRM is to explain to be people why they should not accept it. (And we need to start here on Slashdot - look at how many Slashdotters laud iTunes).
3) If you make a "trusted" version of Linux, will it then be modifiable by the user (say, a new kernel-patch)?
It will be modifiable of course, but then you are back to 1).
4) Of what use are Open Source advantages, if you cannot use them?
Not much.
5) Is this a threat to the Open Source development model?
Definitely.
Tinfoil for the mad hatter (Score:3, Interesting)
Are there any websites that offer high q
Re:Tinfoil for the mad hatter (Score:2)
No they don't. Look at the page you're reading now... megabytes and megabytes of "content". Visit msn.com or nytimes.com or even mapquest.com. What do you find there? More and more content.
Now, you are correct that the entertainment industry (RIAA + MPAA) doesn't allow a significant amount of their product to be released in digital format, and that hardware-enforced DRM would encourage them to release more. But music and videos aren't the entierty of "con
Re:Tinfoil for the mad hatter (Score:2)
Visited the NYT lately? How about LA Times? How about MIT Press? There are already hundreds, if not thousands of sites, locking their content away behi
Re:Tinfoil for the mad hatter (Score:3, Insightful)
You're avoiding the point. They already use logins today, and will in the future. But someday they can have these logins protected by DRM technology. They will get a minor economic advantage from this extra protection, but newspaper margins are slim, so they'll grab for it.
Then, it will be impossible to visit th
Dude, Lessig is simply wrong... (Score:2)
hen, it will be impossible to visit those sites with an untrusted OS. It will be impossible to build a PC, compile Linux, compile Mozilla, and use that to browse the web. The freedom of disorganized amateurs to create useful computer systems will be gone.
From Hollywood charging for content? Jessus fucking christ, get out of that chair and go outside. Or even try typing "www.google.ru" instead of just "google." There's a whole fucking world out there, and Hollywood doesn't con
Re:Dude, Lessig is simply wrong... (Score:2)
I'd pay good money to watch you try to withstand him in any legal argument. Scalia can barely stop the guy; you'd be mincemeat.
The US government doesn't even control it.
Have you been paying attention? The US thinks it can control everything, and unless something amazing happens at the next national election, they're going to try.
Sorry, but the US doesn't own the internet.
They own (or can dispatch SWAT teams to) every router that connects the US to the outside wor
Re:Difference between Palladium and TCPA (Score:2)
Re:Difference between Palladium and TCPA (Score:2)
Then why does Microsoft say, in their FAQ [microsoft.com]:
Not the right idea... (Score:5, Insightful)
Building a DRM system of our own, even if it is open and standards based, just strengthens the paradigm that will leed to an Internet where no data can be accessed as plaintext, applications that are allowed read data have to be accepted and certified by the media industry, and computers exist no longer to enable, but to control, their users.
Please protest against Palladium, TCPA, and all the other DRM proposals by refusing to have anything to do with them: not by strengthening their hand.
(And before somebody replies that TCPA isn't about DRM: Bullshit! Look up what an "endorsement key" is in the TCPA vocabulary.)
Re:Not the right idea... (Score:5, Insightful)
Unfortunately, this kind of thing is valuable in some specialised areas. For high security systems, you want to know that only certain approved code can run.
What we care about is the preservation of general-purpose computers controlled by the user. If we aim to ensure that all computers are controlled only by the user, we will fail, and fail badly, because having, say, a firewall that cannot run introduced code is something so useful that we will not be able to prevent it.
I have hope: firstly, the overhead of trying to deploy this over a large office PC system (the main buyer of general-purpose PCs), will be too high for the benefits.
Secondly, the value of a general-purpose computer that will easily run new software is so high even for the ordinary home user that they will not be entirely replaced by DRM-enabled home entertainment consoles.
It is possible (but unlikely) that this infrastructure will eventually reach the **AA goal of preventing copying of their products. I can live with that provided that our ability to write software for our own computers isn't collateral damage.
Re:Not the right idea... (Score:5, Insightful)
I'm at work right now, and since my local workstation is a Sun Ray I don't even have physical access data in ways that the operating system and application will not allow me (since they all run on a server somewhere). Why would TCPA be necessary to control what I did with my employers documents, instead of just software?
Even IBM admits that TCPA chips can be circumvented by hardware hacks (expect modchips to start appearing), so it can not be used to secure valuable information. The only logical purpose for this technology is to use it on home users, where access to mod chips is limited by laws like the DMCA.
It is possible (but unlikely) that this infrastructure will eventually reach the **AA goal of preventing copying of their products. I can live with that provided that our ability to write software for our own computers isn't collateral damage.
It is not the ability to write our own software that we will be sacrificing, it is the ability to use that software to communicate with the world. Once the TCPA infrastructure is there, the temptation to use it will be to strong to resist:
- eBay will be able to lock out all but some verified list of applications from accessing auction data, so that application to raise bids at the last minute can't be used.
- Microsoft recently kicked off other application from their IM system for "security reasons". As it stands now, this can be hacked around, do you think they'll hestitate to use TCPA to make that impossible? You think AOL are any different.
- Websites will be able to lock out browsers that can block pop-up ads, or that allow cookies to be cleared, or that lie about themselves in the User-Agent string.
- Games will be able to lock out modified versions.
- Given the common confusion that TCPA is about "security", how long do think it will be until your bank starts requiring it?
I could go on and on. The acceptance of TCPA spells the end of the open Internet, and the beginning of a closed network, where all but a few applications are locked out.
I know what I'll do. Whatever it comes to, I will not have a part of this, and I will simply refuse to accept having a computer that is hostile toward me. The reason I argue this so vehemently is because I hope it won't be lonely out here...
Re:Not the right idea... (Score:4, Insightful)
The specialized areas thing just doesn't hold up. I have yet to see a single example of this that couldn't be solved by current hardware. A lot of people talk about company employees: but few employees have root on their computers anyways, so what is the point with the TCPA chip?
I don't have root on my win2k PC right now, but I've got a tomsrtbt floppy in my jacket pocket which works just fine.
Now, if the company was prepared to make the large investment in setting up a full TCPA-style architecture to stop me doing that, it would be prepared to make the much smaller investment in ripping the floppy drive out of my PC. As I say, I don't think the ordinary office desktop is a useful area for this.
I think real uses for this are very rare, just as PCs which are configured by their adminstrators to really lock down what the users can do are currently very rare. But they exist.
I know what I'll do. Whatever it comes to, I will not have a part of this, and I will simply refuse to accept having a computer that is hostile toward me.
Me too. But I think most of the world will be with us, not because they agree with our principles, but because the immediate, practical benefits of being able to run any piece of software on their PC without it being approved by any third party are far too great to sacrifice for the miniscule benefits (in normal circumstances) of "Trusted Computing".
Re:Not the right idea... (Score:2)
It won't be a large investment. Or at least, it won't look like a big investment until we're several years down the path and in too deep to back out.
The initial capital to deploy DRM will be supplied by corporations with a long-term interest. This means *AA somewhat, but more directly computer corps like Intel and especially Microsoft(tm).
Primarily, Microsoft and Intel will w
Re:Not the right idea... (Score:2)
Re:Not the right idea... (Score:2)
I don't believe we (for i'm entirely with you) will be in the least lonely. The open Internet
Re:Not the right idea... (Score:2)
This is somehow bad? If this happens, auctions will work the way they are intended to (and the way they work best). Fairer prices for all.
Re:Not the right idea... (Score:2, Insightful)
So what will this mean?
It will means that innovation will be strangled, that new program features will be decided by lawyers on a comittee. Remember the RIAA's stated model regarding P2P software: you cannot write it without our permission. Welcome to that world.
It means
Re:Not the right idea... (Score:2)
If you copy movies with a VCR, you must be doing some illegal trick to circumvent Macrovision.
If you get a $25 DVD player for your computer, you can copy movies using an easy trick called DeCSS (look for it on a T-Shirt).
There's no difference between a VCR and DVD in this area, except that DVD players don't include write-equipment by default. But tha
Re:Not the right idea... (Score:2)
Imagine the mess that would cause. There are already far too many "professionally" designed web sites that refuse to work without Internet Explorer, such as Amano's World [amanosworld.com]. Can you imagine the nightmare for users of other browsers [freezope.org] if IE became actually required? What about proxy servers? I currently use bfilter, wh
Re:Not the right idea... (Score:3, Interesting)
Most "office" type applications execute the data directly (e.g. macros, vbscript, etc) and it would be a large step backwards to disable this even for the increase in security it would bring. We could turn it all off today (java, jscript, vbscript, macros etc) and we're still vu
Re:Not the right idea... (Score:2)
That's a temporary effect- you cannot rely on that kind of weakness continuing to work.
Current and near-future implementations of hardware DRM will have a weakness in that if an unsafe application is accidently signed, it becomes a permanently exploitable hole on that platform. This has already been demonstrated with a buffer-overrun in a certain James Bond game.
However, highspe
Re:Not the right idea... (Score:2)
Re:Not the right idea... (Score:2)
Indeed. And it's the reason why user-hostile terminals will never be able to replace general purpose computers.
In the large financial company I work for, a proportion of the software on the desktop is in-house developed. Will the corporate IT department accept a windows upgrade that would mean every new release had to be submitted to MS for signing? Will they accept an office upgrade that would mean they can no longer exchange data between standard and in-house applications? The PC has got to where
Re:Not the right idea... (Score:2)
That's no obstacle to user-hostile DRM. (Read my other comments in this thread for more explanation).
The heart of "hard DRM" is that the hardware, OS, and application all form a chai
Re:Not the right idea... (Score:2)
Re:Not the right idea... (Score:2)
Christ, how long will it be before this lie is put to bed?
Palladium does not require Microsoft to sign applications! Read the Microsoft technical FAQ [microsoft.com]: "Anyone can write an application to take advantage of new APIs that call to the nexus and related components without
Re:Not the right idea... (Score:2)
The ability to quickly download and run a new program is valuable. However, DRM can be implemented in a way which is mostly compatible with that ability. This unfortunately means that we cannot depend on market pressure to protect us from the spread of hard DRM.
It is already a recommended softwar
Re:Not the right idea... (Score:2)
Your statement is right but your implementation is all wrong. The way it actually works is that each program is able to encrypt its data so that only that program, or other programs signed with a per-program key, can access that data. And likew
Re:Not the right idea... (Score:2)
I was describing a possible extension to the normal DRM scheme which could solve some of the problems amcguinn cited as to why DRM will never succeed in the marketplace. DRM-implementors don't have to do it my way- but if they don't, they'll lose some customers (maybe not enough for them to care)
But your software won't be able to access your Quicken billpaying database, because that is encrypted using a key that only Quicken-signed software ca
Re:Not the right idea... (Score:4, Insightful)
a firewall that cannot run introduced code is something so useful that we will not be able to prevent it
This is true but you don't need TPCA to do this. Putting this functionality at the firmware level is sufficient to achieve what you suggest. In fact I would be suprized if it wasn't done already by specialized vendors. There is a difference between not trusting the computer user and the owner. An organisation can have firewalls with secure firmware such that no one can load any old software on to them without the right codes or keys (without pulling the battery on the CMOS, which is good enough, especially if you have a lock on the case). Putting the functionality in hardware is only useful for stopping the owner of the computer from using it anyway they want.
There is no valid security reason for TPCA. All security problems to do with stopping users from doing stuff the owner of the computer doesn't want done can be handled at the firmware and OS level. This sort of hardware solution is only necessary for DRM where even the owner of the computer isn't trusted. TPCA/Palladium is likely enough to spread through the installed base, leveraged by Microsoft's market share, without any help from the free software community. If it succeeds then free software is dead in the long term, so any cooperation with it is akin to attempted suicide.
Palladium is actually about security (Score:3, Interesting)
Palladium/TCPA is a security measure, not just a DRM platform. Enabling DRM is impossible in the sense that DRM doesn't cover the analog hole. As long as people have the ability to reproduce video and audio, DRM will only prevent people who do not have other recording mechanisms from copying raw data. Digital cameras get cheaper each day. Mult
Re:Palladium is actually about security (Score:3, Insightful)
There are two reasons for wanting this in hardware, as opposed to just in the software:
The second reason is a tiny capstone on a pyramid of security that most people haven't built to anywhere near the height where it would be useful. It can be practically disregarded.
All the other things you list can be done without hardware support, and the only catch is that the end user can
Re:Palladium is actually about security (Score:3, Insightful)
If you did decide to run only code signed by a trusted key, the only reasonable system would be for the owner of the PC to posess that key. (This could be the company IT department, or the individual user for home systems.)
Re:Palladium is actually about security (Score:2)
Re:Palladium is actually about security (Score:2)
MS apps are insecure in ways that don't bother MS. Frequently they even use the insecurities as sales points (for the next version
Re:Palladium is actually about security (Score:3, Interesting)
The technologies being used to enable DRM hardware create user-hostile computers and are a step along the way to plugging the "analog hole". You mention that digital cameras (still or video) are getting cheaper and better all the time. But digital watermarking already exists, and digital shape-recognition is getting better and better. Long-term, the advances in software will overwhelm hardware improvements. Hardware may op
A few points (Score:2)
Your analog hole arguement is flawed because in the future there will be no analog devices. They exist now but soon they will stop making them and the existing ones will all break in time. The whole point of DRM is that it has to be pervasive. You will not be able to record a video off your computer screen using a digital video camera because the camera will have DRM in it as well. Everything will. There will be a black rectangle where your screen is on the video because the camera will recognise that it i
Re:Not the right idea... (Score:5, Insightful)
Everything has an avenue of abuse, but that does not mean scrapping the whole thing because it's got a hole for possible misuse. I mean, look at another case in point: P2P networks. Do we sue the thing out of existence? Or do we fix the violators? What are the definitions of violators?
It's all nice and rosy to flat out and protest something that's "unknown", but the fact is the technology is here and big players are pushing for its existence. Unbelievers in the technology will always be a small ragtag of protestors holding up placards in front of large corporation buildings towering the skies of Redmond, WA.
Don't get me wrong, I hate Windows and I'm a Linux zealot, but I just cannot take your protest position at this time. Sorry.
Re:Not the right idea... (Score:2)
Then they can slowly tweak their usage of this technology. Turn the heat
Re:Not the right idea... (Score:2)
Other arguments other than my capability to comprehend are more appropriate, as you relate further in later paragraphs. I do understand what these are all about and my questions still remain.
> DRM uses encryption to the keep the actual data secret from one of the parties, so that he can be subject to his computer regarding what he can do with the data in question.
You've said this quite well. However, my question remains
Re:Not the right idea... (Score:2, Insightful)
I have never argued for forcing anything on those who wish to close their data. They can do whatever they want. I argue two things (and only the first in this particular thread):
1) P
Re:Not the right idea... (Score:2)
Embrace. Extend. Extinguish. Remember those three? Remember the part where Microsoft is the bad guy?
"At this moment, it has control of systems all over the world.
And...we can't do a damn thing to stop it."
Miyasaka, "Godzilla 2000 Millennium" (Japanes
Re:Not the right idea... (Score:2, Insightful)
Excellent. First let me point out that I have read those white papers and I even had a breif E-mail exchange with the author. I have also read portions of the highly technical TCPA design specifications itself.
I would like to see you justify the TCPA design specification that the owner of the machine is forbidden to know his own encryption keys. Every single claimed benefitr in the Why_TCPA whitepaper can be acheived just as well by an identical system th
Great business plan! (Score:3, Funny)
This works out great for the suits (Score:2)
Something that was supposed to set computers free is being used to help lock them down.
Trustworthy computing (Score:5, Funny)
Re:Trustworthy computing (Score:2, Insightful)
Re:Trustworthy computing (Score:2)
And ironically it won't help with either of those. If your keyboard is untrusted (sniffer hooked straight into the circuit) it will still log your keystrokes even if everything on your computer is signed and verified.
Having a secure path between the CPU and the mon
Re:Trustworthy computing (Score:2)
It's not funny. Ever heard of a keystroke logger? What if you're typing a password for your online bill payment service, wouldn't you like to have a secure path from the keyboard to
Re:Trustworthy computing (Score:2)
Considering it takes a trip through the potentially keystroke-logger-ridden virus-infested operating system in order to do so, perhaps you should wonder...
Start Song.. (Score:4, Funny)
(I could have typed more, but then I would probably owe RIAA 150.000$ per slashdot user who read this)
(all 5 of them since I have a bad karma)
The owner of the PC does NOT own the master keys (Score:5, Interesting)
Re:The owner of the PC does NOT own the master key (Score:2, Informative)
[ Disclaimer, I'm one of the primary developers. ]
That is blatantly not true. Whoever does the "Take Ownership" command of the TPM controls the master key. In the case of the Enforcer, the admin is the one that owns the TPM.
Omen
Attestation monopoly:change the key=MS DRM not run (Score:2)
This leads to the same escrow agent model which is far to open to exploitation by The New American Corporate Soviet [slashdot.org].
The latter link explains [slashdot.org]
I'm sorry but totally avoid TCPA (Score:5, Informative)
You cannot copy the keys inside TCPA hardware. I'll explain what this means (if you don't like reading about technicalities, just skip to the final paragraph)
Every time you buy a new PC with TCPA you will not be able to copy the old TCPA keys on your old PC to your new PC. This means you will completely lose access to your videos and your music which you legally purchased and used on your old PC. Effectively you have to buy another set of keys to regain access to your videos and your music collections.
TCPA and other DRM technologies are being pushed by the publishing industry and hardware manufacturers like IBM who want to sell more of their hardware equipped with DRM to make it attractive to commercial content locked-down publications.
TCPA means LOCK-down, LOCK-out, LOCK-up enabler. Avoid getting anything with TCPA.
Re:I'm sorry but totally avoid TCPA (Score:2)
This is a complete showstopper, I agree.
Re:I'm sorry but totally avoid TCPA (Score:3, Informative)
[ Disclaimer, I'm one of the primary developers. ]
Score: -3 Mis-informative
You are assuming that TCPA is being used to enforce DRM, and that that is the only valid use of TCPA. Have you looked at what we have done? We are using TCPA, but not for DRM. We are providing a way for the admin to use TCPA to help secure their computer against outside attack. Again, check out the IBM white papers: http://www.research.ibm.com [ibm.com]
Re:I'm sorry but totally avoid TCPA (Score:2)
Yes, I've read your group's papers - of solid academic interest. Yes, I believe as do most truly independent observers outside TCPA that TCPA will be used to enforce DRM and in its current for that's going to hurt ordinary people using home computers. Ordinary people can be educated about the true long-term out-of-pocket costs and threats posed by TCPA. No, I didn't say or even assume DRM enforcement is the only valid use of TCPA but unless TCPA is modified to guarantee the endorsement key(s) can always b
Re:I'm sorry but totally avoid TCPA (Score:2)
The fact that you cannot read the key, and thus cannot simulate the TCPA machine on a different piece of hardware or with a software emulator, is only for DRM. I challenge you to come up with a single reason for this that is not equivalent to DRM.
IBM may be the "nice guys"
Re:I'm sorry but totally avoid TCPA (Score:2, Informative)
TCPA probably wasn't devised with DRM in mind; it resembles the old "compartmented workstation" idea, and I imagine that's where its roots lie. But DRM is certainly the blazingly obvious use for it, and unlike other DRM schemes, TCPA-based schemes can actually work on general-purpose hardware.
Re:I'm sorry but totally avoid TCPA (Score:2)
Aside from DRM and denying people control over their own computers, I defy you to name a single thing you have done that you couldn't have done just as well with an identical system where people were NOT denied access to their own keys.
-
Re:I'm sorry but totally avoid TCPA (Score:2)
TCPA will be used as an enabling technology by publishers to lock-down every publication, locking publications to a particular item of TCPA-hardware without any possibility of transfer, locking publications to a particular expiry date without regard to the lawful expiration of copyrights and fair expansion of the public domain, locking publications to a particular person without regard to fair dealing as recognised in law. Of course TCPA doesn't have to be used for DRM enforcement but no commercial publish
Re:I'm sorry but totally avoid TCPA (Score:2)
What if people don't realize their content will be unmoveable until they buy a new computer and try to move the files? It's the same thing with Lexmark printers. People buy them and don't realize they'll be charged up the butt on ink cartridges.
It's not as if everyone does hundreds of hours of research on DRM before the buy a computer. They may not even know it is a DRM system at all. They probably won't even know what DRM is. They'll just wonder why certain files won't copy, and either think they don't
What about an emulator? (Score:2, Interesting)
You would start with a freshly formatted harddrive (prefferably non-DRM crippled, but as long as it can run Linux and your emulator, it's fin
Re:What about an emulator? (Score:3, Insightful)
If you can get ahold of one of these keys, then you can simulate running a "trusted" system and cheat the DRM. They won't be easy to get ahold of though. Modchips will probably prove a better avenue.
Re:What about an emulator? (Score:2)
An assumption that DRM-proponents sometimes forget to mention is that the system will require government cooperation to work at all.
Specifically, anyone who cracks open DRM hardware to read keys that could be used to make an emulator must be treated as the highest class of terrorist. To protect the American way, corporate property must be respected!
DRM technology is really only there to make the process of circumventing or emulatin
Re:What about an emulator? (Score:2)
Probably the DMCA is enough. Cracking open a Trusted Computing chip will count as circumventing copyright protection technology, which is criminalized by th
Prove integrity? (Score:2)
How do you do that? I mean, how do you prove that the system is secure and not just pretending to be secure by doing *almost* all of the things that would be needed to be secure?
I could understand how a system could (eg) verify a signature on a kernel in order to boot it up, but this is a Linux system, therefore:
1. Its open source. You must (by requirements of the GPL) be
Re:Prove integrity? (Score:3, Informative)
No, but it verifies that any modules have also been signed before loading them. (Alternatively, the superuser could force an untrusted module to be loaded, but this will taint the whole kernel and it will lose the ability to open protected files until you reboot)
1. Its open source. You must (by requirements of the GPL) be given everything you need to compile a derivitive work of this.
The currently prevaling legal interpretation (shared by Linus
Re:Prove integrity? (Score:2)
I would rather that this legal interpretation doesn't hold, as it perverts the intent of GNU "Free Software", but it hasn't been seriously challenged yet.
It makes a lot of sense to me. Otherwise, under your preferred interpration, I could sign your GNU software, and set up a ma
Re:Prove integrity? (Score:2)
The argument I would hope to make (possibly needing a modified GPL license version to explicitly require this) is that by signing the software (which is my copyright), you have created a derivative work, which is illegal. The only way I'll permit you to distribute it is if you agree to supply the recipients with anything needed to create the binary they got. This means the source code, the compilers (if they're h
TCPA does have good uses (Score:2, Insightful)
Background: The TPM contains a number of PCRs. These are (roughly) hashes of bits of code -- the BIOS, the bootloader, the kernel, etc. The TPM also contains a private/public key pair which is generated when you reinitialize the TPM (i.e. the private key is not known to anybody).
The TPM can be used to encrypt a blob of data using the private key. It
There's a lot of talk (Score:2, Interesting)
TCPA needs an agreed-upon, standard microkernel around which different OSes could be built. A whole bunch of new open source OSes and, yes, new Microsoft OSes. This microkernel would be developed by an independent body and signed by DRM-loving vendors. Because it would be very small, and
Re:Sweet (Score:2)
Re:Sweet (Score:5, Interesting)
Re:Sweet (Score:5, Informative)
correction... just managed to get into the site... it will require a "Trusted Computing Module" on the motherboard.
Re:Sweet (Score:5, Insightful)
Re:And this is desireable, how? (Score:2)
That's a fair question. But these Dartmouth guys pass it. They're trying something that we all knew (or feared) would be possible, and demonstrating how practical it really is.
And they're publishing the results, so the public can discuss the implications now, before the Great Irreversable DRM Rollout happens.
It's surely better than if Microsoft, Sun, or Sony were conducting this research secretly! (Oh wait, they probably alre
Re:And this is desireable, how? (Score:2)
As the submitter, I will just comment that my ideal world is one of diversity and competition. I would love to see some content sold with strict DRM limitations competing against other content sold without restrictions. I would love to see closed systems competin
Re:And this is desireable, how? (Score:2)
It won't. Will Linus Torvalds be able to pull a tarball from kernel.org [kernel.org], compile it, and boot it on the system?
No he will not.
That ain't Linux.
Not in any useful way. It's been gutted, it's soulless, it's dead.
Re:And this is desireable, how? (Score:2)
It won't. Will Linus Torvalds be able to pull a tarball from kernel.org [kernel.org], compile it, and boot it on the system?
No he will not.
Yes, he will.
His system will still boot, but it may have a different "fingerprint" (crypto hash) than a widely-accepted Linux+TCPA system. This could prevent it from participating in TCPA-dependent network applications. It might not be able to download DRM-protected data, fo