David Wagner wrote:
But take a look at one line you quoted from the FAQ:
"Only one nexus at a time will be able to run on a machine."
That looks to me like an important sentence.
The Nexus is like a mini-OS for the trusted side of the machine. It acts as a kernel to manage the "trusted applications", the Nexus Computing Agents or NCAs. So what this sentence is really saying is that only one (trusted) OS will be able to run at a time on a machine. That's not that surprising or significant. Most machines only run one OS at a time. Sure, with virtualization and similar techniques you can manage to run more than one OS at once, but that's unusual. Probably 99.9% of machines are only running one OS at a time. Virtualization is not an option with trusted computing because part of the point is to be able to offer assurance to remote users about what the machine will do (i.e. its behavior is predictable, hence trusted). This implies that it only makes sense to run one trusted OS at a time. That's probably all the "important" sentence above means. Adam Lydick wrote:
That is certainly a good point but don't confuse the "nexus" with NCAs (agents). I think the nexus just provides services to the NCAs which actually do the work. Think of it as a core library that services can draw on.
Right, plus it schedules, loads them, etc, like an OS kernel. Here is a simplified form of a diagram they use. The left hand side is the legacy mode, with normal Windows applications and OS. The right hand side is the new trusted mode, with NCAs as the applications and Nexus as the OS. Normal Mode Trusted Mode +---------------------------++------------------------+ | || | | Applications || NCAs | USER | || | |---------------------------++------------------------| | || | | Main Windows OS || Nexus | KERNEL | || | +---------------------------++------------------------+
So having to trust the nexus, is rather like trusting kernel32.dll or some other core components. Choosing to trust/run NCA sounds pretty grainular, so you can trust your validated P2P stack from your favorite independent developer and ignore (if you can) the restrictive DRM solutions that are offered.
Yes, it sounds like it will work exactly like that. Plus, hopefully it will be possible for Linux to create its own Nexus ("Linexus"?) that uses the same hardware features to provide TC capabilities for that OS. Recall that Linus Torvalds recently adopted the position that DRM was an acceptable technology for Linux, even when it involved being built into the kernel. Since DRM is the main downside to TC for many people, and TC has many more good aspects beyond DRM, it is a near certainty that Linux will add support for Trusted Computing.
Problems certainly remain though:
In the validated P2P scenario, an Adversary with enough influence to have Intel/AMD/... hand out a signed internal key can circumvent any such "protections".
Right, he could watch all the Disney movies he wanted, without paying for them! Mwaa haa haa! Foolish humans! But seriously, these systems can only raise the cost of security. Neither cypherpunks nor Sony should risk their collective lives that no one will break Palladium, by hook or by crook.