At 10:07 PM 06/26/2002 -0700, Lucky Green wrote:
An EMBASSY-like CPU security co-processor would have seriously blown the part cost design constraint on the TPM by an order of magnitude or two.
Compared to the cost of rewriting Windows to have a infrastructure that can support real security? Maybe, but I'm inclined to doubt it, especially since most of the functions that an off-CPU security co-processor can successfully perform are low enough performance that they could be done on a PCI or PCMCIA card, without requiring motherboard space. I suppose the interesting exception might be playing video, depending on how you separate functions. (Obviously the extent of redesign is likely to be much smaller in the NT-derived Windows versions than the legacy Windows3.1 derivatives that MS keeps foisting upon consumers. Perhaps XP Amateur is close enough to a real operating system for the kernel to be fixable?)
I am not asserting that security solutions that require special-purpose CPU functionality are not in the queue, they very much are, but not in the first phase. This level of functionality has been deferred to a second phase in which security processing functionality can be moved into the core CPU, since a second CPU-like part is unjustifiable from a cost perspective.