Re: Dell to Add Security Chip to PCs
I spent considerable time a couple years ago on these lists arguing that people should have the right to use this technology if they want. I also believe that it has potential good uses. But let's be accurate.
It is not true that the TPM_TakeOwnership command erases and regenerates the internal keys. It does generate a new Storage Root Key, which is used for encrypting local data. But the main controversy around TC is the Remote Attestation feature. That uses a key called the Endorsement Key, EK. It is an RSA public key generated on chip at manufacture time, before it comes into the user's hands. The manufacturer issues a certificate on the public part of the EK, called the PUBEK. This key is then used (in a somewhat roundabout manner) to issue signed statements which attest to the software state of the machine. These attestations are what allow a remote server to know if you are running a client software configuration which the server finds acceptable, allowing the server to refuse service to you if it doesn't like what you're running. And this is the foundation for DRM. The point is that the user can't change the PUBEK. Only one is generated per chip, and that is the only one which gets a certificate from the manufacturer. The private part of this key never leaves the chip and no one, not the user and not the manufacturer, ever learns the private key. Now, my personal perspective on this is that this is no real threat. It allows people who choose to use the capability to issue reasonably credible and convincing statements about their software configuration. Basically it allows people to tell the truth about their software in a convincing way. Anyone who is threatened by the ability of other people to tell the truth should take a hard look at his own ethical standards. Honesty is no threat to the world! The only people endangered by this capability are those who want to be able to lie. They want to agree to contracts and user agreements that, for example, require them to observe DRM restrictions and copyright laws, but then they want the power to go back on their word, to dishonor their commitment, and to lie about their promises. An honest man is not affected by Trusted Computing; it would not change his behavior in any way, because he would be as bound by his word as by the TC software restrictions. But I guess Cypherpunks are rogues, theives and liars, if my earlier interactions with them are any guide. It's an ironic and unfortunate turn for an organization originally devoted to empowering end users to use new cryptographic technologies in favor of what was once called crypto anarchy. TC is the ultimate manifestation of anarchic behavior, a technology which is purely voluntary and threatens no one, which allows people to make new kinds of contracts and commitments that no one else should have the right to oppose. And yet Cypherpunks are now arch collectivists, fighting the right of private individuals and companies to make their own choices about what technologies to use. How the worm has turned. Another poster writes:
A sad illustration of the paranoia and blinkered groupthink so prevalant on this mailing list today. Imagine, Dell is providing this chip as part of a vast conspiracy to restrict the user's rights to his own files. Anyone whose grasp on reality is so poor as to believe this deserves what he gets. The truth is, frankly, that Dell is providing this chip on their laptops simply because laptop owners like the idea of having a security chip, most other laptop companies offer them, and the TCG is the main player in this space. Dell is neither seeking to advance my liberatarian goals nor promoting the conspiracy-theorist vision of taking away people's control over their computers. The truth is far more mundane.
On Thu, 2005-02-03 at 22:25 +0100, Anonymous wrote:
Isn't it possible to emulate the TCPA chip in software, using one's own RSA key, and thus signing whatever you damn well please with it instead of whatever the chip wants to sign? So in reality, as far as remote attestation goes, it's only as secure as the software driver used to talk to the TCPA chip, right? -- Shawn K. Quinn <skquinn@speakeasy.net>
----- Original Message ----- From: "Shawn K. Quinn" <skquinn@speakeasy.net> Subject: Re: Dell to Add Security Chip to PCs
That issue has been dealt with. They do this by initializing the chip at the production plant, and generating the certs there, thus the process of making your software TCPA work actually involves faking out the production facility for some chips. This prevents the re-init that I think I saw mentioned a few messages ago (unless there's some re-signing process within the chip to allow back-registering, entirely possible, but unlikely). It even gets worse from there because the TCPA chip actually verifies the operating system on load, and then the OS verifies the drivers, solid chain of verification. Honestly Kaminsky has the correct idea about how to get into the chip and break the security, one small unchecked buffer and all the security disappears forever. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com
On Thu, Feb 03, 2005 at 11:45:01PM -0600, Shawn K. Quinn wrote:
The TCPA chip verifies the (signature on the) BIOS and the OS. So the software driver is the one that's trusted by the TCPA chip. Plus the private key is kept in the chip, so it can't be read by your emulator. If your emulator picks its own key pair then its attesations will be detected as invalid by a relying party that's using the real TCPA public keys. Eric
From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM] On Behalf Of Anonymous
This assumes an US world, which is - to say the least - a little unreal. In my country, contracts are void unless signed in the official language. That means that, even if I want to agree to the license, I can't legally do so - because it's in English. Which means that I can click on "I agree" WITHOUT legally agreeing to anything - and everybody knows that.
Only in the US and related countries :) We are not bound, legally or even morally, by a contract in a foreign language - there are people who bought Windows or some other software even though they don't speak an iota of English. (Furthermore, I wrote a little application which can change the caption of a button - so I can change it to "I do not agree" (or the equivalent in my language) before installing whatever I'm installing. Do you think that's good enough? <g>)
BS, of course. As has already been explained here, we are paranoids - we try to defend against the worst that could happen, not against the best.
A sad illustration of the paranoia and blinkered groupthink so prevalant on this mailing list today.
Today? You're new here, right? Paranoia is the motto of the cypherpunks :)
Imagine, Dell is providing this chip as part of a vast conspiracy to restrict the user's rights to his own files.
It's not THAT vast. The mere idea that it is NOT a conspiracy, OTOH, is plainly ridiculous. They've been at it for several years, and everyone here should know that.
The truth is, frankly, that Dell is providing this chip on their laptops simply because laptop owners like the idea of having a security chip,
No really? Name five of these laptop owners. (No, that was rethorical. Your phrase was information-free.)
most other laptop companies offer them, and the TCG is the main player in this space.
Name other five (out of the "most") laptop companies offering this chip in their laptops. (This is NOT rethorical, I'm really curious.)
Profit is a very good tool, for both good and evil. In this case, they see profit in doing something that can ultimately be used against consumers. We comment on that, nothing more. Then again, if the consumers catch on the trick, profit will dictate that they remove it. <g> Marcel -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.5 - Release Date: 2/3/2005
-- On 3 Feb 2005 at 22:25, Anonymous wrote:
The ability to convincingly tell the truth is a very handy one between people who are roughly equal. It is a potentially disastrous one if one party can do violence with impunity to the one with the ability to convincingly tell the truth. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 6B7i0tiB4vUHqQnAP6nXT2z+B+zLB8624+K6+ENU 47fFHg6cY0KInzxMe/l+L2c7LqmPZyrwOSZepYIR3
On Fri, 2005-02-04 at 19:07 -0800, James A. Donald wrote:
In other words, NGSCB/Palladium/etc doesn't give you an advantage in the least when you step onto a playing field tilting heavily in Microsoft's direction. -- Shawn K. Quinn <skquinn@speakeasy.net>
On 2005-02-03T22:25:28+0100, Anonymous wrote:
No, I want the right to fair use of material I buy. If someone sells DRM-only material, I won't buy it at anything approaching non-DRM prices. In some cases, I won't buy it at all. My fair use rights should not be held hostage by a stupid majority who support a DRM-only market. Maybe the market for music won't support DRM-only products, but I suspect the market for DVDs and low-sales books will. The result is that I won't be able to rip a season's worth of DVDs so I can watch them all without playing hot potato with the physical DVDs. I won't be able to avoid the 15-second copyright warnings, or the useless menu animations. Low-sales books may end up being DRM-only, and I _hate_ reading books on a screen. Since DRM-only rare books will satisfy some of the market, there will be even less pressure on physical book publishers to occasionally reprint them, thus forcing even more people to buy the DRM'd ebooks. I bought an ebook on amazon for $1.99 a couple months ago. The printed book was $20. It was very nearly the worst purchase of my life. I won't buy a similarly DRM'd ebook every again, for any amount. The hassle plus the restrictions aren't worth the $18 savings. -- "War is the father and king of all, and some he shows as gods, others as men; some he makes slaves, others free." --Heraclitus (Kahn.83/D-K.53)
participants (7)
-
Anonymous
-
Eric Murray
-
James A. Donald
-
Joseph Ashwood
-
Justin
-
Marcel Popescu
-
Shawn K. Quinn