Palladium: hardware layering model

Mike Rosing eresrch at eskimo.com
Wed Aug 7 19:28:23 PDT 2002 

On Wed, 7 Aug 2002, AARG! Anonymous wrote:

> What is special about ring-0?  Two things: first, it can see the code
> in the TE space so that it can execute it.  And second, it doesn't
> trap into supervisor mode for things like debugger single-stepping.
> I'm not familiar with the details of the Pentium family but on most CPUs
> the debugger single-steps things by setting a flag and returning into
> the code.  The code executes one instruction and then automatically traps
> into supervisor mode, which hands off to the debugger.  This process must
> be suppressed in ring-0 mode, and likewise for any other features which
> can force a ring-0 process to trap involuntarily into supervisor mode,
> which exposes the registers and such.

If there's no way to debug the "hidden" (so called "trusted") code using
standard techniques, then how can you know it works right?  Most all
processors now have hardware debugging capability - it is a requirement
due to the complexity of the chips.  *Somebody* has to be able to run
a hardware debugger and have access to the raw hardware, even if it's just
Intel running with the covers off.

If I'm going to write a TOR, I want access to internal registers.  So
I'd expect there's a hardware interface to do that.  This basicly breaks
the whole thing.

You can't have a generic platform *and* a trusted platform.  You can have
a trusted platform which is *specific* - nobody but the manufacturer knows
the guts.  If people want to buy it because it does something useful,
that's ok, but don't call it a generic PC.

As an aside, check out http://www.beastrider.com  it's a hardware debugger
for a DSP (which I built).  The Intel processor may not work the same way,
but it's got to have some kind of similar interface, and anybody like me
can build an interface into it.

If the processor is sealed into a tamper proof case (like the IBM 4875)
Then it can be made secure for one manufacturer.  The system is checked
before being sealed.  If people want to add one to their PC they are free
to do so, but they understand who owns the key inside the sealed case.
With TCPA people do not know who owns the key - and that's its basic
problem.

Until we know real hardware details, we're not really going to figure out
what's going on.  Since Palladium guys claim that TCPA doesn't do what
they want, it seems that the hardware hasn't been figured out yet.  If the
processor isn't sealed to prevent people like me from building hardware
debuggers, then Palladium will be cracked by someone.  If it is sealed
then it's not a generic PC anymore.

I don't think it's possible to outlaw a generic pc, but I guess I'm not
willing to let congress begin to think about it either :-\

Patience, persistence, truth,
Dr. mike

More information about the cypherpunks-legacy mailing list