TCPA hack delay appeal
Mike Rosing
eresrch at eskimo.com
Fri Aug 16 06:38:56 PDT 2002
On Thu, 15 Aug 2002, Lucky Green wrote:
> Hopefully some of those people will not limit themselves to hypothetical
> attacks against The Spec, but will actually test those supposed attacks
> on shipping TPMs. Which are readily available in high-end IBM laptops.
But doesn't the owner of the box create the master key for it? They
imply that in their advertising, but I've not seen anything else
about it. It was advertised to be protection for corporate data, not
a DRM/control type thing. It would be very interesting to know the
details on that.
I found this:
http://www.pc.ibm.com/ww/resources/security/securitychip.html
but the link to "IBM Embedded Security Subsystem" goes to "page
not found".
but this one:
http://www.pc.ibm.com/ww/resources/security/secdownload.html
says in part:
"IBM Client Security Software is available via download from the Internet
to support IBM NetVista and ThinkPad models equipped with the Embedded
Security Subsystem and the new TCPA-compliant Embedded Security Subsystem
2.0. By downloading the software after the systems have been shipped, the
customer can be assured that no unauthorized parties have knowledge of the
keys and pass phrases designated by the customer."
So it looks like IBM is ahead of Microsoft on this one. but if
TCPA isn't fully formalized, what does "TCPA-compliant" mean?
In any case, they imply here that the customer needs to contact
IBM to turn the thing on, so it does seem that IBM has some kind
of master key for the portable. I wonder if they mean IBM is
authorized to know the customer's keys?
Patience, persistence, truth,
Dr. mike
More information about the cypherpunks-legacy
mailing list