Dell to Add Security Chip to PCs

Dan Kaminsky dan at
Thu Feb 3 23:02:43 PST 2005

>>Uh, you *really* have no idea how much the black hat community is
>>looking forward to TCPA.  For example, Office is going to have core
>>components running inside a protected environment totally immune to
>How? TCPA is only a cryptographic device, and some BIOS code, nothing
>else. Does the coming of TCPA chips eliminate the bugs, buffer overflows,
>stack overflows, or any other way to execute arbitrary code? If yes, isn't
>that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).
TCPA eliminates external checks and balances, such as antivirus.  As the 
user, I'm not trusted to audit operations within a TCPA-established 
sandbox.  Antivirus is essentially a user system auditing tool, and 
TCPA-based systems have these big black boxes AV isn't allowed to analyze.

Imagine a sandbox that parses input code signed to an API-derivable 
public key.  Imagine an exploit encrypted to that.  Can AV decrypt the 
payload and prevent execution?  No, of course not.  Only the TCPA 
sandbox can.  But since AV can't get inside of the TCPA sandbox, 
whatever content is "protected" in there is quite conspicuously unprotected.

It's a little like having a serial killer in San Quentin.  You feel 
really safe until you realize...uh, he's your cellmate.

I don't know how clear I can say this, your threat model is broken, and 
the bad guys can't stop laughing about it.

>I use cryptographic devices everyday, and TCPA is not different than the
>present situation. No better, no worse.
I do a fair number of conferences with exploit authors every few months, 
and I can tell you, much worse.  "Licking chops" is an accurate assessment.

Honestly, it's a little like HID's "radio barcode number" concept of 
RFID.  Everyone expects it to get everywhere, then get exploited 
mercilessly, then get ripped off the market quite painfully. 


More information about the cypherpunks-legacy mailing list