Discuss BIOS and Palladium Issues With an AMIBIOS Rep 455
After this Slashdot discussion about the relationship between BIOS biggie American Megatrends Inc. (AMI) and Palladium appeared, we got an email from AMI sales engineer (and former Linux.com contributor) Brian Richardson, who wrote, "I am a bit concerned that the information you provided misled your readers into thinking AMI was promoting Palladium or taking some sort of anti-open-source stance. This might be due to the fact that TCPA was mistakenly equated to Palladium, or questioning how Linux would run on a TCPA-enabled system ... or by the horde of angry Slashdot readers telling us they would never buy an AMI product because we were forcing standards on them." Brian offered himself up as (his words) a "Slashdot interview victim" to clear things up.(Update by RM: And, says Brian, he's happy to answer other BIOS questions as well.) So ask, already, and let's get things cleared up. (Usual Slashdot interview rules.)
What will happen with Linux systems. (Score:5, Interesting)
Net weight (Score:5, Insightful)
Palladium claims to have the freedom to choose whether you want to connect to another palladium machine. This freedom is at an individual level, in the same was I can choose to use Abiword.
If Palladium achieves mass market how will my freedom not to use Palladium be possible? Will it be like having the Freedom to speak Esperanto?
Palladium is Not TCPA; TCPA is worse (Score:3, Informative)
TCPA is a different issue - it's a set of BIOS features that will only let the machine start up if it's running a certified operating system configuration (which the hardware validates as unmodified), and a set of features that let an operating system and application programs check that the system is running in TCPA-approved mode (that's a bit similar to Palladium, but still fundamentally different), and a set of things that the system won't do if it's not running a certified system. Depending on which version of the spec and proposed followons you're reading and how aggressive the implementation is, there may be things that you'd like to do that you can't do on a non-certified system - like use the sound card, or maybe the _video_, or maybe it won't boot at all, or maybe it just won't let you load kernel modules, plus it obviously won't tell the software that you're running in Trust-Us mode if you're not.
Obviously, an aggressive implementation won't fly for many Linux users, but it may still be usable by Linux _consumers_. The best case is somewhat like having a car with the hood welded shut and a security system that disables it if you mess around; you can paint it any color you'd like, and put whatever you want in the trunk, but you can't start the engine unless your seatbelt's on and you blow in the breathalyzer (which is hard to reach when you're wearing your seatbelt, of course), and if you take the radio out, the radio won't work and the car won't let you put a different radio in, so the RIAA knows you're not playing MP3-CDs in your car, but at least it isn't always tuned to MS-NBC, though if you're playing a non-RIAA-certified CD, it only plays on the tinny little mono speaker in the dashboard, not the four-way tunable woofers or the heads-up display system, and if you do tune to a different radio station, it only uses the right-hand speaker if Rush Limbaugh is on, and only uses the left-hand speakers if it's National Public Radio, and I'm sorry but you can't play Free Radio Berkeley [freeradio.org] at all...
Re:What will happen with Linux systems. (Score:5, Insightful)
"The operating system about to be loaded does not have a valid security signature. As such it is not possible for the BIOS to prevent unsafe software from operating. Are you sure that you wish to continue loading this software."
But yours is just as good
Here's a simple one... (Score:4, Redundant)
Re:Here's a simple one... (Score:5, Interesting)
In answering this question, I would ask that our interview victim clarify whether there are any circumstances under which "alternative operating systems" would need to be cryptographically signed by an authority in order to boot, and if so, who is that authority?
As Ross Anderson pointed out last year [cryptome.org],
Re:Here's a simple one... (Score:3, Insightful)
Oh, for crying out loud.
The GPL was not, ever, ever, ever, meant to make it so buying software wasn't worthwhile. In fact, the situation outlined in the parent post is _an ideal business model_ for GPL'd software.
You keep all of the rights the GPL was designed to preserve (distributing and re-working code you buy), and there's still something worthwhile for buying the software.
Re:Here's a simple one... (Score:5, Insightful)
Unless the BIOS has a provision of the owner of the machine to add keys to accept as legitimate signatures or disable the signature checking, having software I can change is no good. Unless there's some way for the end user to say, look I own the machine, and I'm technically competent to verify the software I trust, let me run it the source code is relatively useless.
If that mean's there's a dongle, switch or jumper that has to set up correctly, that's fine by me. Then RedHat and other major distributors can get there kernels certified and signed, and all of the other binaries out there. Then the masses can get trusted computing, and I can certify my own stuff as trusted.
Kirby
Re:Here's a simple one... (Score:5, Insightful)
That's it. It doesn't mean the software is secure. It does mean, that any joe user can't just run any old code they compile up. However, if they disable my ability to write shell scripts, they are screwed. SA's will not under any circumstance give up the ability to write quick little shell scripts. It'll never happen. They will vote with their wallet on that one.
So when a security hole is found in the cryptographic software, they won't be able to just download new binaries to trojan my system. However, they can still just follow the flaw they have found in all the time. They can still script up various badnesses. They will still be able to do all variety of badness to me. They just can't put a trojan'ed version of SSH on my machine to get my passwords. Instead they will script up ssh to run out of gdb, and write the passwords in the clear out of gdb, and run as per normal. Hiding what is going on will be difficult because root kits will be more difficult to install. Now all they have to do is uninstall, the binary once they have the appropriate pieces of information to authenticate to your machine. Now they just authenticate like a normal user. They are in, and can poke around all they want.
Signed binaries, only means your running binaries that you got from the vendor, that's it. It'll change how the cracks work, but it won't mean you don't get cracked. Trust me, given enough time and research a person can break into your machine using only the binaries RedHat or the Debian, or whatever vendor you use. I'll still be able to ship off your private data, I'll still be able to deface your web site. I'll still be able to compromise the CGI's. Oh wait, are you saying I've got to get the CGI's certified too. That'll never happen. Not in a million zillion years. Internal busniess processes move to fast to do that.
Signed binaries are no silver bullet. The best they can do is refuse to sign them until a full audit has happened. You don't need signed binaries for that, only install things that have had a full audit, and it's just as good security for the initial break-in. Once the intial break in happens, that's about monitoring for odd behavior, which again has nothing to do with signed binaries. Of course don't get too pissed off, if you don't get a shell with your new Linux distro.
On certain binaries, it would be nice to enforce the signatures on, like standard libraries, and the kernel. However, most people use tripwire to do that things like that. Maybe the ability for RPM's to carry around the signatures of the files they installed, then verify those signatures after the fact using read-only bootable media, with the RPM signatures on it.
Signed binaries are a good thing, but I don't see them as the end all be all of security. I don't see them as a useful tool, because they will just get in the way anyplace where you release binaries on a regular basis like I do where I work. If the signed binaries don't, they they aren't providing the security that I hear advertised for them.
Kirby
Re:Here's a simple one... (Score:5, Insightful)
Hear, hear.
This, IMO, is the core of Microsoft's evil plan. I will even dare to say that, as much as I am interested in theis AMI guy's answers, his company is not the one with for the plan --they are merely dragged into it, and I think they can't do squat about it. You will get no relief from him.
See, I really don't think AMI, or any BIOS manufacturer, will ever make one that plainly refuses to boot a bootloader because it lacks a signature from a CA it trusts. That opens a class vulnerability in the scheme (a single CA key is compromised and you lose the whole system). Also, it is just too bloody obvious to the EFF and the likes. And it is unnecessary for the evil plan to succeed. The BIOS will always boot whatever you ask it to boot. I'm ready to take a bet on that. That is not the problem.
The problem is, the BIOS will checksum the bootloader, and store that checksum in a safe place. Furthermore, the BIOS will provide, to any program that asks for it, be it "trusted" or not, that hash, cryptographically signed with the BIOS key (btw the only key that has to reside in the BIOS, and you can bet it will be hardcoded in the silicon, not overridable). From that point on, you can build "trusted" data delivery paths entirely in software.
Here's an example: Say, you want to watch a movie trailer. So your browser connects to Universal Pictures' server, which demands cryptographic proof that it can "trust" your computer. So your media player software obtains that proof from the OS, and delivers it. What the OS delivers the hash of the media player, signed with the OS key. To guarantee the integrity of the OS, it includes the OS' hash, signed by the bootloader. To guarantee the bootloader's integrity, it includes the bootloader's hash, signed by the BIOS. Voilá, you have crypto proof that your entire system is kosher. Universal's server has only to verify that the BIOS's key is trustable, which they can do by checking it against AMI, or whatever. If that key is compromised (e.g., you crack the key of your BIOS), then they have a problem with a single individual, not a class compromise.
But the point is: you have NO say on which keys are trustable or not, because the verifying is not done by you. It is done by Universal. The best you can do is not buy Universal.
But now imagine this thread's scenario: your ISP is the one that requires proof of "trustability" before letting you connect. You will have to either (1) make your ISP include your OS's key in their trust list, or (2) switch to Windows, or (3) switch to another ISP that does not require this. But you will have option (3) for just some time: just picture the logical progression of this. Extend to almost everything else: online banking, electronic commerce, fucking email! You have MS Internet[TM], what Bill has always wanted.
And you can bet it will be eagerly adopted by banks, media companies, and the likes, because it is the single scheme that allows them to "protect" their data against their own customers. And all the time we will be scratching our own heads, wondering how we let that happen, if we, after all, successfully coerced AMI into not making a BIOS that refuses to boot Linux.
This is pure, concentrated evil. I stand in awe of Microsoft. I'm very, very concerned about this.
TCPA and the future (Score:4, Interesting)
What sort of future do you see for TCPA? Do you see it as inevitable, or is it just a fad thing that will pass?
Assuming it does catch on, what form do you see it taking? What we all fear (only signed apps will run, non-signed apps can't access system data/data from signed apps), or some lesser form?
So what are the differences ... (Score:5, Interesting)
TCPA & Palladium (Score:5, Interesting)
Re:TCPA & Palladium (Score:2, Informative)
More here [cam.ac.uk]
Something in everyone's mind (Score:5, Interesting)
Re:Something in everyone's mind (Score:2)
Will it be possible to disable <insert DRM feature> with absolute transparancy to essentially all of the networked community and services on future motherboards which will implement DRM techniques ?
Obviously, the answer is no, if "the networked community and services" are to include future trusted parties enabled. Therefore, AMI is fundamentally supporting Palladium, thus Microsoft, to dominate future web contents and infrastructure.
Period.
Re:Something in everyone's mind (Score:2)
br. OR, yes, but anything that expects to have it on won't run. Which for many might be a reasonable alternative.
"Trusted" computer (Score:5, Insightful)
a) Isn't the goal of "trusted computing" to allow entities other than the owner of the computer to control what the owner does with his/her hardware? For example, "trusted computing" applied to music implies that the music publisher gains control over what the computer owner can do with the music data files. Isn't this the exact opposite of "trust" as that word is normally used - a trusted computer is one that can't be trusted by the computer's owner to perform the tasks asked of it, because other entities have veto power over the computer's actions?
b) Companies like AMI have repeatedly claimed that they aren't part of Palladium. However, isn't it true that without AMI's trusted BIOS (and all the other components necessary to build a "trusted computer"), Palladium wouldn't work? Why does AMI think they shouldn't be held responsible for enabling Palladium and similar schemes?
c) In what way does AMI benefit, financially or otherwise, from introducing a BIOS designed to make the computer it is installed in less useful to the purchaser of the computer? Please avoid saying that this is "optional"; AMI wouldn't create this BIOS if it wasn't intended to be used.
d) What is a "sales engineer"? Is your job primarily public relations, or primarily engineering, or primarily product sales?
Re:"Trusted" computer (Score:2)
Basically a 'sales engineer' is a salesman with a technical background so that they can talk intelligently about the product without looking like a pointy haired manager. sometimes an ex-geek.
Re:"Trusted" computer (Score:5, Insightful)
YES!
And here is the explanation that must be quoted again and again until we all know it (quoted from http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html)
24. So why is this called `Trusted Computing'? I don't see why I should trust it at all!
It's almost an in-joke. In the US Department of Defense, a `trusted system or component' is defined as `one which can break the security policy'. This might seem counter-intuitive at first, but just stop to think about it. The mail guard or firewall that stands between a Secret and a Top Secret system can - if it fails - break the security policy that mail should only ever flow from Secret to Top Secret, but never in the other direction. It is therefore trusted to enforce the information flow policy.
Or take a civilian example: suppose you trust your doctor to keep your medical records private. This means that he has access to your records, so he could leak them to the press if he were careless or malicious. You don't trust me to keep your medical records, because I don't have them; regardless of whether I like you or hate you, I can't do anything to affect your policy that your medical records should be confidential. Your doctor can, though; and the fact that he is in a position to harm you is really what is meant (at a system level) when you say that you trust him. You may have a warm feeling about him, or you may just have to trust him because he is the only doctor on the island where you live; no matter, the DoD definition strips away these fuzzy, emotional aspects of `trust' (that can confuse people).
Remember during the late 1990s, as people debated government control over cryptography, Al Gore proposed a `Trusted Third Party' - a service that would keep a copy of your decryption key safe, just in case you (or the FBI, or the NSA) ever needed it. The name was derided as the sort of marketing exercise that saw the Russian colony of East Germany called a `Democratic Republic'. But it really does chime with DoD thinking. A Trusted Third Party is a third party that can break your security policy.
25. So a `Trusted Computer' is one that can break my security?
Now you've got it.
Re:"Trusted" computer (Score:4, Funny)
Re:"Trusted" computer (Score:3, Informative)
Something is trustworthy when it is thought to not be likely to screw up when it is trusted to do something.
So, when you put up your organization's website on an unpatched IIS server, that computer is trusted to serve that set of pages and not all the pages to be changed by anybody other than those people trusted enough to be authorized to do so.
However, since an unpatched IIS server has security holes that allow for the site to be either taken offline, or replaced with an undesired site, that unpatched IIS server is not trustworthy... which means it's not a good idea to put an unpatched IIS server in a trusted position. If you do, it's very possible the unpatched IIS server might fail to live up to its responsiblites, causing the bad things you didn't want to happen.
Likewise, any of the trusted people might go crazy and decide to use their password to walk right in the front door and tear the site apart. This is why its important that you select trustworthy people, and as few people as possible, to hold that password.
Re:"Trusted" computer (Score:3, Offtopic)
Guns do things other than killing people. 1) Target shooting. 2) Shooting animals.
If I were a gun owner, I would want to use my gun for lawful purposes, such as target shooting or home defense. I would not want to use it for murder. The gun is not taking anything away from me; instead, it's giving me extra capabilities.
TCPA does not give me, the computer user, any new capabilities at all. Instead, it takes away capabilities, such as being able to access all the data on my system, convert data between formats, etc. It gives extra control of my data to media corporations, but this doesn't help me, the user, at all.
The whole point of this argument was whether AMI could claim innocence by selling a TCPA-enabled BIOS, using the argument that it allows both good and bad uses. A baseball bat manufacturer can claim innocence because their bats are sold for the purpose of playing baseball, not cracking people's heads open. A gun manufacturer can claim the same, although their product is obviously much more dangerous, and is normally used for killing something (which is only a bad thing if it's a murder). A tobacco manufacturer, OTOH, cannot claim any innocence because their products are only used to harm people (even though their customers do buy the product willingly). Similarly, AMI's new product can only be used to harm their customers, and it's even worse than the tobacco companies because the customers don't want TCPA and never asked for it. They're only doing this in collusion with other anti-end-user companies like Microsoft and Intel, in order to possible increase their profits at the expense of freedom, and by providing something that customers never asked for.
So by this analysis, AMI is even lower than the tobacco companies. Imagine that...
microsoft OS spin (Score:5, Insightful)
Licensing (Score:5, Interesting)
That would be terrible as it would kill many under funded open source OSes that aren't as big as the Linux big players.
Arc
Re:Licensing (Score:5, Interesting)
Gasp! MS would never do something as low as that!
Interview??? (Score:2, Interesting)
On the Exclusionary Uses of TCPA (Score:5, Interesting)
Re:On the Exclusionary Uses of TCPA (Score:2)
Let me rephrase my question: provided that TCPA does not discriminate against any services, and does not distinguish between those that own some paid licences and those that don't... what ELSE can it be used for?
Customization support? (Score:5, Interesting)
yes would be a fantastic result (Score:3, Interesting)
Especially if it could be fine grained down to a per user basis. i.e. a system wide policy of who can run what.
Then you could have root to be only available in single user mode.
Stick that up your rootkit.
hmm it's starting to sound like plan9
Do you think Palladium is a good thing? (Score:5, Interesting)
Do you think Palladium is a good thing? Whether your answer is "yes" or "no", please explain.
Knowing that Palladium is a Microsoft Technology, do you think AMI is making a smart move by adopting it? Again, please explain your position.
Are you afraid that Microsoft may use its position to control, not just 90% of the software used on PC, but also the overall architecture of modern machines?
Many thanks in advance.
General TC question (Score:5, Interesting)
Re:General TC question (Score:3, Interesting)
You clearly don't understand the use of word "trusted" here. read this [cam.ac.uk]. If you want to make it short, start from question #24.
So long as the user selects which code will be trusted, it has great potential for good.
We already have code signing and confirmation before installs. The problem is that users trust the WRONG programs. Either this will increase the number of "are you sure you want this" (not removing the problem of people making mistakes). Or, more likely, the selection of which code to trust will be relegated to BIOS/MS/etc... that would also be bad...
So it's not Palldium... (Score:4, Interesting)
And what if Microsoft releases a software that needs it, won't AMI need to adopt it so it can run the "DRM features"?
How will Linux, or any other "non-trusted" software run on your hardware?
Acronyms (Score:2, Funny)
Shouldn't it be: (Score:3, Funny)
Re:Shouldn't it be: (Score:4, Funny)
Re:Acronyms (Score:2)
Bias? Moi?
How can we confirm that NO BS is in your BIOSes (Score:5, Interesting)
Can we really take the word of a conglomerate? Will you be able to ensure that what you are saying is accurate?
Modern conglomerates usually misrepresent their products if they think it will generate more customers. How can we be sure that you wouldn't be doing this to us?
Re:How can we confirm that NO BS is in your BIOSes (Score:5, Funny)
Only to catch terrorists...
Will the BIOS contain spyware?
Never! It will contain some select offers from our partners and collect some information to customize and improve your booting experience
Can we really take the word of a conglomerate?
Will you be able to ensure that what you are saying is accurate?
No.
Our EULA will take care of that.
Modern conglomerates usually misrepresent their products if they think it will generate more customers. How can we be sure that you wouldn't be doing this to us?
As the courts become less and less of a threat for a corporation (and already a 0-threat to a corporation from an individual). There is NO way to be sure. Unless all the non-entry level employees in the company will be made to sign all these statements...
A question.... (Score:4, Funny)
Re:A question.... (Score:2, Funny)
Lockout (Score:5, Interesting)
If ANY of these CAN be a side effect of this technology, it is bad. There are stumbling blocks, of course, but no one will have ultimate say over what does or does not run on my own computer.
.
Advantage (Score:5, Insightful)
Boycott actions against TCPA? (Score:2)
Re:Boycott actions against TCPA? (Score:2)
Can we ask him if, in stark turnover terms, he would be more afraid of people not being able to use the next generation of MS products on his company's products?
Refunds/Opt-outs (Score:4, Interesting)
Re:Refunds/Opt-outs (Score:2)
Re:Refunds/Opt-outs (Score:4, Insightful)
If I buy a phone that has a caller id function but I don't subscribe to the service I can't pull the LCD and pry the caller id chips out and ask for a refund.
Damn, read the shit you type before submitting it and try to remember exactly when it was that you lost all semblence of sanity.
My Question Is: (Score:4, Funny)
No, I have not RTFA, I'm just taking the piss, ok?
Portability of software/licenses with TCPA (Score:5, Interesting)
Performance hit (Score:5, Interesting)
How would AMI response to market pressures? (Score:5, Interesting)
Would AMI disclose that such pressures were being placed on them, or would this type of fact be kept hidden from consumer groups or individuals, etc. until it was too late for us to effectively respond?
Options? (Score:4, Interesting)
Have customers asked for TCPA features? (Score:5, Interesting)
So maybe you can set me straight: do you think your customers want TCPA? If so, why? Who are these customers? If this a case where customers are not the same as users?
Software. (Score:3, Interesting)
A question. (Score:4, Interesting)
An answer. (Score:4, Funny)
Of course. All my answers will be the [...] truth. No editorial input will be applied [unless deemed strictly necessary to guarantee appropriate standards of presentation -- Ed] between the time that [I] write the article and the time that [I] send it to [its recipient]. The PR guys promised. [No, we didn't.]
Come on, who're you kiddin'? Any reply from this guy, or anyone else writing on a subject so obviously controvserial, is going to be screened seventeen times over by PR weenies before it gets out into the wild.
Non-Linux, non-Microsoft operating systems (Score:5, Interesting)
One of the operating systems I use is FreeBSD. Will that still be usable, or will it be forced to deal with substandard or non-existant drivers (think NVidia until recently). I also use QNX. Will that work? How about a new OS that will be created sometime in the future?
What the hell is a sales engineer? (Score:2)
Re:What the hell is a sales engineer? (Score:2)
Re: (Score:2)
The crux of "trustworthy computing"... (Score:4, Interesting)
TCPA is fundamentally a sound technological concept, but wide open for abuse. If it could be used for the user's benefit to prevent against viruses etc, then that's great.
What I'm saying is that the owner of the computer should be able to override the trust relationships - assert that the code is trusted (by them). The owner of the computer should have the ultimate veto. After all, it is theirs. Does AMI's plans for a TCPA implementation have this in mind?
How will I be affected??? (Score:5, Interesting)
What makes you think? (Score:4, Interesting)
Something has been bothering me...... (Score:3, Interesting)
Then, building on the above answer, can you explain why the open source community has only yelled and screamed about how evil Palladium is, rather the doing what they preach others should do? (Which is, of course, create an open source, trusted architecture (i.e.: TCPA) which protects/promotes consumer rights over and above the rights of corporate media groups.)
Or (if the above is not possible) can you at least explain why building an open source TCPA structure is not possible?
Straight-up products? (Score:5, Interesting)
Two versions (Score:2, Interesting)
K901 (Trusted Computing enabled)
K901B (Trusted Computing disabled)
And enable users to crossship the chips if they want a different version...
Missing Idea (Score:5, Interesting)
Hardware vendors (Score:5, Interesting)
Technology can be used for good and evil (Score:5, Interesting)
As we all know, technology can be used for the purposes of both good and evil. Here are things that I consider good about where TCPA is going, along with the evil.
Good
Evil
There are many advantages for the hardware/software/content vendors if this is realized, but few of them seem consumer driven: the erosion of fair use, the control of speech, taking a cut of every e-commerce transation, eliminating standards and competition.
Undoubtedly, your shareholders will push you to cooperate with the software/content vendors because it means big money for them and anyone who plays ball, but for us, it means we lose a lot. PR will say that it stops pirates from raising music/movie prices, and that it means ISVs can produce software that can't be warezed, no more cheating in online games, no more child porn, ad infinitum, and it's all for our own good.
Unfortunately, the potential for abuse is extraordinary, and the last thing I want to see is more of my friends being locked up because they do something with their computers that some company doesn't agree with. And right now it looks like AMI wants just that to happen.
Yes, right now your BIOS may offer choice, but hardware vendors seem committed to building an infrastructure that one day can make it very easy to eliminate this choice.
Please explain why we do want TCPA, why we should support your company, and how we can be assured that our colleagues don't go to jail just for believing they still control systems they bought. Also, please explain why the system we have now is so inadequete.
Thank you.
I'm a little blurry on the details here.... (Score:5, Interesting)
If I want to install a new boot sector, do I generate my own key, install that, and self-sign the boot code? Or do the LILO or GRUB teams have to get a key issued and then sign things themselves?
Who has ultimate control over the keys? CAN I install my own, or is it centralized somewhere? Who does TCPA *ultimately* trust? How can I be *certain* that it doesn't trust anyone I don't want it to? If I screw up and lose my key, how I recover access to the system?
I assume there must be some master, uneraseable keys in TCPA; I just can't imagine that you'd ship it without implicitly trusting Microsoft, and I distrust Microsoft very much. And if there are recovery keys in there, do I have to ship my machine away to some lab to replace a lost key, or can I do it myself? And if there IS a master, unerasable key available for recovery purposes, why can't virus writers just sign their code with that key instead?
Re:I'm a little blurry on the details here.... (Score:3, Informative)
If I understood the prior articles correctly, TCPA should provide
I'm amazed at how common this meme has become despite the fact that it is completely false. TCPA in no way dicates what code can run on the machine. The "security" it offers works in pretty much the reverse fashion. The TCPA BIOS hashes the bootloader and saves that hash in a secure place. That allows the bootloader to verify that it really did run first. The bootloader can then hash some portion of the OS, and then load and execute it. The OS can then verify that the boot process really was TCPA-BIOS->Correct bootloader->Unmodified OS. And more importantly, the OS can have the BIOS give it a cryptographic "proof" of this fact to hand to other programs or web sites.
What does this mean for Linux? Probably nothing. Linux could make use of this functionality, but my guess is it probably won't. The fact is that unless your code actually bothers to check the TCPA state of the machine, it just doesn't matter.
On the other hand, Palladium might make some things a little trickier. Since the bootloader is part of the TCPA chain of trust, it's highly unlikely that Palladium will be able to enter it's "secure" mode if you are using LILO or grub. So if you are somebody who actually dual-boots you will probably have to have an official Microsoft bootloader on
Could Microsoft abuse this to try to prevent users from dual booting? Sure. But they could easily prevent people from dual booting today if they wanted to. It's just that it would be such a blatantly anti-competetive move that even Microsoft would have a hard time pulling it off. They could refuse to boot thru LILO. They could complain and offer to "fix" any non-FAT or NTFS partitions at every boot. They could use browser version strings to control access to updates on their web site and bring DMCA charges against browsers which circumvent that by pretending to be IE. TCPA doesn't really make it easier to Microsoft to screw with people who dual boot. It's already trivial today!
Why are BIOSes closed source? (Score:5, Interesting)
An open-source TCPA BIOS might go a long way to alleviating the fears of the open source community, since we could see exactly what it is you're forcing on us. And hey, no doubt you'd get a few bug-fixing patches in return for your efforts.
So, is an open-source BIOS a possibility? (TCPA or otherwise)
-- Bob
OpenBIOS (Score:2, Interesting)
Here is s solution for those not wanting to give up theyre hardware control.
E-mail sent to marketing@ami (Score:5, Interesting)
I sure would hate to be in your shoes right now. Putting yourself in front of a firing squad voluntarely takes guts.
I sent an e-mail to marketing complaining about AMI supporting TCPA, and got the standard reply in return. My answer is below, and I am still waiting for a reply.
Umbertina E. Vezzani wrote:
Hello Laars,
You can already find TCPA-enabled products on the market but they have a different BIOS.
I am perfectly aware of that, and that is why I don't buy IBM laptops any more.
The Security subsystem is intended for those users who want an extra security protection that is valid even outside the OS.
The motherboard and system manufacturers will specify their system features, so I believe you will certainly be able to choose the features you want. I really don't think you will buy a motherboard with a hidden feature or "fritz".
I am not afraid of hidden features. TCPA is merely the scaffolding which enables building "trusted applications"/"trusted clients". What I am afraid of, is how software vendors and the content industry will (ab)use TCPA.
As for the reference to "fritz" - I think Ross Anderson went a little bit over the top in his critisism of TCPA. A much better overview of some of the technical problems with TCPA can be found here (I fully endorse Mr. Arbaugh's suggestions):
http://www.cs.umd.edu/~waa/TCPA/TC
TCPA is meant to answer to a demand of security from users, not something else.
What demand exactly? TCPA doesn't solve any of the major security problems.
TCPA only answers the question "has the basic components of this system been changed?", and makes it possible for 3rd parties to verify the state ("trustworthiness") of a system.
The majority of security problems are on the OS or application level - macro/scripting vulnerabilities, virii, buffer overruns and similar. TCPA doesn't provide a solution for any of those. In fact, a software sandbox like Java or running certain applications in vmware virtual machines provides better protection against those real world problems.
What exactly is TCPA supposed to solve? Don't give me some marketing fluff about "enhancing security for the user". I want cold, clear, technical examples of real world security problems that TCPA is supposed to solve.
Also, which users are demanding TCPA? Users want protection against virii and similar, but TCPA doesn't solve those problems. Who are the end users that demand something like TCPA?
I also believe that, if there is a solid foundation to the concerns for privacy people is expecting, the TCPA itself will improve its specification to address those concerns.
So there is a real chance the next revision of the TCPA spec will include proper anonymous certificates a'la Chaum instead of the current "please trust the privacy CA" solution?
It must be noted that AMI has not announced support for Palladium. Palladium is an initiative by an OS entity that is slated for the future.
I know that. I also know that there is considerable disagreement going on between the Palladium and the TCPA proponents.
To be honest, TCPA is a better specification than Palladium. However, TCPA does provide the scaffolding required for building "trusted systems" - i.e., that a 3rd party can control what is happening on my computer. TCPA is a Pandora's box - if abused, it could have a devastating effect on both innovation, privacy and consumer rights.
Regarding the limitations of a system with TCPA I would offer the link below to the public specification for further information on compatibility with different OS's, and hardware. Based on that spec we can tell you that it does not limit the ability to run Linux (or any other open source solution).
How is that supposed to make me feel good? I know that it is possible to disable (most of) TCPA. I know that my computer will continue to work even if the TCPA subsystem tell other computers out there that my computer has zero "trustworthiness".
However, once digital commerce, streaming media and other online content start demanding TCPA enabled clients you are effectively a second rate citizen on the 'net and are locked out of a lot of content if TCPA is disabled on your computer.
So:
1) TCPA does not provide true anonymity (you have to trust the privacy CA).
2) The scaffolding provided by TCPA can be abused by those who want to disable the Turing completeness of computers and instead turn them into locked down interactive content delivery platforms.
3) The market effect will force people to use TCPA and TCPA enabled "trusted clients" even if they don't want to.
4) TCPA is advertised as a security solution, but does not solve most of the real world security problems.
With kind regards,
Lars Gaarden
Platform owner (Score:5, Interesting)
Do you see mandatory TCPA and/or Palladium (Score:3, Interesting)
I understand that if I want to play MPAA or RIAA content, I may need to have a DRM OS, probably Palladium, and it will need to be on a system with a TCPA BIOS.
But what if I want to just boot Linux (or trusty old Win98SE) to program or play games?
Will I be permitted to run an "untrusted" computer, or is it only a matter of time until the only new computer is a trusted computer that will only run a trusted OS?
So why SHOULDN'T we boycott AMI? (Score:4, Insightful)
It plainly is anti open-source.
TPM has no benefit to end users. All it does is give Microsoft an argument to use with ISVs as to why they shouldn't develop products for open source platforms. They can say: "If you ever release your product for Linux, some people will disassemble it. But with our "trusted" OSes, you'll never have to worry about crackers, because we don't let our customers control their own machines".
It's a powerful argument. There may even be a few ISVs stupid enough to fall for it. (Most ISVs don't go out of business from cracks, they die when Microsoft itself uses its monopoly power to sieze the market the ISV developed.)
But it's all a moot point. Why shouldn't we be trying to nip this in the bud? Why shouldn't we be spreading the word to everyone we know that people who buy AMI will very soon have to accept whatever draconian "Clickthrough" is on the software package, giving up their legal rights for no consideration whatsoever?
In short, why shouldn't we be trying to drive AMI out of business?
Sounds like a plan to me.
In plain English (so my mom would understand) (Score:3, Insightful)
Why can't my computer be trusted?
Is this trying to fix a fundamental flaw in operating systems?
Real Questions (Score:5, Interesting)
2) What does it take (steps, costs including licensing fees) to make application Bar run on Foo? On any other OS?
Ignoring rampant paranoia, these are the questions that will actually affect open source development. It comes down to how much will it cost for us to run our programs?
Compatibility with Garage "Hacks" (Score:5, Interesting)
Technical Explanation of BIOS Settings (Score:5, Interesting)
-Jay
How do you feel about TCPI? (Score:3, Insightful)
Who will you give access to your machine (Microsoft, RIAA, MPAA, Homeland Security)?
When the thought police come to round up us 'Criminals' that will not give up our 'untrusted' systems will you be able to sleep at night?
SD
Is TCPA/Palladium is making de facto-contracts? (Score:5, Insightful)
However, we never get a say in this, we never agree to any such "contract". If your company is producing a product as part of a system designed to disempower me in favor of a machine, does it really surprise you that I don't like it?
TCPA/Palladium has never been about how I, the end user can come in control of my machine, because I am already in total control (up to the limitations of my tools). TCPA can for me, at best, be a hardware version of a "sandbox", where I control what resources are availible to a given program. But such programs already exists in software and has no need for hardware backing.
Many people have compared TCPA to being a program running in Ring -1 (Ring 0 being the OS kernel). The only thing it can control in addition to what the OS already can control, is what runs in Ring 0. So why do you need to control what runs in Ring 0? Answer me that.
Because you can't trust me, isn't it?. Isn't that what it's all about? Having a trust chain that I can't break. So the content, and my machine can negoiate a deal, without me ever getting a say. So that they two can decide, regardsless of rights granted by law (like fair use and first sale), when, how, where and what I can see, hear, use and do. And you don't find that offensive?
Kjella
The death of WINE (Score:3, Informative)
- Office Palladium will require TCPA
- Linux, as an untrusted OS, won't be able to provide Office Palladium proper authentication, and Office will refuse to run under WINE.
- Windows users become reluctant to migrate to Linux since they can't run Office. (Believe it or not, Office is still the killer app for most folks).
I'm telling ya, the Office division is behind this at least as much as the content industry.
What is the driving force behind this? (Score:3, Insightful)
Why is AMI doing this?
Do they think people want their OS to be able to lock them out of certain parts of their machine?
You see, I can't really see any application for TCPA / Palladium besides taking control away from the owner of a computer. Any of the other "security" features TCPA/Palladium provides can/have been easily implemented in software. The only application that requires BIOS/hardware level modifications, is one where you are trying to prevent the person who owns the computer from have full control over it.
Lately I've been beginning to notice that some companies have internal conflicts of interest that cause them to do stupid things, which are not what consumers want. (Stupid because, they loose money because consumers go elsewhere to get hardware that isn't crippled and any piracy that was going to happen still happens anyways.)
Sony, for example. Being both a hardware company and a media company, they seem to have an internal conflict of interest: To many RIAA/MPAA types CD/DVD burners are synonymous with piracy, this must lead to internal pressure on the hardware branch of the company to try and control what people can do with Sony hardware. Ex: It's rumored that Sony DVD burners can burn Xbox games but not PS2 games, Sony Discmans have often had sub-par CDR playing ability, Sony Minidisc recorders had an annoying copy protection flag that prevented you from making many digital copies of a minidisc.
This whole thing reminds me very much of the whole CPUID debacle. CPU manufacturer X starts putting unique ID numbers inside their CPU. They claim it will allow increased security for web transactions blah, blah, blah. The problem was there was not good reason why your average computer user would want a unique unchangable serial number for his computer. There was a tremendous potential for violation user's privacy and no good reason why they needed it in the first place. Why? A unique id could be implemented in software. The only reason to have it in hardware is to prevent the owner of the computer from changing
People didn't want them, and CPUIDs failed. Why does AMI think this is any different?
Multi-part question (Score:3, Interesting)
Second part, and less important, what is the story with firewire booting? How hard is it to graft additional boot code onto a BIOS and present a device as a reasonable boot device to the rest of the BIOS?
Usual interview rules apply.. (Score:4, Insightful)
But it occurs to me, there's probably many who don't. Why not have a page outlining the usual interview rules, and link to it when saying something like that?
Comment removed (Score:3, Interesting)
Which is MORE important? (Score:3, Interesting)
OR
A "content provider's" rights?
Please don't bother answering if you're going to waffle.
Okay, Brian, serious question. (Score:5, Insightful)
However, we ALL know that Palladium will run in TCPA trusted mode, and TCPA functions will be active.
So here's the question (ahem):
If:
- I, as a Linux user, want to BUY the next version of Microsoft Office(tm) and run it on my Linux box under WINE, and:
- said version of Office requires that it be run on a trusted platform (i.e. it requires TCPA authentication),
WHAT WILL HAPPEN?
I'm sure you think this is a loaded question. It is, and it isn't. It is in the sense that I suspect what the answer will be, but I want to hear you answer it. It isn't, in the sense that this is a very serious issue and has enormous ramifications for the entire industry. You see, I think that TCPA+Palladium are really schemes for killing Linux by denying it the ability to run Microsoft applications. To that end, I don't consider you accomplices, but perhaps dupes. I ask you the above question in all seriousness, and I challenge you to prove me wrong.
Anti-competitive tactics 101 (Score:4, Insightful)
- Introduce a new version of Office that introduces a new default file format. This is key, since in five years this file format would be ubiquitous, and the new version of Office would be required to read these files. Forget about sticking with Office 2k/XP. It isn't an option.
- Either use TCPA to encrypt the new
- Make this shiny new version of Office require a "trusted" platform (i.e. TCPA mode) to run with full functionality. You've just locked out Linux+WINE and made it very hard for vendors to sell or offer PC's without Windows, since they will not only be unable to run Office, they won't even be able to read the new
Voila! You've managed to use your Office software monopoly to preserve your OS monopoly. Switching to Linux+WINE a few years from now will make it impossible to read documents in the new Office, without perhaps exporting those documents to some other format (which would of course by design lose some vital formatting information). It makes it really hard for companies to switch, and dissuades people from migrating since they'll have to not only leave Office behind, but their Office documents as well. It also totally breaks the ability to share documents between the Linux and Windows worlds, without first changing to a (likely inferior) common format first. While you could probably convert back to the new
I wish I felt wrong about this, but I really believe that this is Microsoft's strategy to kill Linux. IMHO TCPA really is that dangerous--the whole thing about online music and movies is trivial by comparison (maybe it's a smoke screen).
What do you think about Linux BIOS? (Score:5, Insightful)
Dear AMI BIOS Developer
At first, I was going to ask you about how you have cooperated, if at all, with the Linux BIOS project. After all, you often have historically cooperated with Microsoft and Novell. What are you doing to help Linux?
But then it occurred to me, if Linux BIOS was successful, it would put AMI out of the BIOS software development business. Linux BIOS is a competitor of AMI.
What is your personal perspective about Linux BIOS, and what does AMI think about it?
Thank you
The LinuxBIOS Home Page
http://www.acl.lanl.gov/linuxbios/
Slashdot | Linux BIOS
http://slashdot.org/articles/00/06/14/21102
# Jesse Molina
Windows override (Score:5, Insightful)
My question is this; if I have TCPA disabled in my BIOS, will Windows drivers abide by this? Or will they still be able to use aspects of the BIOS originally put in place for use by TCPA even though I have it shut off?
What plans are in place to keep a Windows driver from hijacking TCPA-related information for it's own purposes?
Who does TCPA envision the "Owner" to be? (Score:5, Interesting)
Second, will it be possible to completely reset the TPM to a non-owned state to allow used hardware to be sold "as new"? Or would the hardware refuse to allow a new owner?
Brian, please explain to us... (Score:3, Interesting)
Please explain to us why AMI's TCPA is a good thing for Linux.
Comment removed (Score:4, Informative)
Who signs? (Score:5, Interesting)
Most importantly, will a system admin be able to sign code as trusted (whether his or another coder's) for all machines in his control? By extension, will an individual be able to do the same for machine(s) under their control? Or will only Verisign, Thawte, etc. be trusted?