Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Discuss BIOS and Palladium Issues With an AMIBIOS Rep 455

After this Slashdot discussion about the relationship between BIOS biggie American Megatrends Inc. (AMI) and Palladium appeared, we got an email from AMI sales engineer (and former Linux.com contributor) Brian Richardson, who wrote, "I am a bit concerned that the information you provided misled your readers into thinking AMI was promoting Palladium or taking some sort of anti-open-source stance. This might be due to the fact that TCPA was mistakenly equated to Palladium, or questioning how Linux would run on a TCPA-enabled system ... or by the horde of angry Slashdot readers telling us they would never buy an AMI product because we were forcing standards on them." Brian offered himself up as (his words) a "Slashdot interview victim" to clear things up.(Update by RM: And, says Brian, he's happy to answer other BIOS questions as well.) So ask, already, and let's get things cleared up. (Usual Slashdot interview rules.)
This discussion has been archived. No new comments can be posted.

Discuss BIOS and Palladium Issues With an AMIBIOS Rep

Comments Filter:
  • I understand that there should be no problems running Linux systems on these new bioses but can you promise that there will be no nasty wordings that are likely to frighten off users who are trying Linux for the first time?
    • Net weight (Score:5, Insightful)

      by King of the World ( 212739 ) on Monday January 13, 2003 @01:58PM (#5074286) Journal
      Often people describe the control that Microsoft has over office file formats as one of massive legacy. They have the 90% of the office market and in practice it's impossible not to deal with the format.

      Palladium claims to have the freedom to choose whether you want to connect to another palladium machine. This freedom is at an individual level, in the same was I can choose to use Abiword.

      If Palladium achieves mass market how will my freedom not to use Palladium be possible? Will it be like having the Freedom to speak Esperanto?

      • Palladium is a set of Microsoft software capabilities that lets application programmers content providers have some control over what the operating system will do with their stuff and lets Microsoft provide some control over what you can do with your Microsoft-Operating-System environment. If it wants to avoid hackers working around its limitations, it also needs some hardware support, but you only get Palladium if you install the corresponding Windows versions, and you only care if you've got data files that are in Palladium formats, like whatever music/movies format MS can negotiate. If you're a Linux user, you're used to this problem; nothing to see here, you can move along.

        TCPA is a different issue - it's a set of BIOS features that will only let the machine start up if it's running a certified operating system configuration (which the hardware validates as unmodified), and a set of features that let an operating system and application programs check that the system is running in TCPA-approved mode (that's a bit similar to Palladium, but still fundamentally different), and a set of things that the system won't do if it's not running a certified system. Depending on which version of the spec and proposed followons you're reading and how aggressive the implementation is, there may be things that you'd like to do that you can't do on a non-certified system - like use the sound card, or maybe the _video_, or maybe it won't boot at all, or maybe it just won't let you load kernel modules, plus it obviously won't tell the software that you're running in Trust-Us mode if you're not.

        Obviously, an aggressive implementation won't fly for many Linux users, but it may still be usable by Linux _consumers_. The best case is somewhat like having a car with the hood welded shut and a security system that disables it if you mess around; you can paint it any color you'd like, and put whatever you want in the trunk, but you can't start the engine unless your seatbelt's on and you blow in the breathalyzer (which is hard to reach when you're wearing your seatbelt, of course), and if you take the radio out, the radio won't work and the car won't let you put a different radio in, so the RIAA knows you're not playing MP3-CDs in your car, but at least it isn't always tuned to MS-NBC, though if you're playing a non-RIAA-certified CD, it only plays on the tinny little mono speaker in the dashboard, not the four-way tunable woofers or the heads-up display system, and if you do tune to a different radio station, it only uses the right-hand speaker if Rush Limbaugh is on, and only uses the left-hand speakers if it's National Public Radio, and I'm sorry but you can't play Free Radio Berkeley [freeradio.org] at all...

  • by Sheetrock ( 152993 ) on Monday January 13, 2003 @12:06PM (#5073396) Homepage Journal
    Will Linux and other alternative operating systems continue to install and function properly on computers containing AMI BIOSes?
    • by jamie ( 78724 ) <jamie@slashdot.org> on Monday January 13, 2003 @12:19PM (#5073512) Journal
      "Will Linux and other alternative operating systems continue to install and function properly on computers containing AMI BIOSes?"

      In answering this question, I would ask that our interview victim clarify whether there are any circumstances under which "alternative operating systems" would need to be cryptographically signed by an authority in order to boot, and if so, who is that authority?

      As Ross Anderson pointed out last year [cryptome.org],

      Now here's another aspect of TCPA. You can use it to defeat the GPL.

      During my investigations into TCPA, I learned that HP has started a development program to produce a TCPA-compliant version of GNU/linux. I couldn't figure out how they planned to make money out of this. On Thursday, at the Open Source Software Economics conference, I figured out how they might.

      Making a TCPA-compliant version of GNU/linux (or Apache, or whatever) will mean tidying up the code and removing whatever features conflict with the TCPA security policy. The company will then submit the pruned code to an evaluator, together with a mass of documentation for the work that's been done, including a whole lot of analyses showing, for example, that you can't get root by a buffer overflow.

      The business model, I believe, is this. HP will not dispute that the resulting `pruned code' is covered by the GPL. You will be able to download it, compile it, check it against the binary, and do what you like with it. However, to make it into TCPA-linux, to run it on a TCPA-enabled machine in privileged mode, you need more than the code. You need a valid signature on the binary, plus a cert to use the TCPA PKI. That will cost you money (if not at first, then eventually).

      Anyone will be free to make modifications to the pruned code, but in the absence of a signature the resulting O/S won't enable users to access TCPA features. It will of course be open to competitors to try to re-do the evaluation effort for enhanced versions of the pruned code, but that will cost money; six figures at least. There will likely be little motive for commercial competitors to do it, as HP will have the first mover advantages and will be able to undercut them on price. There will also be little incentive for philanthropists to do it, as the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free.

      • You can use it to defeat the GPL.

        Oh, for crying out loud.

        The GPL was not, ever, ever, ever, meant to make it so buying software wasn't worthwhile. In fact, the situation outlined in the parent post is _an ideal business model_ for GPL'd software.

        You keep all of the rights the GPL was designed to preserve (distributing and re-working code you buy), and there's still something worthwhile for buying the software.
        • by ComputerSlicer23 ( 516509 ) on Monday January 13, 2003 @01:15PM (#5073910)
          No it's not about being free as in beer, however the GPL is supposed to give me code I can go tinker with, and change, and make it to my liking. Do bug fixes, and enhancements. Possible add bugs of my one. Having the one true binary that's signed kinda defeats the purpose. If I can't self sign the thing, then having the GPL'ed code is no good until I can get it signed.

          Unless the BIOS has a provision of the owner of the machine to add keys to accept as legitimate signatures or disable the signature checking, having software I can change is no good. Unless there's some way for the end user to say, look I own the machine, and I'm technically competent to verify the software I trust, let me run it the source code is relatively useless.

          If that mean's there's a dongle, switch or jumper that has to set up correctly, that's fine by me. Then RedHat and other major distributors can get there kernels certified and signed, and all of the other binaries out there. Then the masses can get trusted computing, and I can certify my own stuff as trusted.


  • TCPA and the future (Score:4, Interesting)

    by program21 ( 469995 ) on Monday January 13, 2003 @12:07PM (#5073409) Homepage Journal
    Ok, so this is going to be a couple of questions, feel free to pick and choose.

    What sort of future do you see for TCPA? Do you see it as inevitable, or is it just a fad thing that will pass?

    Assuming it does catch on, what form do you see it taking? What we all fear (only signed apps will run, non-signed apps can't access system data/data from signed apps), or some lesser form?

  • by Alien54 ( 180860 ) on Monday January 13, 2003 @12:08PM (#5073414) Journal
    Okay. So what precisely are the differences between Palladium and your product, and what assurance do we have that it will not act as crippling ware for open source and other similar free (as in free speech) software endevors? Any thoughts on backward compatibility modes?
  • TCPA & Palladium (Score:5, Interesting)

    by ignipotentis ( 461249 ) on Monday January 13, 2003 @12:09PM (#5073420)
    Perhaps you can clarify the differences between the two (TCPA & Palladium). After reading up on both of them, i still find that they seem to be pretty much the same, just marketed differently.
    • Re:TCPA & Palladium (Score:2, Informative)

      by Anonymous Coward
      TCPA is a platform for trusted computing whereas Palladium is a software by MS that sits on top of TCPA.
      More here [cam.ac.uk]
  • by forged ( 206127 ) on Monday January 13, 2003 @12:09PM (#5073426) Homepage Journal
    Will it be possible to disable <insert DRM feature> on future motherboards which will implement DRM techniques ?
    • Erm. Restate/elaborate that as:

      Will it be possible to disable <insert DRM feature> with absolute transparancy to essentially all of the networked community and services on future motherboards which will implement DRM techniques ?

      Obviously, the answer is no, if "the networked community and services" are to include future trusted parties enabled. Therefore, AMI is fundamentally supporting Palladium, thus Microsoft, to dominate future web contents and infrastructure.

    • Well, two answers right? Either a flat NO, since turning it off could negate the usefullness of having it to being with.
      br. OR, yes, but anything that expects to have it on won't run. Which for many might be a reasonable alternative.
  • "Trusted" computer (Score:5, Insightful)

    by michael ( 4716 ) on Monday January 13, 2003 @12:09PM (#5073427) Homepage
    A few related questions:

    a) Isn't the goal of "trusted computing" to allow entities other than the owner of the computer to control what the owner does with his/her hardware? For example, "trusted computing" applied to music implies that the music publisher gains control over what the computer owner can do with the music data files. Isn't this the exact opposite of "trust" as that word is normally used - a trusted computer is one that can't be trusted by the computer's owner to perform the tasks asked of it, because other entities have veto power over the computer's actions?

    b) Companies like AMI have repeatedly claimed that they aren't part of Palladium. However, isn't it true that without AMI's trusted BIOS (and all the other components necessary to build a "trusted computer"), Palladium wouldn't work? Why does AMI think they shouldn't be held responsible for enabling Palladium and similar schemes?

    c) In what way does AMI benefit, financially or otherwise, from introducing a BIOS designed to make the computer it is installed in less useful to the purchaser of the computer? Please avoid saying that this is "optional"; AMI wouldn't create this BIOS if it wasn't intended to be used.

    d) What is a "sales engineer"? Is your job primarily public relations, or primarily engineering, or primarily product sales?
    • What is a "sales engineer"? Is your job primarily public relations, or primarily engineering, or primarily product sales?

      Basically a 'sales engineer' is a salesman with a technical background so that they can talk intelligently about the product without looking like a pointy haired manager. sometimes an ex-geek.

    • by Mitreya ( 579078 ) <mitreya@g[ ]l.com ['mai' in gap]> on Monday January 13, 2003 @12:35PM (#5073646)
      Isn't this the exact opposite of "trust" as that word is normally used -

      And here is the explanation that must be quoted again and again until we all know it (quoted from http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html)

      24. So why is this called `Trusted Computing'? I don't see why I should trust it at all!

      It's almost an in-joke. In the US Department of Defense, a `trusted system or component' is defined as `one which can break the security policy'. This might seem counter-intuitive at first, but just stop to think about it. The mail guard or firewall that stands between a Secret and a Top Secret system can - if it fails - break the security policy that mail should only ever flow from Secret to Top Secret, but never in the other direction. It is therefore trusted to enforce the information flow policy.

      Or take a civilian example: suppose you trust your doctor to keep your medical records private. This means that he has access to your records, so he could leak them to the press if he were careless or malicious. You don't trust me to keep your medical records, because I don't have them; regardless of whether I like you or hate you, I can't do anything to affect your policy that your medical records should be confidential. Your doctor can, though; and the fact that he is in a position to harm you is really what is meant (at a system level) when you say that you trust him. You may have a warm feeling about him, or you may just have to trust him because he is the only doctor on the island where you live; no matter, the DoD definition strips away these fuzzy, emotional aspects of `trust' (that can confuse people).

      Remember during the late 1990s, as people debated government control over cryptography, Al Gore proposed a `Trusted Third Party' - a service that would keep a copy of your decryption key safe, just in case you (or the FBI, or the NSA) ever needed it. The name was derided as the sort of marketing exercise that saw the Russian colony of East Germany called a `Democratic Republic'. But it really does chime with DoD thinking. A Trusted Third Party is a third party that can break your security policy.

      25. So a `Trusted Computer' is one that can break my security?

      Now you've got it.

      • by radish ( 98371 ) on Monday January 13, 2003 @12:57PM (#5073773) Homepage
        But surely that means we already have Trusted Computing? Windows (and other software) has shown itself to be vulnerable to many attacks which would breach my personal security (e.g. by mailing out my private documents to random people). Seeing as my machine is capable of breaching my security, that means it's trusted. Windows is already Trusted, Linux is Trusted, IIS is very Trusted ;)

        • Something is trusted when it is put in a position where if it screws up, bad can things happen.

          Something is trustworthy when it is thought to not be likely to screw up when it is trusted to do something.

          So, when you put up your organization's website on an unpatched IIS server, that computer is trusted to serve that set of pages and not all the pages to be changed by anybody other than those people trusted enough to be authorized to do so.

          However, since an unpatched IIS server has security holes that allow for the site to be either taken offline, or replaced with an undesired site, that unpatched IIS server is not trustworthy... which means it's not a good idea to put an unpatched IIS server in a trusted position. If you do, it's very possible the unpatched IIS server might fail to live up to its responsiblites, causing the bad things you didn't want to happen.

          Likewise, any of the trusted people might go crazy and decide to use their password to walk right in the front door and tear the site apart. This is why its important that you select trustworthy people, and as few people as possible, to hold that password.
  • microsoft OS spin (Score:5, Insightful)

    by ywwg ( 20925 ) on Monday January 13, 2003 @12:10PM (#5073435) Homepage
    currently if you try to install vendor drivers on windows, the OS tells you things like "are you sure you want to use these untested third-party drivers, which will no doubt ruin your computer because you're a bad boy for not using windows." Can you assure us that linux, bsd, and all other "alternative" operating systems will be treated as _equals_ of microsoft products? Can you assure us that there will be no preferential treatment for any os, and that there won't be any "are you really sure?" messages?
  • Licensing (Score:5, Interesting)

    by Arc04 ( 601196 ) on Monday January 13, 2003 @12:11PM (#5073440)
    Will OS manufacturers have to pay to get an "unlock code" that allows them to run their OS on the BIOS.

    That would be terrible as it would kill many under funded open source OSes that aren't as big as the Linux big players.

    • Re:Licensing (Score:5, Interesting)

      by Windcatcher ( 566458 ) on Monday January 13, 2003 @02:10PM (#5074411)
      Here's a better one: will software vendors (either open-source or not) have to pay a license fee to be able to decrypt data files from competing products? What if you want to move your documents from Windows+MSOffice to Linux+StarOffice? Surely Office would use TCPA to encrypt the files.

      Gasp! MS would never do something as low as that!
  • Interview??? (Score:2, Interesting)

    by wonkamaster ( 599507 )
    I suppose that I like reading Slashdot interviews as much as the next person, but I must ask myself "Why?" Wouldn't it be simpler to just post corrections to what was he considers misleading and/or post AMI's offical stance on Palladium?
  • by the-banker ( 169258 ) on Monday January 13, 2003 @12:11PM (#5073446)
    Is it (will it be) possible to use TCPA to effectively lock-out certain operating evironments from various services (software, media, etc) solely because the operating environment is not backed by a company, and has no mechanism for paying certification fees and licenses? Specifically, could TCPA be used against free OS's like Free/Open/netBSD and Linux to prevent those users from accessing the same content users of commercial OS's can?
    • I might be misunderstanding the issue, but... isn't this lock-out the purpose of TCPA?
      Let me rephrase my question: provided that TCPA does not discriminate against any services, and does not distinguish between those that own some paid licences and those that don't... what ELSE can it be used for?
  • by ryanr ( 30917 ) <ryan@thievco.com> on Monday January 13, 2003 @12:11PM (#5073447) Homepage Journal
    I actually think this feature could be useful, if done "right". Along the lines of my idea of right... will I be able to, say, install my own set of public keys in the BIOS so that I can have a system that will only boot the software that I have signed?
    • If applied across all executables and scripts.

      Especially if it could be fine grained down to a per user basis. i.e. a system wide policy of who can run what.

      Then you could have root to be only available in single user mode.

      Stick that up your rootkit.

      hmm it's starting to sound like plan9

  • by Noryungi ( 70322 ) on Monday January 13, 2003 @12:12PM (#5073451) Homepage Journal
    As the title says:

    Do you think Palladium is a good thing? Whether your answer is "yes" or "no", please explain.

    Knowing that Palladium is a Microsoft Technology, do you think AMI is making a smart move by adopting it? Again, please explain your position.

    Are you afraid that Microsoft may use its position to control, not just 90% of the software used on PC, but also the overall architecture of modern machines?

    Many thanks in advance.
  • General TC question (Score:5, Interesting)

    by j3110 ( 193209 ) <samterrell@gm a i l . c om> on Monday January 13, 2003 @12:13PM (#5073460) Homepage
    I actually like the concept of trusted computing quite a bit. So long as the user selects which code will be trusted, it has great potential for good. My question is, from your position, do you foresee trusted computing being more like web-browser applet signing applied in hardware (where the user can add and remove trust for certain companies) or more like the media industries idea (where the OS/hardware manufacturers select which code is trusted under penalty of DMCA)?
    • by Mitreya ( 579078 )
      I actually like the concept of trusted computing quite a bit.

      You clearly don't understand the use of word "trusted" here. read this [cam.ac.uk]. If you want to make it short, start from question #24.

      So long as the user selects which code will be trusted, it has great potential for good.

      We already have code signing and confirmation before installs. The problem is that users trust the WRONG programs. Either this will increase the number of "are you sure you want this" (not removing the problem of people making mistakes). Or, more likely, the selection of which code to trust will be relegated to BIOS/MS/etc... that would also be bad...

  • by inerte ( 452992 ) on Monday January 13, 2003 @12:13PM (#5073466) Homepage Journal
    But does your company have any plans to implement a "security measure" similar to Palladium?

    And what if Microsoft releases a software that needs it, won't AMI need to adopt it so it can run the "DRM features"?

    How will Linux, or any other "non-trusted" software run on your hardware?
  • Acronyms (Score:2, Funny)

    by Anonymous Coward
    Do you have any funny acronyms for AMIBIOS?

  • Are you going to release the source? Will the BIOS be auditable? Will the BIOS code contain some sort of monitoring code? Will the BIOS contain spyware? All of these questions are important... and how will we be able to confirm your answers to them?

    Can we really take the word of a conglomerate? Will you be able to ensure that what you are saying is accurate?

    Modern conglomerates usually misrepresent their products if they think it will generate more customers. How can we be sure that you wouldn't be doing this to us?
    • Will the BIOS code contain some sort of monitoring code?

      Only to catch terrorists...

      Will the BIOS contain spyware?

      Never! It will contain some select offers from our partners and collect some information to customize and improve your booting experience

      Can we really take the word of a conglomerate?
      Will you be able to ensure that what you are saying is accurate?

      Our EULA will take care of that.

      Modern conglomerates usually misrepresent their products if they think it will generate more customers. How can we be sure that you wouldn't be doing this to us?

      As the courts become less and less of a threat for a corporation (and already a 0-threat to a corporation from an individual). There is NO way to be sure. Unless all the non-entry level employees in the company will be made to sign all these statements...

  • by Lord_Slepnir ( 585350 ) on Monday January 13, 2003 @12:15PM (#5073477) Journal
    How many hours will it take after the first Palladium boards hit the market for someone to crack it and have linux running on it? Should I have put an 's' onto hours?
  • Lockout (Score:5, Interesting)

    by rtkluttz ( 244325 ) on Monday January 13, 2003 @12:17PM (#5073494) Homepage
    Be truthful. Is there even the slightest chance that someone other than me will be able to say what will run (or more importtantly will NOT run) on a PC that contains this technology? I'm not talking about purchased software that locks me out directly in one way or another due to licensing issues. But can this technology be used to stop me from exercising fair use rights if I decide to get around those blocks in purchased software? Or will they hinder me from writing my own code to do what I want, or downloading and compiling/running someone elses code?
    If ANY of these CAN be a side effect of this technology, it is bad. There are stumbling blocks, of course, but no one will have ultimate say over what does or does not run on my own computer.

  • Advantage (Score:5, Insightful)

    by TedCheshireAcad ( 311748 ) <ted@fc.rit . e du> on Monday January 13, 2003 @12:18PM (#5073500) Homepage
    What is the advantage to me, a Linux using consumer, to buying your product over those of your competitors?
  • Isn't AMI afraid of many many people boycotting any products of TCPA-friendly vendors? In the near future, "voting with their money" will be the only chance for millions of PC users to fight against TCPA.
  • Refunds/Opt-outs (Score:4, Interesting)

    by ninewands ( 105734 ) on Monday January 13, 2003 @12:19PM (#5073511)
    Given the existence of The LinuxBIOS Project [lanl.gov] and the fact that the Linux kernel does not require a ROM-BIOS once the kernel is up and running, what will be AMI's position on refunds if a significant fraction of the Linux userbase starts installing LinuxBIOS and returning the BIOS chips. Will AMI make the refund, or will they give us the runaround that Microsoft and the hardware OEMs did on the question of Windows refunds?
    • Wouldn't the BIOS be considered a more fundamental part of the hardware. EG, if you don't need your floppy, you wouldn't expect Teac to give you a refund if you removed it from your computer and mailed it back to them? That and unlike a copy of an OS, how much is the BIOS as a factor of cost on a machine, would it even be worth the effort to get this refund even if it were offered?
    • by Ageless ( 10680 ) on Monday January 13, 2003 @12:51PM (#5073736) Homepage
      Okay, now hear this! In the "Real World" you can't randomly pull things apart and ask for a refund. Computers are not different than other products. If I buy a box of tissues and only use half of them I can't return the other half for a refund.
      If I buy a phone that has a caller id function but I don't subscribe to the service I can't pull the LCD and pry the caller id chips out and ask for a refund.

      Damn, read the shit you type before submitting it and try to remember exactly when it was that you lost all semblence of sanity.
  • by cca93014 ( 466820 ) on Monday January 13, 2003 @12:20PM (#5073517) Homepage
    How do you sleep at night?

    No, I have not RTFA, I'm just taking the piss, ok?

  • by naarok ( 102579 ) on Monday January 13, 2003 @12:20PM (#5073520) Homepage
    Will TCPA compliant machines make it more difficult for a user to updgrade CPUs or change computers? Do you see users having to re-confirm their identity with external sources because the identity of their computer has changed? (I know this already happens, I just see it becoming more pervasive in the future and am afraid more software vendors will begin to license by specific computer).
  • Performance hit (Score:5, Interesting)

    by oliverthered ( 187439 ) <oliverthered@nOSPam.hotmail.com> on Monday January 13, 2003 @12:21PM (#5073529) Journal
    I assume that data pathways with be signable or encripted in some way. What performance hit will the [operating system] take when using trusted system? e.g. How much extra data is added to form a signiture, what methods are used for signing. and how will this benifit the end-user.

  • by CodeShark ( 17400 ) <ellsworthpc@yahoo. c o m> on Monday January 13, 2003 @12:22PM (#5073532) Homepage
    How would AMI respond to pressures from companies such as Microsoft, Intel, Sun, or to the combined companies in the MPAA or RIAA if those companies insisted that AMI only release "DRM compliant" BIOS chips, etc.

    Would AMI disclose that such pressures were being placed on them, or would this type of fact be kept hidden from consumer groups or individuals, etc. until it was too late for us to effectively respond?

  • Options? (Score:4, Interesting)

    by ncc189 ( 8613 ) on Monday January 13, 2003 @12:22PM (#5073536)
    Will AMI (and the TCPA) allow owners of these "trusted" computers to turn off or disable the features that are being discussed? Will we as users of our hardware be able to control what features are on and what features are not, or will these choices be up to Microsoft and its partners(TCPA)? How is AMI addressing these issues of choice and control?
  • by Sloppy ( 14984 ) on Monday January 13, 2003 @12:23PM (#5073541) Homepage Journal
    AMI rep, the reason I think some people view your company with suspicion, is that we think it is unlikely that an AMI customer has asked for TCPA's "features." I suspect that anyone who is cooperating with that effort, is somehow being influenced by forces other than traditional market forces.

    So maybe you can set me straight: do you think your customers want TCPA? If so, why? Who are these customers? If this a case where customers are not the same as users?

  • Software. (Score:3, Interesting)

    by 13Echo ( 209846 ) on Monday January 13, 2003 @12:23PM (#5073544) Homepage Journal
    Do you intend to require some sort of a per-operating system licensing fee to operating system companies, in order to profit on the inclusion of these "features"? E.g. Will Microsoft be giving you royalty payments for each machine that includes this AMI BIOS and gets their OS installed with these supported "features"? What position does this put your company into in terms of trying to also force open source OS companies (like RedHat) into paying these licenses?
  • A question. (Score:4, Interesting)

    by DAldredge ( 2353 ) <SlashdotEmail@GMail.Com> on Monday January 13, 2003 @12:23PM (#5073546) Journal
    Will you be able to tell the truth in your answers or will your answers have to be 'cleaned up' by the AMI PR dept first?
    • An answer. (Score:4, Funny)

      by Anonymous Brave Guy ( 457657 ) on Monday January 13, 2003 @02:16PM (#5074461)

      Of course. All my answers will be the [...] truth. No editorial input will be applied [unless deemed strictly necessary to guarantee appropriate standards of presentation -- Ed] between the time that [I] write the article and the time that [I] send it to [its recipient]. The PR guys promised. [No, we didn't.]

      Come on, who're you kiddin'? Any reply from this guy, or anyone else writing on a subject so obviously controvserial, is going to be screened seventeen times over by PR weenies before it gets out into the wild.

  • by aridhol ( 112307 ) <ka_lac@hotmail.com> on Monday January 13, 2003 @12:26PM (#5073572) Homepage Journal
    I see many people worried about Linux not working with Trusted Computing. What I'm wondering is if other operating systems will work. It has often been the case that something will come out for Windows, then get ported to Linux because they are the most visible minority group.

    One of the operating systems I use is FreeBSD. Will that still be usable, or will it be forced to deal with substandard or non-existant drivers (think NVidia until recently). I also use QNX. Will that work? How about a new OS that will be created sometime in the future?

  • (not intended as an interview question, more as a comment in the form of a rhetorical question)
    • A engineer who happens to be a smooth talker.
    • A friend of mine is a sales engineer. He got his BS in EE and went on to get his MBA. He has all the training and intelligence of an engineer and all the weasel-speak training of a salesman :)

      No, seriously, they are people who are brought in to sell things that your average car salesman who got his undergrad degree in sales&marketing would not be able to understand, let alone sell. Plus they tend to make a butt load of money to boot.

  • by Doug Neal ( 195160 ) on Monday January 13, 2003 @12:28PM (#5073592)
    ... is, who is doing the "trusting"? In Microsoft's vision of it it certainly isn't the end user, it's them. Or other copyright owners.

    TCPA is fundamentally a sound technological concept, but wide open for abuse. If it could be used for the user's benefit to prevent against viruses etc, then that's great.

    What I'm saying is that the owner of the computer should be able to override the trust relationships - assert that the code is trusted (by them). The owner of the computer should have the ultimate veto. After all, it is theirs. Does AMI's plans for a TCPA implementation have this in mind?
  • by josepha48 ( 13953 ) on Monday January 13, 2003 @12:29PM (#5073601) Journal
    How will I be affected by TCPA? I run several machines at home some running NetBSD, FreeBSD, Linux, and Windows. I generally build my machines, unless they are given to me by my employer (or its a laptop), and even then I reinstall the OS or install my own OS of choice. (Whatever I'm in the mood to run at time of install or what works). If I buy a new Motherboard from AMI with TCPA will I stil be able to do this? Will I have to do special tricks to get this done or will it be just like it is now?
  • by codepunk ( 167897 ) on Monday January 13, 2003 @12:29PM (#5073604)
    So really what makes you think myself as a customer want's even anything close to that on one of my motherboards?. The possibility of future misuse is to great for me to even consider it. I can tell you as both a corporate and private customer that it is not wanted in any shape or form. The mere mention of supporting it frankly makes my skin crawl with disgust. If this is how you choose to release your products I choose not to participate with my dollars.
  • by Anonymous Coward on Monday January 13, 2003 @12:30PM (#5073609)
    Can you address why you think it is that the open source community has taken Palladium as _such_ a scary proposition?

    Then, building on the above answer, can you explain why the open source community has only yelled and screamed about how evil Palladium is, rather the doing what they preach others should do? (Which is, of course, create an open source, trusted architecture (i.e.: TCPA) which protects/promotes consumer rights over and above the rights of corporate media groups.)

    Or (if the above is not possible) can you at least explain why building an open source TCPA structure is not possible?
  • by LostCluster ( 625375 ) on Monday January 13, 2003 @12:31PM (#5073615)
    No matter how many DRM technologies AMIBIOS does adopt, can you promise that AMIBIOS will continue to offer DRM-free BIOS products?
  • Two versions (Score:2, Interesting)

    by AlgUSF ( 238240 )
    Why can't we have two versions of the BIOS?

    K901 (Trusted Computing enabled)
    K901B (Trusted Computing disabled)

    And enable users to crossship the chips if they want a different version...
  • Missing Idea (Score:5, Interesting)

    by GreatOgre ( 75402 ) on Monday January 13, 2003 @12:32PM (#5073625)
    I think the idea that most of us our missing is this. Most PC users buy their computers from Dell, Gateway, or some other big vendor. These vendors will ultimately sell TCPA/Palladium enabled computers. So, the real question should be: In the future will those of us who build our own systems be able to escape the issue of having TCPA/Palladium on our systems courtesy of the big players?
  • Hardware vendors (Score:5, Interesting)

    by cybermace5 ( 446439 ) <g.ryan@macetech.com> on Monday January 13, 2003 @12:35PM (#5073638) Homepage Journal
    Since a BIOS is only part of a motherboard: what steps will hardware vendors have to take, in order to incorporate your BIOS? Will they have to adhere to certain hardware design rules or controls in order to maintain the TCPA? Is there going to be a licensing procedure for hardware manufacturers?
  • by defile ( 1059 ) on Monday January 13, 2003 @12:35PM (#5073641) Homepage Journal

    As we all know, technology can be used for the purposes of both good and evil. Here are things that I consider good about where TCPA is going, along with the evil.


    • Users can protect their computers from viruses or other unapproved malware.


    • The BIOS can be feasibly configured to only boot only "approved" code.
    • By extension, "approved" code means that the Operating System must be a fresh, "blessed" install from a certain large proprietary software vendor.
    • Developing this further, this means that this certain large proprietary software vendor's OS can cease to function if any unapproved modifications are made to the system.
    • This gives the vendors, and anyone they do business with, incredible control over our PCs and the user is incapable of doing a damn thing about it unless they violate the DMCA and face criminal prosecution.

    There are many advantages for the hardware/software/content vendors if this is realized, but few of them seem consumer driven: the erosion of fair use, the control of speech, taking a cut of every e-commerce transation, eliminating standards and competition.

    Undoubtedly, your shareholders will push you to cooperate with the software/content vendors because it means big money for them and anyone who plays ball, but for us, it means we lose a lot. PR will say that it stops pirates from raising music/movie prices, and that it means ISVs can produce software that can't be warezed, no more cheating in online games, no more child porn, ad infinitum, and it's all for our own good.

    Unfortunately, the potential for abuse is extraordinary, and the last thing I want to see is more of my friends being locked up because they do something with their computers that some company doesn't agree with. And right now it looks like AMI wants just that to happen.

    Yes, right now your BIOS may offer choice, but hardware vendors seem committed to building an infrastructure that one day can make it very easy to eliminate this choice.

    Please explain why we do want TCPA, why we should support your company, and how we can be assured that our colleagues don't go to jail just for believing they still control systems they bought. Also, please explain why the system we have now is so inadequete.

    Thank you.

  • by Malor ( 3658 ) on Monday January 13, 2003 @12:36PM (#5073647) Journal
    If I understood the prior articles correctly, TCPA should provide a basic keystore, an authentication mechanism, and enough checking to insure that the boot sector is signed.

    If I want to install a new boot sector, do I generate my own key, install that, and self-sign the boot code? Or do the LILO or GRUB teams have to get a key issued and then sign things themselves?

    Who has ultimate control over the keys? CAN I install my own, or is it centralized somewhere? Who does TCPA *ultimately* trust? How can I be *certain* that it doesn't trust anyone I don't want it to? If I screw up and lose my key, how I recover access to the system?

    I assume there must be some master, uneraseable keys in TCPA; I just can't imagine that you'd ship it without implicitly trusting Microsoft, and I distrust Microsoft very much. And if there are recovery keys in there, do I have to ship my machine away to some lab to replace a lost key, or can I do it myself? And if there IS a master, unerasable key available for recovery purposes, why can't virus writers just sign their code with that key instead?

    • If I understood the prior articles correctly, TCPA should provide ... enough checking to insure that the boot sector is signed.

      I'm amazed at how common this meme has become despite the fact that it is completely false. TCPA in no way dicates what code can run on the machine. The "security" it offers works in pretty much the reverse fashion. The TCPA BIOS hashes the bootloader and saves that hash in a secure place. That allows the bootloader to verify that it really did run first. The bootloader can then hash some portion of the OS, and then load and execute it. The OS can then verify that the boot process really was TCPA-BIOS->Correct bootloader->Unmodified OS. And more importantly, the OS can have the BIOS give it a cryptographic "proof" of this fact to hand to other programs or web sites.

      What does this mean for Linux? Probably nothing. Linux could make use of this functionality, but my guess is it probably won't. The fact is that unless your code actually bothers to check the TCPA state of the machine, it just doesn't matter.

      On the other hand, Palladium might make some things a little trickier. Since the bootloader is part of the TCPA chain of trust, it's highly unlikely that Palladium will be able to enter it's "secure" mode if you are using LILO or grub. So if you are somebody who actually dual-boots you will probably have to have an official Microsoft bootloader on /dev/hda and LILO or whatever on /dev/hda1 (for example) and have the Microsoft bootloader pass control to your Linux bootloader. Or just don't run Windows.

      Could Microsoft abuse this to try to prevent users from dual booting? Sure. But they could easily prevent people from dual booting today if they wanted to. It's just that it would be such a blatantly anti-competetive move that even Microsoft would have a hard time pulling it off. They could refuse to boot thru LILO. They could complain and offer to "fix" any non-FAT or NTFS partitions at every boot. They could use browser version strings to control access to updates on their web site and bring DMCA charges against browsers which circumvent that by pretending to be IE. TCPA doesn't really make it easier to Microsoft to screw with people who dual boot. It's already trivial today!
  • by mcelrath ( 8027 ) on Monday January 13, 2003 @12:47PM (#5073712) Homepage
    Having recently had a lot of trouble with my laptop's BIOS, on an issue that I could most certainly fix if I had access to the code... I started wondering what benefit AMI and other vendors have by keeping BIOS code secret? I can think of none whatsoever.

    An open-source TCPA BIOS might go a long way to alleviating the fears of the open source community, since we could see exactly what it is you're forcing on us. And hey, no doubt you'd get a few bug-fixing patches in return for your efforts.

    So, is an open-source BIOS a possibility? (TCPA or otherwise)

    -- Bob

  • OpenBIOS (Score:2, Interesting)

    by Anonymous Coward

    Here is s solution for those not wanting to give up theyre hardware control.
  • by LarsG ( 31008 ) on Monday January 13, 2003 @12:54PM (#5073756) Journal

    I sure would hate to be in your shoes right now. Putting yourself in front of a firing squad voluntarely takes guts.

    I sent an e-mail to marketing complaining about AMI supporting TCPA, and got the standard reply in return. My answer is below, and I am still waiting for a reply.

    Umbertina E. Vezzani wrote:

    Hello Laars,

    You can already find TCPA-enabled products on the market but they have a different BIOS.

    I am perfectly aware of that, and that is why I don't buy IBM laptops any more.

    The Security subsystem is intended for those users who want an extra security protection that is valid even outside the OS.

    The motherboard and system manufacturers will specify their system features, so I believe you will certainly be able to choose the features you want. I really don't think you will buy a motherboard with a hidden feature or "fritz".

    I am not afraid of hidden features. TCPA is merely the scaffolding which enables building "trusted applications"/"trusted clients". What I am afraid of, is how software vendors and the content industry will (ab)use TCPA.

    As for the reference to "fritz" - I think Ross Anderson went a little bit over the top in his critisism of TCPA. A much better overview of some of the technical problems with TCPA can be found here (I fully endorse Mr. Arbaugh's suggestions):
    http://www.cs.umd.edu/~waa/TCPA/TCP A-goodnbad.pdf

    TCPA is meant to answer to a demand of security from users, not something else.

    What demand exactly? TCPA doesn't solve any of the major security problems.

    TCPA only answers the question "has the basic components of this system been changed?", and makes it possible for 3rd parties to verify the state ("trustworthiness") of a system.

    The majority of security problems are on the OS or application level - macro/scripting vulnerabilities, virii, buffer overruns and similar. TCPA doesn't provide a solution for any of those. In fact, a software sandbox like Java or running certain applications in vmware virtual machines provides better protection against those real world problems.

    What exactly is TCPA supposed to solve? Don't give me some marketing fluff about "enhancing security for the user". I want cold, clear, technical examples of real world security problems that TCPA is supposed to solve.

    Also, which users are demanding TCPA? Users want protection against virii and similar, but TCPA doesn't solve those problems. Who are the end users that demand something like TCPA?

    I also believe that, if there is a solid foundation to the concerns for privacy people is expecting, the TCPA itself will improve its specification to address those concerns.

    So there is a real chance the next revision of the TCPA spec will include proper anonymous certificates a'la Chaum instead of the current "please trust the privacy CA" solution?

    It must be noted that AMI has not announced support for Palladium. Palladium is an initiative by an OS entity that is slated for the future.

    I know that. I also know that there is considerable disagreement going on between the Palladium and the TCPA proponents.

    To be honest, TCPA is a better specification than Palladium. However, TCPA does provide the scaffolding required for building "trusted systems" - i.e., that a 3rd party can control what is happening on my computer. TCPA is a Pandora's box - if abused, it could have a devastating effect on both innovation, privacy and consumer rights.

    Regarding the limitations of a system with TCPA I would offer the link below to the public specification for further information on compatibility with different OS's, and hardware. Based on that spec we can tell you that it does not limit the ability to run Linux (or any other open source solution).

    How is that supposed to make me feel good? I know that it is possible to disable (most of) TCPA. I know that my computer will continue to work even if the TCPA subsystem tell other computers out there that my computer has zero "trustworthiness".

    However, once digital commerce, streaming media and other online content start demanding TCPA enabled clients you are effectively a second rate citizen on the 'net and are locked out of a lot of content if TCPA is disabled on your computer.

    1) TCPA does not provide true anonymity (you have to trust the privacy CA).
    2) The scaffolding provided by TCPA can be abused by those who want to disable the Turing completeness of computers and instead turn them into locked down interactive content delivery platforms.
    3) The market effect will force people to use TCPA and TCPA enabled "trusted clients" even if they don't want to.
    4) TCPA is advertised as a security solution, but does not solve most of the real world security problems.

    With kind regards,
    Lars Gaarden
  • Platform owner (Score:5, Interesting)

    by briancnorton ( 586947 ) on Monday January 13, 2003 @12:56PM (#5073770) Homepage
    Since microsoft is kind of vague on details about Palladium, I will hit you with a TCPA question. In the TCPA FAQ, it states that "Platform Owners" will decide which software runs on their platform. Who exactly is a "Platform Owner" and does microsoft have a simmilar "feature in palladium"
  • by dpilot ( 134227 ) on Monday January 13, 2003 @01:02PM (#5073808) Homepage Journal
    This is it, in the fewest words. Others have danced around the question, but IMHO this is really it.

    I understand that if I want to play MPAA or RIAA content, I may need to have a DRM OS, probably Palladium, and it will need to be on a system with a TCPA BIOS.

    But what if I want to just boot Linux (or trusty old Win98SE) to program or play games?

    Will I be permitted to run an "untrusted" computer, or is it only a matter of time until the only new computer is a trusted computer that will only run a trusted OS?
  • by StevenMaurer ( 115071 ) on Monday January 13, 2003 @01:03PM (#5073817) Homepage
    I am a bit concerned that the information you provided misled your readers into thinking AMI was promoting Palladium or taking some sort of anti-open-source stance.

    It plainly is anti open-source.

    TPM has no benefit to end users. All it does is give Microsoft an argument to use with ISVs as to why they shouldn't develop products for open source platforms. They can say: "If you ever release your product for Linux, some people will disassemble it. But with our "trusted" OSes, you'll never have to worry about crackers, because we don't let our customers control their own machines".

    It's a powerful argument. There may even be a few ISVs stupid enough to fall for it. (Most ISVs don't go out of business from cracks, they die when Microsoft itself uses its monopoly power to sieze the market the ISV developed.)

    But it's all a moot point. Why shouldn't we be trying to nip this in the bud? Why shouldn't we be spreading the word to everyone we know that people who buy AMI will very soon have to accept whatever draconian "Clickthrough" is on the software package, giving up their legal rights for no consideration whatsoever?

    In short, why shouldn't we be trying to drive AMI out of business?

    Sounds like a plan to me.

  • by paranoic ( 126081 ) on Monday January 13, 2003 @01:22PM (#5073969)
    Just what problem is this trying to solve?
    Why can't my computer be trusted?
    Is this trying to fix a fundamental flaw in operating systems?
  • Real Questions (Score:5, Interesting)

    by Qzukk ( 229616 ) on Monday January 13, 2003 @01:22PM (#5073973) Journal
    1) What does it take (steps,costs including any IP licensing fees) to make OS Foo boot on a TCPA computer?

    2) What does it take (steps, costs including licensing fees) to make application Bar run on Foo? On any other OS?

    Ignoring rampant paranoia, these are the questions that will actually affect open source development. It comes down to how much will it cost for us to run our programs?
  • by Catiline ( 186878 ) <akrumbach@gmail.com> on Monday January 13, 2003 @01:40PM (#5074104) Homepage Journal
    I'm a hobbyist who builds his own computer, writes his own software, and (on rare occasions) will build hardware components (as in: with solder and chips). What assurance do I have that your "Trusted Computing" initiative won't interfere with my projects? Interference here is defined as reducing the operational capacities -- including networking features -- of the computer or reducing my ability to develop to my needs. In a way this is four separate questions: how software, Trusted vendor hardware, pre-Trust vendor hardware, and home-built hardware integrate into the "Trusted Computing" architecture.
  • I have been doing research on BIOS settings for many years, and I have found good articles on what the settings do, and how to tweak them for the best performance/stability mix. But, I would like to know if the BIOS manufacturer itself would be able to provide an in-depth manual of all the BIOS settings, and what exactly they do. All the manuals that come with motherboards are very short on explanations, and I would like to see someone within the company actually explain to us hardware enthusiasts the down 'n dirty, nitty gritty, dirt under the rug, needle in a haystack type of information that we could use to make our computers run the absolute best they can. Because, as we all know, optimizing software and firmware is a lot cheaper than upgrading parts.

  • by stinkydog ( 191778 ) <sd@stran[ ]og.net ['ged' in gap]> on Monday January 13, 2003 @01:48PM (#5074178) Homepage
    Will the next computer you personally buy implement these features?

    Who will you give access to your machine (Microsoft, RIAA, MPAA, Homeland Security)?

    When the thought police come to round up us 'Criminals' that will not give up our 'untrusted' systems will you be able to sleep at night?

  • by Kjella ( 173770 ) on Monday January 13, 2003 @02:07PM (#5074393) Homepage
    What I find most interesting is how Palladium is advertized as having features like letting content creators (e.g. a person sending you an e-mail) control what you can do with it (automatic deletion, no forwarding, no printing).

    However, we never get a say in this, we never agree to any such "contract". If your company is producing a product as part of a system designed to disempower me in favor of a machine, does it really surprise you that I don't like it?

    TCPA/Palladium has never been about how I, the end user can come in control of my machine, because I am already in total control (up to the limitations of my tools). TCPA can for me, at best, be a hardware version of a "sandbox", where I control what resources are availible to a given program. But such programs already exists in software and has no need for hardware backing.

    Many people have compared TCPA to being a program running in Ring -1 (Ring 0 being the OS kernel). The only thing it can control in addition to what the OS already can control, is what runs in Ring 0. So why do you need to control what runs in Ring 0? Answer me that.

    Because you can't trust me, isn't it?. Isn't that what it's all about? Having a trust chain that I can't break. So the content, and my machine can negoiate a deal, without me ever getting a say. So that they two can decide, regardsless of rights granted by law (like fair use and first sale), when, how, where and what I can see, hear, use and do. And you don't find that offensive?

  • The death of WINE (Score:3, Informative)

    by Windcatcher ( 566458 ) on Monday January 13, 2003 @02:20PM (#5074498)
    Here's an interesting scenario:

    - Office Palladium will require TCPA

    - Linux, as an untrusted OS, won't be able to provide Office Palladium proper authentication, and Office will refuse to run under WINE.

    - Windows users become reluctant to migrate to Linux since they can't run Office. (Believe it or not, Office is still the killer app for most folks).

    I'm telling ya, the Office division is behind this at least as much as the content industry.
  • by theLOUDroom ( 556455 ) on Monday January 13, 2003 @02:22PM (#5074519)
    My question is:
    Why is AMI doing this?

    Do they think people want their OS to be able to lock them out of certain parts of their machine?

    You see, I can't really see any application for TCPA / Palladium besides taking control away from the owner of a computer. Any of the other "security" features TCPA/Palladium provides can/have been easily implemented in software. The only application that requires BIOS/hardware level modifications, is one where you are trying to prevent the person who owns the computer from have full control over it.

    Lately I've been beginning to notice that some companies have internal conflicts of interest that cause them to do stupid things, which are not what consumers want. (Stupid because, they loose money because consumers go elsewhere to get hardware that isn't crippled and any piracy that was going to happen still happens anyways.)
    Sony, for example. Being both a hardware company and a media company, they seem to have an internal conflict of interest: To many RIAA/MPAA types CD/DVD burners are synonymous with piracy, this must lead to internal pressure on the hardware branch of the company to try and control what people can do with Sony hardware. Ex: It's rumored that Sony DVD burners can burn Xbox games but not PS2 games, Sony Discmans have often had sub-par CDR playing ability, Sony Minidisc recorders had an annoying copy protection flag that prevented you from making many digital copies of a minidisc.

    1. Does AMI have any such internal conflict of interest that is leading them to do this?
    2. Or is it pressure from outside sources, and who are those sources?
    3. Or does AMI think Joe-sixpack actually wants this?

    This whole thing reminds me very much of the whole CPUID debacle. CPU manufacturer X starts putting unique ID numbers inside their CPU. They claim it will allow increased security for web transactions blah, blah, blah. The problem was there was not good reason why your average computer user would want a unique unchangable serial number for his computer. There was a tremendous potential for violation user's privacy and no good reason why they needed it in the first place. Why? A unique id could be implemented in software. The only reason to have it in hardware is to prevent the owner of the computer from changing /disabling it.

    People didn't want them, and CPUIDs failed. Why does AMI think this is any different?
  • Multi-part question (Score:3, Interesting)

    by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Monday January 13, 2003 @02:23PM (#5074527) Homepage Journal
    Two parts. The one I'm really interested in seeing answered: I've noticed while disassembling PC BIOS that it all appears to be very old-school style code, for instance registers are cleared by XORing themselves. How much of that tendency is from legacy code from the days when that mattered, and how much of it is just programmers doing the right thing (tm)?

    Second part, and less important, what is the story with firewire booting? How hard is it to graft additional boot code onto a BIOS and present a device as a reasonable boot device to the rest of the BIOS?

  • by gatekeep ( 122108 ) on Monday January 13, 2003 @02:27PM (#5074558)
    Now, I've been here a while, so when phrases like 'Usual interview rules apply' are tossed around, I understand the meaning.

    But it occurs to me, there's probably many who don't. Why not have a page outlining the usual interview rules, and link to it when saying something like that?
  • Buggy BIOS Syndrome (Score:3, Interesting)

    by EricFenderson ( 64220 ) on Monday January 13, 2003 @02:30PM (#5074579)

    I've often wondered why BIOSes are so buggy. After I started lurking on the linux-kernel mailing list, I was quickly amazed by how broken most BIOSes seem to be. Sometimes it's subtle, sometimes it's not.

    I have no doubt that developing BIOS code is really freakin hard. It seems like it'd be lots of black magic. Given this though, how much needs to change between releases of a BIOS (modulo new features like LBA-48)? Why do kernel developers constantly need to worry about working around the same bugs? What is it about power management that makes it especially problematic?

    Like I said - I really do understand it's gotta be insanely difficult. But it also seems like it hasn't improved much over the course of the x86 PC.

  • by MissMyNewton ( 521420 ) on Monday January 13, 2003 @02:57PM (#5074841)
    A user's rights?


    A "content provider's" rights?

    Please don't bother answering if you're going to waffle.

  • by Windcatcher ( 566458 ) on Monday January 13, 2003 @02:57PM (#5074843)
    You've said that AMI has nothing to do with Palladium. Of course, that's true. One is a BIOS, and the other is an operating system made by another company. I have no issue with that.

    However, we ALL know that Palladium will run in TCPA trusted mode, and TCPA functions will be active.

    So here's the question (ahem):


    - I, as a Linux user, want to BUY the next version of Microsoft Office(tm) and run it on my Linux box under WINE, and:

    - said version of Office requires that it be run on a trusted platform (i.e. it requires TCPA authentication),


    I'm sure you think this is a loaded question. It is, and it isn't. It is in the sense that I suspect what the answer will be, but I want to hear you answer it. It isn't, in the sense that this is a very serious issue and has enormous ramifications for the entire industry. You see, I think that TCPA+Palladium are really schemes for killing Linux by denying it the ability to run Microsoft applications. To that end, I don't consider you accomplices, but perhaps dupes. I ask you the above question in all seriousness, and I challenge you to prove me wrong.
  • by lanner ( 107308 ) on Monday January 13, 2003 @03:05PM (#5074935)

    Dear AMI BIOS Developer

    At first, I was going to ask you about how you have cooperated, if at all, with the Linux BIOS project. After all, you often have historically cooperated with Microsoft and Novell. What are you doing to help Linux?

    But then it occurred to me, if Linux BIOS was successful, it would put AMI out of the BIOS software development business. Linux BIOS is a competitor of AMI.

    What is your personal perspective about Linux BIOS, and what does AMI think about it?

    Thank you

    The LinuxBIOS Home Page

    Slashdot | Linux BIOS
    http://slashdot.org/articles/00/06/14/211020 9.shtm l

    # Jesse Molina

  • Windows override (Score:5, Insightful)

    by Forkenhoppen ( 16574 ) on Monday January 13, 2003 @03:08PM (#5074970)
    I have a question; on previous occassions on VIA hardware I've owned, I've noticed that occasionally, Windows will enable a feature even though I have turned it off in the BIOS.

    My question is this; if I have TCPA disabled in my BIOS, will Windows drivers abide by this? Or will they still be able to use aspects of the BIOS originally put in place for use by TCPA even though I have it shut off?

    What plans are in place to keep a Windows driver from hijacking TCPA-related information for it's own purposes?
  • by BeBoxer ( 14448 ) on Monday January 13, 2003 @03:22PM (#5075088)
    The TCPA standard talks a lot about the "Owner" of the system, and how the "Owner" can initialize a new system so that it will begin generating keys and such using a password set up during the "ownership" process (See Section 2.6 of the Standard). My question is: who would the "Owner" of a system normally be in plain english? The actual end-user (or their administrator)? Or would the TPM get "owned" by the hardware vendor (Dell, HP, etc.) Or the OS vendor? Or the motherboard manufacturer?

    Second, will it be possible to completely reset the TPM to a non-owned state to allow used hardware to be sold "as new"? Or would the hardware refuse to allow a new owner?
  • by bani ( 467531 ) on Monday January 13, 2003 @03:55PM (#5075311)
    ...exactly why AMI's TCPA cannot be abused by corporations to harm/lock out Open source.

    Please explain to us why AMI's TCPA is a good thing for Linux.
  • by E1ven ( 50485 ) <e1ven.e1ven@com> on Monday January 13, 2003 @04:17PM (#5075513) Homepage
    One of the most interesting posts I've seen regarding this subject was found at Microsoft.com [microsoft.com]

    I'd love to hear how you'd address some of the points he brings up in the article.

    In case the site goes down, or is changed, I've mirrored it at sq7.org/media/ms.html [sq7.org]

  • Who signs? (Score:5, Interesting)

    by shyster ( 245228 ) <brackett.ufl@edu> on Monday January 13, 2003 @05:58PM (#5076359) Homepage
    Who will be the "trusted" signers of this code? What hoops (and dollars) must be jumped through?

    Most importantly, will a system admin be able to sign code as trusted (whether his or another coder's) for all machines in his control? By extension, will an individual be able to do the same for machine(s) under their control? Or will only Verisign, Thawte, etc. be trusted?

"Joy is wealth and love is the legal tender of the soul." -- Robert G. Ingersoll