[ltp] TCPA on Thinkpads
Pam Huntley
linux-thinkpad@linux-thinkpad.org
Wed, 19 Mar 2003 20:22:22 -0500
>2)TPCA - this is the hardware which would enforce a "secure boot" of a
>"trusted" (Stallman says "treacherous") computing environment. It
>requires (1). This is bad. It would deny the owner the right to own
>their machine! The problem isn't actually the "secure" hardware itself,
>but the fact that the machine owner would have no way to turn it off to
>run unsigned code, or that, if they did, they wouldn't then be able to
>access documents,media,...banking,web content(?) which required a key to
>decode it.
I think this bit isn't technically correct. IBM's embedded security chip
actually IS TCPA compliant. This "secure boot" stuff is just storing the
BIOS passwords, and some kind of hash of the BIOS/CMOS settings in the chip
so that you can tell if the BIOS/CMOS has been modified. At least on the
IBM hardware, it doesn't actually stop the boot, just gives you error
messages, or reverts to default settings, if, by some odd happenstance your
CMOS has been messed with w/out going through the IBM setup utility and
regenerating the hash. AND, you can turn it off in the BIOS. You might
even be able to turn it off with software (like ThinkPad Configuration
Utilities or ps2.exe), but I haven't checked that.
It's more to make things like online banking more secure, by generating
good private keys and storing them where malicious code can't get at them.
I'm right in line with with your opinions about DRM and DMCA, I think it
just sucks. But I don't think that the TCPA chip is going to make that
situation any better or worse, it's just one tool among many, that can be
used for good or bad.
And it's legislation that's the key to preserving our freedoms.
http://www.eff.org/.
And of course, the above opinions are just my opinions and have nothing to
to with IBM, IBM's policies or viewpoints, etc.
Pam
|---------+--------------------------------------->
| | Richard Neill |
| | <rn214@hermes.cam.ac.uk> |
| | Sent by: |
| | linux-thinkpad-admin@linux-t|
| | hinkpad.org |
| | |
| | |
| | 03/19/2003 07:53 PM |
| | Please respond to |
| | linux-thinkpad |
| | |
|---------+--------------------------------------->
>-----------------------------------------------------------------------------------------------------------|
| |
| To: linux-thinkpad@linux-thinkpad.org |
| cc: |
| Subject: Re: [ltp] TCPA on Thinkpads |
| |
>-----------------------------------------------------------------------------------------------------------|
I hope that the following is of use. Please don't consider it flamebait.
I believe I am stating this all correctly, but please do correct me if I
am wrong.
There are 3 totally different issues here. Sadly, they get intermingled.
Here's my summary, as I understand it. Each layer sits on the ones below
it.
1)Embedded crypto. This is what IBM embed. Mainly useful for proper
encryption, rather like Pretty Good privacy. Also useful if your laptop
gets stolen! It does some things in hardware. Eg random number
generation is *very* hard to do really well in software. Although it's
necessary for (2), it has a wide number of uses, and many of these are
good.
2)TPCA - this is the hardware which would enforce a "secure boot" of a
"trusted" (Stallman says "treacherous") computing environment. It
requires (1). This is bad. It would deny the owner the right to own
their machine! The problem isn't actually the "secure" hardware itself,
but the fact that the machine owner would have no way to turn it off to
run unsigned code, or that, if they did, they wouldn't then be able to
access documents,media,...banking,web content(?) which required a key to
decode it.
3)DRM/Palladium. This is the evil bit. It could be used for censorship
and also for crippling one's legal right to fair use.
Microsoft claim it could be used to prevent spam/viruses, although I
doubt this is true. The main use of this is for the movie/record
studios. (And to break Linux.)
4)On top of all this, and the motivation for it, is the copyright
"enforcement" and DMCA. Of course, copyright enforcement in this
manner will: -annoy legal consumers, denying them fair use
-not stop serious pirates at all (eg the "analog hole")
-actualy hurt the record industry with lower sales
-badly damage the tech industry
Summary:
1)Good (can be misused, but then so can anything)
2)Bad (main use is (3), but not intrinsically evil)
3)Evil (many severe consequences, no real good use)
4)Futile, economically self destructive, and very annoying.
I do wish that Intel,IBM,Apple,the other hardware manufacturers and even
Microsoft would stand up a bit more to the Movie/Record industry. Yes,
copyright piracy is bad. But it isn't seriously bad. DRM and the DMCA
are like curing a cold by amputating the person's head!
There is an excellent argument here which basically says "you cannot
both rigidly enforce copyright and protect free speech"
http://freenetproject.org/cgi-bin/twiki/view/Main/Philosophy
Hope that's useful. I do hope it doesn't start a flame war!!
Best wishes
Richard
--
The linux-thinkpad mailing list home page is at:
http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad