You know there is a TCP module in the linux kernel right? it's been there for a while. you don't have to use it, in fact most people don't so it remains dormant or not compiled. but the option is there.
The difference with linux though is that the hardware security prevision is in the hands of the user, not a business in redmond.
42 is not an anwser, it's an error code. the universe is saying 'Error 42: meaning to universe not found'
Programmer, Teacher and Artist
That is very interesting, no I didn't realize that. I'm not entirely suprised though. There is still much I need to learn about this. I do know one thing though; the first time I heard of trusted computing and what it intended to do it opened my eyes to where the large money making corporations were trying to take things. I still believe that trusted computing has less to do with security and more to do monopolies and limiting your choices.
This is from my dell ideastorm post.
I can very easilly see this happening. It's kind of like they would say, OK you want to play by your rules? Fine then every time you try to access your online banking we won't let you because you aren't running trusted software. It would be so easy for them to do this.It is more than possible that a computer that has the user over ride engaged to enable it to run software that is "not trusted" could be blocked from important web sites or from engaging in other critical activities. In this scenario it would be virtually useless to run software that is not trusted.
Hmm... Assuming that TPMs are used to do TC stuff, I understand that is this would be difficult (if not impossible) for banks to do to customers. TPM's "verification" method depends on what a combined signature of the platform (both hardware and software) and that of an EK (endorsement key, an RSA private/public key pair). In the case of a private company ordering TPMed laptops/desktops/servers, the IT department can easily keep track of what of hardward, software and public EKs, the machines do. For a bank to do the same for its customers, it would need to practically register their customers' machines. Can you see your bank, asking you to bring in your computer to register it just to use their website? Wonder what their competitors would do to attract the first bank's disgruntled customers?
Anyways, I recommend the following whitepaper about how TPMs work:
http://http://www.intel.com/design/mobile/platform/downloads/Trusted_Platform_Module_White_Paper.pdf
Use Kubuntu.
Blog: A Hacker's Journal in the Cloud
I'll take a gander, but if your basing your beliefs on a kind of benefit of the doubt be very careful. Many liberties have been violated in name of security in other areas of life. Just look at 911 for a recent example. What is more precious to a bank than security? I dare say nothing except money. At any rate, if you don't like online banking as an example that's fine, it was just an example (though I'm not entirely sure you're right). If TPM's become full blown in all their glory I would love nothing more than to eat crow because I was wrong about it. The truth is no one really knows, I do know that if everyone just sits back and waits to see what will happen we will likely be worse off for it.
Once a technology like this is in place all that is needed to revoke our freedom is some sort of large scale crisis.
Lets play with this idea for a bit.
Why would it be so hard for TPM's to be used like this.
You want to do online banking
You launch web browser on a non trusted computer
Banks server authenticates only with trusted software on properly trusted computer system
You are turned away
This quote comes from http://www.againsttcpa.com/what-is-tcpa.html
I don't see why it would be very hard at all for banks to turn customers away if a bill like the one above would be passed. I think they would have to comply with the law and do it out of obligation.The bills:
In the USA there's a planed bill, the so called CBDPTA (Consumer Broadband and Digital Television Promotion Act). First it was callen SSSCA (Security Systems Standards and Certification Act). The new name reads much more harmless. Looks like the first name made it too easy to discover the purpose of this bill.
This bill plans to legally force secure (TCPA-conform) systems. So in the USA it would then not be allowed to buy or sell systems that are not TCPA-conform. Passing this law would be punished with up to 5 years of prision and up to $500.000 fine. The same would apply for development of "open" software. Open means that it would work on systems that're not TCPA-conform.
Even if this bill would only valid in the USA it would have catastrophically effects worldwide. Because US companies are not allowed to develop and sell "unsecure" software, others would have to jump onto the TCP-train, so they would give total control over themself to the TCPA (USA?), or they would have to live completely without software and harware from US-companies. No Windows, Solaris, MacOS, Photoshop, Winamp or to say it short: The largest part of all software that's used on this planet would not be usable.
If you look at page 14 of the Document I think a banks server would only have to look for your conformance certificate, if your running trusted software on trusted hardware you will have one. If you're not properly trusted you won't have one. A web browser will likely have in it's encryption key information about your whether or not your system has this certificate.
I'm not a programmer but why couldn't it work like that?
Maybe this is a stupid question but from skimming through the (little biased?)docs about TC I understand it prevents you to use unauthorized hardware or software.
So what If your a programmer and make a little program to do some stuff for you? Wouldn't you be able to run your own program? That is just too ridiculous to be true, it can't be true. How are developers supposed to test their software if they have to authorize it with TC every time?
"Historically I've had a “love-hate” relationship with Apple. They love themselves and I hate them."
- Jeremy Allison
To get an idea on what Trusted Computing is all about take a look at game consoles. They are nothing more than a PC where "Trusted Computing" has been turned on to allow only software approved by the manufacturer to run, and where a developer has to license the right to have software run of the platform. This effectively eliminates the small players from the platform.
Trusted Computing becomes Treacherous Computing when the owner of the device is not trusted as in the game console example above and when it is used to enforce DRM, but it can be very useful as a security tool if the owner is trusted for example to prevent the installation of malware etc. Windows Vista when combined with Treacherous Computing is a huge threat.
The best defense against Treacherous Computing is the widespread use of free (as in speech software) especially if major parts of it becomes licensed under the proposed GPL v3.
First keep in mind that although the site is clearly biased it may be 100% correct. The truth is always biased not political and it can sometimes be very inconvenient.
Second I read it the same way, Untrusted software wouldn't install on hardware with TPM chips. However I've seen some possibility that the TPM chips could have user control in the BIOS with an enable/disable switch. This would still cause a segregation of the software though. What makes this difficult to predict is that the rules for TPM will be made up as we go along. Will that developing bill ever be passed who knows? Will it be abused who knows.
I have learned this much in life though. Money and power corrupts, the threat of competition will cause the one in control to want to remove the competition. Competition means less money, less money= unhappy stock holders. It's a vicious cycle, capitalism has it's benefits but it's not perfect.
Bookmarks