Intel corp: computer OWNERS are the ENEMY and we must protect ourchips from them.


U

ultimauw

http://it.slashdot.org/article.pl?sid=09/01/06/2132247

(notice that they call the locked down execution part "TXT". I don't
trust anyone who has to resort to [W][O][R][D][G][A][M][E] to try
to sneak stuff like this under the public radar.

From the same page http://it.slashdot.org/comments.pl?sid=1082397&cid=26351915
I am a programmer, and in particular I have studied the Trusted
Platform Technical Specification documentation. All 332 pages of dense
technicaleese. There is one particular page I would like to cite. In
the TCPA Main TCG Architecture v1_1b.pdf on page 277 the documentation
comes right out and announces the fact it is designed to be secure
against "rogue Owners".

You are either mistaken, or you're full of crap. The chip is in fact
designed to lock the computer against the owner. Yes, locks that are
designed to protect the computer against it's owner will also prevent
outside attackers from doing things that the owner himself is
forbidden to do. However that is incidental. A hostile Trusted
Computing system trying to lock computers against their owners is
fundamentally different than a system designed to secure computers for
the owner.

If you really do believe that this is solely intended for the benefit
of the owner, perhaps you could answer some questions for me.

Why the absolute refusal to implement the EFF's Owner Override
proposal? It would give the owner full control of his own computer
while still securing against remote attacks. You could even secure
against local attackers (other than the owner) by placing adding some
sort of Owner Authentication element to the Override system.

Or how about my proposal? I merely want a printed copy of the master
key to my own computer. I merely want the option to buy a computer
that comes with a printed copy of my master key. (Technical note: I am
referring to the PrivEK key, and having the option to export the RSK
key encrypted to the PrivEK would be beneficial for ease and security
reasons.) Go ahead, explain to why I am absolutely forbidden to know
the master key to my own computer. Go ahead and explain why they
absolutely refuse to PERMIT anyone to manufacture any compatible Trust
Chip that permits the owner to know their own master key.

And best of all, explain to me all of the documented systems and plans
to REVOKE and (for all practical purposes) brick any chip if they ever
detect that you have learned the master key locked inside you
computer, if you ever learn the master key to control your own
computer, if they ever detect that you have the power and control to
override any DRM system based on the chip.

And don't even try the line about how this revocation system is "not
part of the chip itself". The chip was explicitly designed to secure
the computer against the owner, the chip was explicitly designed to to
support that revocation system, and the chip's technical documentation
and design specification explicitly mention this revocation system.

The design specs endlessly list all of the things that the owner MUST
be forbidden to be able to do, all of the things the owner MUST be
forbidden to know, the specification even has a section that mandates
that any owner's data under "non-migable keys" MUST be effectively
impossible to back up and MUST be irretrievably lost if the chip ever
dies.

And on and on and on. Yes, the chip was explicitly designed to
consider the owner to be the enemy. The chip is explicitly designed to
be secure against "attacks" by the owner. Yes, the current generation
of chips are relatively vulnerable to physical attack - by the owner
or by a hostile attacker. However it is fundamentally designed to lock
against the owner, there is a supplemental specification on how to
increase the physical security against the owner and how to certify
hardware as possessing stronger anti-owner physical security, and
there is mention in the CHIP speck itself and in supplemental
specifications on how to revoke and lock-out any chip where an owner
does manage to gain local override control over his own computer.

Yes, there are some people working on Trusted Computing with the
intent of securing your computer for you, of protecting you against
remote attackers. However that does not change the fact that the
system is indeed designed to lock computers against the owner, that it
is indeed designed explicitly for DRM support, that it is explicitly
designed to be hostile to the owner, it does not change the fact that
they COULD design a pro-owner system to secure your computer for you
without these anti-owner aspects, but that they refuse to permit any
compatible pro-owner chip that does not also impose these anti-owner
DRM style enforcement systems as well.
 
Ad

Advertisements

A

Arno Wagner

In said:
(notice that they call the locked down execution part "TXT". I don't
trust anyone who has to resort to [W][O][R][D][G][A][M][E] to try
to sneak stuff like this under the public radar.

From the same page http://it.slashdot.org/comments.pl?sid=1082397&cid=26351915
I am a programmer, and in particular I have studied the Trusted
Platform Technical Specification documentation. All 332 pages of dense
technicaleese. There is one particular page I would like to cite. In
the TCPA Main TCG Architecture v1_1b.pdf on page 277 the documentation
comes right out and announces the fact it is designed to be secure
against "rogue Owners".
You are either mistaken, or you're full of crap. The chip is in fact
designed to lock the computer against the owner. Yes, locks that are
designed to protect the computer against it's owner will also prevent
outside attackers from doing things that the owner himself is
forbidden to do. However that is incidental. A hostile Trusted
Computing system trying to lock computers against their owners is
fundamentally different than a system designed to secure computers for
the owner.


This is very old news and well known in the academic IT security
community. It is also the main counterargument to this hardware.

From the refusal to give the user control at need, I deduce that
this chip is indeed primarily targetted at taking control away
from the user, and that protecting against external threats
is only a secondary goal, or maybe just somethign invented by
marketing.

Still important to explain this to people until this technological
atrocity goes away.

Arno
 
U

ultimauw

In said:
http://it.slashdot.org/article.pl?sid=09/01/06/2132247
(notice that they call the locked down execution part "TXT". I don't
trust anyone who has to resort to [W][O][R][D][G][A][M][E] to try
to sneak stuff like this under the public radar.
From the same pagehttp://it.slashdot.org/comments.pl?sid=1082397&cid=26351915
I am a programmer, and in particular I have studied the Trusted
Platform Technical Specification documentation. All 332 pages of dense
technicaleese. There is one particular page I would like to cite. In
the TCPA Main TCG Architecture v1_1b.pdf on page 277 the documentation
comes right out and announces the fact it is designed to be secure
against "rogue Owners".
You are either mistaken, or you're full of crap. The chip is in fact
designed to lock the computer against the owner. Yes, locks that are
designed to protect the computer against it's owner will also prevent
outside attackers from doing things that the owner himself is
forbidden to do. However that is incidental. A hostile Trusted
Computing system trying to lock computers against their owners is
fundamentally different than a system designed to secure computers for
the owner.


This is very old news and well known in the academic IT security
community. It is also the main counterargument to this hardware.

From the refusal to give the user control at need, I deduce that
this chip is indeed primarily targetted at taking control away
from the user, and that protecting against external threats
is only a secondary goal, or maybe just somethign invented by
marketing.

Still important to explain this to people until this technological
atrocity goes away.

Arno


What this needs to be is shown on mainstream media. Or course, given
that mainstream media is a bunch of corporate whores it might be very
hard to do so, but it has to be done. Any ideas?
 
B

Bob Eager

(notice that they call the locked down execution part "TXT". I don't
trust anyone who has to resort to [W][O][R][D][G][A][M][E] to try
to sneak stuff like this under the public radar.


You obviously aren't aware that the term 'text' for the execution part
has been around since the early 1970s, and wasn't originated by Intel
even then. I first encountered it in 1976 when I started using UNIX.

Not that I agree with all this either..!
 
R

Robert Redelmeier

In comp.sys.ibm.pc.hardware.chips Arno Wagner said:
This is very old news and well known in the academic IT security
community. It is also the main counterargument to this hardware.

From the refusal to give the user control at need, I deduce that
this chip is indeed primarily targetted at taking control away from
the user, and that protecting against external threats is only a
secondary goal, or maybe just somethign invented by marketing.
Still important to explain this to people until this
technological atrocity goes away.


While I don't encourage complacency, it will --
just like the Intel CPU Serial Number was a flop.

A few content providers have always tried to increase their
control over their customers. Starting with trying to
licence paper books. Rapacious. While some have accepted
the restrictions, enough have always rejected them to make it
an economically losing proposition for the content providers.

However, there is no guarantee this will always be the case.
TiVo is a counter-example.


-- Robert
 
Ad

Advertisements

U

ultimauw

It will be a very sad day if they manage to dupe the masses by selling
it like that. Even worse, it will probaly work. Just give it some
cheezy name (iTrust?) and a slick marketing campaign, and the masses
will buy it. You can probaly still buy basic PCs you have the key to
(marketed as pro or business) for the low low price of $8,000.
 
Ad

Advertisements

J

Jon Danniken

JAD" said:
Can you say "Computer Appliance"?

There's always "software as a service" and tiers of internet access marketed
by which webpages you can go to.

Jon
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top