U
ultimauw
http://it.slashdot.org/article.pl?sid=09/01/06/2132247
(notice that they call the locked down execution part "TXT". I don't
trust anyone who has to resort to [W][O][R][D][G][A][M][E] to try
to sneak stuff like this under the public radar.
From the same page http://it.slashdot.org/comments.pl?sid=1082397&cid=26351915
I am a programmer, and in particular I have studied the Trusted
Platform Technical Specification documentation. All 332 pages of dense
technicaleese. There is one particular page I would like to cite. In
the TCPA Main TCG Architecture v1_1b.pdf on page 277 the documentation
comes right out and announces the fact it is designed to be secure
against "rogue Owners".
You are either mistaken, or you're full of crap. The chip is in fact
designed to lock the computer against the owner. Yes, locks that are
designed to protect the computer against it's owner will also prevent
outside attackers from doing things that the owner himself is
forbidden to do. However that is incidental. A hostile Trusted
Computing system trying to lock computers against their owners is
fundamentally different than a system designed to secure computers for
the owner.
If you really do believe that this is solely intended for the benefit
of the owner, perhaps you could answer some questions for me.
Why the absolute refusal to implement the EFF's Owner Override
proposal? It would give the owner full control of his own computer
while still securing against remote attacks. You could even secure
against local attackers (other than the owner) by placing adding some
sort of Owner Authentication element to the Override system.
Or how about my proposal? I merely want a printed copy of the master
key to my own computer. I merely want the option to buy a computer
that comes with a printed copy of my master key. (Technical note: I am
referring to the PrivEK key, and having the option to export the RSK
key encrypted to the PrivEK would be beneficial for ease and security
reasons.) Go ahead, explain to why I am absolutely forbidden to know
the master key to my own computer. Go ahead and explain why they
absolutely refuse to PERMIT anyone to manufacture any compatible Trust
Chip that permits the owner to know their own master key.
And best of all, explain to me all of the documented systems and plans
to REVOKE and (for all practical purposes) brick any chip if they ever
detect that you have learned the master key locked inside you
computer, if you ever learn the master key to control your own
computer, if they ever detect that you have the power and control to
override any DRM system based on the chip.
And don't even try the line about how this revocation system is "not
part of the chip itself". The chip was explicitly designed to secure
the computer against the owner, the chip was explicitly designed to to
support that revocation system, and the chip's technical documentation
and design specification explicitly mention this revocation system.
The design specs endlessly list all of the things that the owner MUST
be forbidden to be able to do, all of the things the owner MUST be
forbidden to know, the specification even has a section that mandates
that any owner's data under "non-migable keys" MUST be effectively
impossible to back up and MUST be irretrievably lost if the chip ever
dies.
And on and on and on. Yes, the chip was explicitly designed to
consider the owner to be the enemy. The chip is explicitly designed to
be secure against "attacks" by the owner. Yes, the current generation
of chips are relatively vulnerable to physical attack - by the owner
or by a hostile attacker. However it is fundamentally designed to lock
against the owner, there is a supplemental specification on how to
increase the physical security against the owner and how to certify
hardware as possessing stronger anti-owner physical security, and
there is mention in the CHIP speck itself and in supplemental
specifications on how to revoke and lock-out any chip where an owner
does manage to gain local override control over his own computer.
Yes, there are some people working on Trusted Computing with the
intent of securing your computer for you, of protecting you against
remote attackers. However that does not change the fact that the
system is indeed designed to lock computers against the owner, that it
is indeed designed explicitly for DRM support, that it is explicitly
designed to be hostile to the owner, it does not change the fact that
they COULD design a pro-owner system to secure your computer for you
without these anti-owner aspects, but that they refuse to permit any
compatible pro-owner chip that does not also impose these anti-owner
DRM style enforcement systems as well.
(notice that they call the locked down execution part "TXT". I don't
trust anyone who has to resort to [W][O][R][D][G][A][M][E]
to sneak stuff like this under the public radar.
From the same page http://it.slashdot.org/comments.pl?sid=1082397&cid=26351915
I am a programmer, and in particular I have studied the Trusted
Platform Technical Specification documentation. All 332 pages of dense
technicaleese. There is one particular page I would like to cite. In
the TCPA Main TCG Architecture v1_1b.pdf on page 277 the documentation
comes right out and announces the fact it is designed to be secure
against "rogue Owners".
You are either mistaken, or you're full of crap. The chip is in fact
designed to lock the computer against the owner. Yes, locks that are
designed to protect the computer against it's owner will also prevent
outside attackers from doing things that the owner himself is
forbidden to do. However that is incidental. A hostile Trusted
Computing system trying to lock computers against their owners is
fundamentally different than a system designed to secure computers for
the owner.
If you really do believe that this is solely intended for the benefit
of the owner, perhaps you could answer some questions for me.
Why the absolute refusal to implement the EFF's Owner Override
proposal? It would give the owner full control of his own computer
while still securing against remote attacks. You could even secure
against local attackers (other than the owner) by placing adding some
sort of Owner Authentication element to the Override system.
Or how about my proposal? I merely want a printed copy of the master
key to my own computer. I merely want the option to buy a computer
that comes with a printed copy of my master key. (Technical note: I am
referring to the PrivEK key, and having the option to export the RSK
key encrypted to the PrivEK would be beneficial for ease and security
reasons.) Go ahead, explain to why I am absolutely forbidden to know
the master key to my own computer. Go ahead and explain why they
absolutely refuse to PERMIT anyone to manufacture any compatible Trust
Chip that permits the owner to know their own master key.
And best of all, explain to me all of the documented systems and plans
to REVOKE and (for all practical purposes) brick any chip if they ever
detect that you have learned the master key locked inside you
computer, if you ever learn the master key to control your own
computer, if they ever detect that you have the power and control to
override any DRM system based on the chip.
And don't even try the line about how this revocation system is "not
part of the chip itself". The chip was explicitly designed to secure
the computer against the owner, the chip was explicitly designed to to
support that revocation system, and the chip's technical documentation
and design specification explicitly mention this revocation system.
The design specs endlessly list all of the things that the owner MUST
be forbidden to be able to do, all of the things the owner MUST be
forbidden to know, the specification even has a section that mandates
that any owner's data under "non-migable keys" MUST be effectively
impossible to back up and MUST be irretrievably lost if the chip ever
dies.
And on and on and on. Yes, the chip was explicitly designed to
consider the owner to be the enemy. The chip is explicitly designed to
be secure against "attacks" by the owner. Yes, the current generation
of chips are relatively vulnerable to physical attack - by the owner
or by a hostile attacker. However it is fundamentally designed to lock
against the owner, there is a supplemental specification on how to
increase the physical security against the owner and how to certify
hardware as possessing stronger anti-owner physical security, and
there is mention in the CHIP speck itself and in supplemental
specifications on how to revoke and lock-out any chip where an owner
does manage to gain local override control over his own computer.
Yes, there are some people working on Trusted Computing with the
intent of securing your computer for you, of protecting you against
remote attackers. However that does not change the fact that the
system is indeed designed to lock computers against the owner, that it
is indeed designed explicitly for DRM support, that it is explicitly
designed to be hostile to the owner, it does not change the fact that
they COULD design a pro-owner system to secure your computer for you
without these anti-owner aspects, but that they refuse to permit any
compatible pro-owner chip that does not also impose these anti-owner
DRM style enforcement systems as well.