1. Home
  2. Electronics Design
  3. Trusted Platform Module / Trusted Computing Platform Alliance (TPM/TCPA) -Guy Macon

Trusted Platform Module / Trusted Computing Platform Alliance (TPM/TCPA) -Guy Macon

>>> What does the owner's authorization get you? >>> >>> Assume for the moment that the TPM is being used by an application >>> to store the keys for some copyrighted content. The application >>> wants to enforce a limited number of plays, and an expiration date. >>> It also wants to make sure that the OS hasn't been patched to log >>> traffic to the sound and video hardware. As I understand it, this >>> is one of the things the TPM is supposed to be able to do (hide >>> data from the owner against his interests in favor of the interests >>> of the copyright holder). >> >>In that case the owner of the computer is not the owner of the TPM. > >Well, maybe that was the intent, but my bet is that there's going >to be at least one user out there who manages to become the owner >of his own TPM. It might even be someone with access to a chip >design facility, or who works for the manufacturer. > >Does the application know who owns the TPM? If it trusts the TPM >owned by the user, it sounds like it's going to give away the farm, >and there's a good chance the keys will be posted on the Internet. > >There's also the problem that there are multiple sets of content >providers and they don't all trust each other.

The talk of "ownership" is confusing the issue. There is no such concept in TPM. If TPM is turned on and you load Windows, then Windows "owns" all the hardware including the TPM chip, and of course Microsoft owns Windows. If TPM is turned on and you load Linux, then Linux "owns" all the hardware including the TPM chip, and you own your copy of Linux.

Note the "if TPM is turned on" qualifier. The BIOS is responsible for turning on the TPM chip. At power-on, the BIOS either activates the TPM chip (and then does various other things) or deactivates the TPM chip, in which case it remains deactivated until the next power cycle. No operating system or application can reactivate it without cycling the power.

Can TPM "hide data from the owner against his interests in favor of the interests of a copyright holder?" If the owner tells the BIOS to turn on TPM and then loads an OS that does the above (I am looking at you, Vista) yes. If the owner disables TPM in the Bios or loads an OS that doesn't do the above, then no.

What the TPM chip is really good at is storing certain data (keys) and not letting it out unless it gets matching hashes that tell it that the same BIOS, extension BIOSes, MBR, GRUB bootstrap stages / Windows bootloader and other designated files such as the Linux or Windows kernel are the same as what stored the data. This stops you from booting to a Knoppix CD and extracting the keys from Windows. This also stops you from removing a Linux hard drive, mounting it as a secondary drive on a Windows box and extracting the keys. It also stops you from changing the OS without powering down and extracting the keys from RAM.

Can the TPM chip be used for Evil? Yes, but only if you (or whoever owns your operating system) allow that.

I strongly suggest reading at least the first few URLs below:

_Taking Control of TCPA_

formatting link

_Linux and trusted computing_

formatting link

_The Trusted Platform Module (TPM) Specs/FAQ_ (From the people who make TPM chips, so consider the source)

formatting link
formatting link

_OSLO - Open Secure LOader_

formatting link

_A Tipping Point For The Trusted Platform Module?_

formatting link
formatting link
formatting link

Microsoft's _Best Practices for Trusted Platform Module Management_

formatting link

_TPM Reset Attack_

formatting link

Wikipedia: _ Trusted Platform Module / Trusted Computing Platform Alliance (TPM/TCPA) _

formatting link 

--
Guy Macon  Guy Macon 
Guy Macon  Guy Macon 
Guy Macon  Guy Macon 
Guy Macon  Guy Macon
Reply to
Guy Macon
Loading thread data ...

I don't agree. There is a very clear concept of TPM ownership. In fact, there is a TCPA primitive precisely to take ownership of the TPM. In order to do this one must supply credentials that are to be used for future authorized TPM commands. He who has access to such credentias can do pretty much whatever he wants with the TPM, including changing such credentials at will.

Reply to
Jens Stueckelberger

Looking at the above, I see that I was quite unclear. Sorry about that. Unless I am mistaken, there is no ownership on the level where the system communicates with the TPM chip, alsoknown as the S-CRTM (Static Core Root of Trust for Measurement). I just looked for a list of those lowest-level commands, but did not find it. The Trusted Computing Stack that builds on the lowest level chip *does* have the concept of ownership. Sorry for implying otherwise.

The last time I did anything with a TPM chip, it was with the onboard Random Number Generator, and I must confess that I didn't pay much attention to the other features, but in essence it is a microcontroller with some crypto / hashing algorithms and memory space for keys, and all the rest is done with software that runs on the main CPU.

--
Guy Macon
Reply to
Guy Macon

The ownership is the issue.

TPM is a secured operations system, and ownership of it can be very different from the apparent ownership of the device outside.

Completely false. TPM is a tool that the Operating System can make requests of, the TPM ownership determines if such requests are accepted.

and of

Completely false. It is almost certain that any access of the TPM by linux would be denied by the OS authentication built into the TPM.

That much is true.

This is debatable. There are provisions for hot-swapping the TPM, this is a critical requirement in some server environments.

Here you are confusing the apparent owner of the device, and the owner of execution inside the TPM.

Perfectly false. NGSCB was delayed indefinitely in May 2004, I'm always amazed that such falsehoods persist. Vista has no provisions to make use of a TPM. If you want an OS that does have such abilities, you are looking for MacOS X.

yes. If the owner disables TPM in

Actually, you are wrong here as well. Anything stored by the TPM will either be stored inside the (turned off) TPM and so unavailable, or will be stored encrypted outside the TPM. The correct answer is that anything protected by the TPM will be unavailable when the TPM is turned off.

The TPM is for execution of secure code, the storage of keys is not a major feature.

False. Any accepted OS should have the same access to make computation requests. Any unaccepted OS will not have any access to make computation requests.

It does nothing of the type. If Knoppix is certified as acceptable, then it will have all the access of any other OS. Some TPM chips have additional ability to handle processing that is for that OS only.

False. You clearly have no understanding of even the most basic things that a TPM does.

Can the TPM chip be used for good? Yes, unlike you I don't have to justify it.

The more important question: Can the TPM be used? Sometimes.

I'd suggest you read actually read them as well. BY that I mean actually read them and understand them, not glance through them and attempt to justify your misunderstanding by not understanding what is actually written.

I am always surprised at the simply wrong information around about TPMs, even when people read otherwise accurate information. Joe

Reply to
Joseph Ashwood

What a load of Bullshit.

--
http://www.youtube.com/watch?v=fJVydzNJrno
Reply to
Ari

Totally wrong.

Wrong again. The whole point of TPM is to force the platform to conform to rules someone else sets.

Don't be so arrogantly sure.

I can extract the keys from mswindows from within mswindows and i do not need Knoppix to do it. Though it is handy for recording and crushing and restoring administrator passwords.

Wrong yet again, MS owns mswindows and they are selling the user out.

(TPM/TCPA) _

Some useful links though. Still, you post like an TPM industry shill. The damn thing is a mirage.

Reply to
JosephKK

Ten years ago such used to surprise me, it does not any more. I have lived and worked with functionally illiterate engineers to much.

Reply to
JosephKK

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.