BetaNews has a new piece out on the newest ‘link in the TPM chain’ from a member of the Trusted Computing Group (TCG) – Seagate’s DriveTrust (PDF)and TPM (Trusted Platform Module) drives from Seagate, originally unveiled back in April of 2005 through a demonstration that was reported by CNET at that time.
Make no mistake, the Trusted Computing Group (TCG) is the successor to the Trusted Computing Platform Alliance (TCPA), also formerly known as Palladium by Microsoft. It is an initiative led by AMD, Hewlett-Packard, IBM, Infineon, Intel, Lenovo, Microsoft, and Sun Microsystems to implement trusted computing according to Wikipedia’s article here.
And here’s some more information on the various names TPM is going by these days (also from the Wikipedia article with links):
Chipmakers have developed varying implementations that integrate the TPM functions into a normal chipset. Intel’s is called trusted execution technology. AMD‘s is called Secure Virtual Machine (SVM) [2 (PDF)]. Transmeta‘s is called Transmeta Security eXtensions (TSX). IBM uses two names, Embedded Security Subsystem and ThinkVantage Technology. National Semiconductor uses two names as well, SafeKeeper and Super I/O. Phoenix Technologies’ BIOS for it is called Core Managed Environment (cME). Fujitsu calls it FirstWare Vault. Hewlett Packard calls it ProtectTools.
Microsoft’s initiative is called Next Generation Secure Computing Base (formerly Palladium). Owing to significant difficulties in creating a working implementation that third-party developers were interested in using, NGSCB is not being included with Microsoft’s next major operating system release, Windows Vista. Instead, Vista will ship with a few technologies that can make use of a TPM chip, such as BitLocker Drive Encryption, and a new version of the Microsoft Cryptography API.
As you can see, Microsoft Vista will only needs to be the enabler for all these hardware ‘paths’ to follow. When the hardware is in place, like it already will be with the video ‘path’ in Vista — remember all the discussion about that awhile ago (HD content not playing on some video outputs because they are not compliant?)
More info on TPM aka The Fritz Chip here at Tom’s Hardware from 2005:
The next step was a first draft of the TP modules, nowadays represented in an up-to-date form such as the “Fritz chip”. The first hardware manufacturer using Trusted Computing hardware was IBM, equipping the ThinkPad T23 with an Infineon TP module.
The initial step beyond the original TPM concept was the introduction of the technology that goes by the names Execute Disable Bit (XD) on Intel, and Non Execute (NX) by AMD and Data Execution Protection (DEP) by Microsoft. It describes a technology dedicated to the problem of buffer overruns; memory areas assigned to programs are strictly separated from non-executable areas. However this feature must be supported both by the CPU, the operating system and applications. Suitable operating systems currently are Microsoft Windows Server 2003 SP1, Microsoft Windows XP SP2, Windows XP Professional x64, SUSE Linux 9.2 and Enterprise Linux 3 update 3.
Unsettling thought. I am beginning to rethink my move to Fedora Core (the development side of [RedHat] Enterprise Linux). If I read that right.
The 9 page article at Tom’s Hardware is a must read for sure. Get a cup of coffee or your favorite lovely beverage (as Letterman is fond of saying), and take it all in. It appears to be the basis for much of the information in the Wikipedia article on the subject. (And don’t think you Mac users are left out of that article. 😉 )
But some of the more pressing issues come up on page 5:
Risks, Dangers And Consequences
With each suggestion of more advanced security technologies, one can expect a storm of critics and alarmists who are destined to condemn each and every change to the status quo. But which are the actual risks and dangers?
Most obvious are the efforts of the film and music industry to push all computer users towards a more stringent DRM paradigm. Once the majority of the computer hardware is delivered with TPMs and an operating system (e.g. Windows Vista) that presupposes these TPMs, a complex and complete monitoring of stored data by copyright owners might become possible.
A first example of this was Microsoft’s attempt to grant its Media Player the right to install DRM updates without notifying the user. This raises the question of what data on the computer would appear to be legitimate and how it can be regulated. Having a look at the political situation in countries such as Cuba or China, for example, it can easily be seen that dangers lurk here in terms of new censorship possibilities. Hardware could be used, for example, to display only text and imagery that was considered acceptable by a country’s rulers.
This might generally leave an unpleasant feeling to users, picturing the options of a “black box setup”. By constant or retroactive monitoring of all procedures on the computer, a complete user or work profile could be provided really quickly.
And on page 9, Vista the enabler is discussed in the final analysis with the last paragraph quite telling:
Before trusted computing can become a reality on a larger scale, TPM hardware that is already around will remain in a state of pseudo-hibernation for the time being. We will see a wider breakthrough of this technology with the introduction of Windows Vista.
There are good things and bad things with this technology as with all others. But you will lose control of what you buy. No doubt about it.
Like other new devices/software/OSes — now that Seagate’s new drives and DriveTrust are ready to go, they must ‘tone down’ the real agenda behind it — which was the main thrust when it was first discussed to try to sell it to corporations — DRM enforcement (Digital Rights Management, errr, Digital Restrictions Management as David Berlin so aptly named it). So, now they have shifted gears and are trying to sell it to consumers as a security product.
From the Wikipedia entry:
TCG’s original major goal was the development of a Trusted Platform Module (TPM), a semiconductor intellectual property core or integrated circuit that conforms to the trusted platform module specification put forward by the Trusted Computing Group and is to be included with computers to enable trusted computing features. TCG-compliant functionality has since been integrated directly into certain mass-market chipsets.
TCG also recently released the first version of their Trusted Network Connect (TNC) protocol specification, based on the principles of AAA, but adding the ability to authorize network clients on the basis of hardware configuration, BIOS, kernel version, and which updates that have been applied to the OS and anti-virus software, etc. . As of 2006, almost one hundred enterprises are members ot TCG or follow its specifications.
The problem is, you can’t get one without the other.
It’s as bad as Riders on Bills in Congress!
There is much more about this newly revamped marketing of DriveTrust and Seagate’s new products (for cable company DVRs and notebook hard drives) in the following articles:
CNET article April 2005:
CNET article October 2006:
See the shift now?
Check out the TCG’s (Trusted Computing Group) website for more details on what they have in store for us!
And here’s their announcement about DriveTrust/Seagate drives on the July 2005 letter from the President of TCG (second section below the main letter):
Trusted Drives Help Safeguard Data
TCG members Seagate, Wave Systems, and Intel have recently demonstrated (Spring IDF 2005) a robust protocol whereby a disk drive is “locked” to a particular platform or designated set of platforms. This protocol involves cooperation and mutual authentication between the platform and the disk drive, exploiting the TPM on the platform and the DriveTrust technology on the Seagate trusted drive. Such drive-locking mechanisms are of particular interest to the DRM community; locking drives with valuable content to particular set top boxes and video digital recording devices.
Seagate’s DriveTrust technology is based on current work in the TCG Storage Systems and Peripherals Work Groups, which is focused on extending trust and security from the TPM-based platform to a variety of peripheral devices that compose a Trusted Platform.
Seagate recently announced a full disc encryption drive, using drive-based encryption hardware to automatically encrypt ALL data going to the drive. Such an FDE drive protects against theft/loss and greatly streamlines both re-purposing and end-of-life for the laptop or PC. DriveTrust technology provides the necessary cryptographic key and password management.
Look for more information soon on work in the trusted peripherals and trusted storage area from TCG.
Lock your wigs!
Welcome to the future …
You may already be there!
(paraphrased from Firesign Theatre).
Thanks havnblast for posting the BetaNews article on ScotsNewsletter Forums here.