[KLUG Members] Step F4 announced
Jamie McCarthy
members@kalamazoolinux.org
Tue, 13 Apr 2004 13:55:27 -0400
http://www.wired.com/news/technology/0,1282,63031,00.html
Security Boost for Intel Chips
Associated Press
03:07 PM Apr. 12, 2004 PT
SAN JOSE, California -- The next generation of Intel
microprocessors for cell phones and handheld computers will, for
the first time, include hard-wired security features that can
enforce copy protection and help prevent hackers from wreaking
havoc on wireless networks.
Intel's PXA27x processors, announced Monday at a conference in
Taiwan, contain a security "engine" that's on the same piece of
silicon but separated from the area where general processing takes
place. The engine also has access to secure memory.
Today, security tasks such as handling the keys that unscramble
data are typically processed like any other task. As a result,
it's possible that an errant program can alter, intercept or
damage jobs that are supposed to be secure.
With Intel's new chips, cell-phone makers and carriers can
guarantee a greater, hardware-based level of security for
customers who use the devices to access corporate networks or need
to lock down information.
[...]
Here are some of my notes from the talk I gave at KLUG in Sept. '02.
Having DRM on the CPU, instead of in a separate chip on the motherboard,
is step F4. Steps G and H will complete the process (and take us to
step K2...)
F. Microsoft could try controlling viruses/worms/malware at the app level
but they are for sure going back to the OS level:
1. .NET - deploying a virtual computer running on Windows
where they control *everything*
2. why not go back to the boot loader? (too many hard drive vendors)
3. or the BIOS? (would have to get multiple vendors all onboard)
4. or the CPU? (only 2 vendors and they have to play ball)
G. Describe how the system will work:
1. * CPU comes hardened, with private keys embedded
2. * Refuses to enter supervisor mode for code that hasn't been
signed by one of those keys (or probably more than one,
to forestall theft of one)
3. this means: * no audio * no DV
* no network
* no non-.NET
(explain what .NET is)
* no competing operating systems
(Intel might be willing to give free licenses to OS coders.
But not if Microsoft stops them)
H. Along the way we will see Windows only working with IO hardware
that deals in encrypted data. You will not be able to play just
any sound out your sound card, nor display just any MPEG. You
will only be able to hear or see data which has been signed with
a key that your kernel recognizes.
I. So are we headed in this direction? We are taking steps. The first step
is what's currently known as Palladium and Trusted Computing, explain
these briefly.
J. * TCPA and Pd.
1. Why needed? * "Our products just aren't engineered for security"
2. Microsoft took a month earlier this year to work on security.
Then bragged about how much they did. They still have huge holes.
The company is completely refactoring security, making it their
top priority. They are not going to bother to retrofit. They
are doing it from scratch, tailoring a future operating system
about four years off to hardware that will be available then.
3. * TCPA will produce machines that are capable of only running
code which has been signed by an authority.
* HP/Compaq, IBM, Intel, Microsoft
4. * Intel is making good on its part of the bargain, producing
the processor that these machines will use and promising it
will be Digital Rights Management friendly. When is it coming?
* second half of 2003
"its next generation of microchips, due next
year, would include anti-piracy features that
will protect computers against hackers and
viruses while giving digital publishers powerful
new tools to control the use of their products."
Note these two separate issues being conflated.
K. * Public perception
1. * News.com
2. * Bruce Schneier, Counterpane
"My fear is that Pd will lead us down a road
where our computers are no longer our
computers, but are instead owned by a
variety of factions and companies all
looking for a piece of our wallet."
3. * Ross Anderson: "You can use it to defeat the GPL."
A corporation can make a Pd-compatible operating
system based on open-source software -- HP has
expressed its intention to do so -- and fully comply
with the GPL but it won't matter. Since any changes
change the kernel, they require a key to be run.
You can modify it all you want but there is no hardware
that will run your modifications.
--
Jamie McCarthy
http://mccarthy.vg/
jamie@mccarthy.vg