[KLUG Members] Step F4 announced

Jamie McCarthy members@kalamazoolinux.org
Tue, 13 Apr 2004 13:55:27 -0400
Previous message: [KLUG Members] New laptop on the way...advice
Next message: [KLUG Members] difference between gnome and kde
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.wired.com/news/technology/0,1282,63031,00.html

Security Boost for Intel Chips
Associated Press
03:07 PM Apr. 12, 2004 PT

SAN JOSE, California -- The next generation of Intel
microprocessors for cell phones and handheld computers will, for
the first time, include hard-wired security features that can
enforce copy protection and help prevent hackers from wreaking
havoc on wireless networks.

Intel's PXA27x processors, announced Monday at a conference in
Taiwan, contain a security "engine" that's on the same piece of
silicon but separated from the area where general processing takes
place. The engine also has access to secure memory.

Today, security tasks such as handling the keys that unscramble
data are typically processed like any other task. As a result,
it's possible that an errant program can alter, intercept or
damage jobs that are supposed to be secure.

With Intel's new chips, cell-phone makers and carriers can
guarantee a greater, hardware-based level of security for
customers who use the devices to access corporate networks or need
to lock down information.

[...]




Here are some of my notes from the talk I gave at KLUG in Sept. '02.
Having DRM on the CPU, instead of in a separate chip on the motherboard,
is step F4.  Steps G and H will complete the process (and take us to
step K2...)

    F. Microsoft could try controlling viruses/worms/malware at the app level
            but they are for sure going back to the OS level:
            1.      .NET - deploying a virtual computer running on Windows
                    where they control *everything*
            2. why not go back to the boot loader? (too many hard drive vendors)
            3. or the BIOS? (would have to get multiple vendors all onboard)
            4. or the CPU? (only 2 vendors and they have to play ball)
    G. Describe how the system will work:
            1. * CPU comes hardened, with private keys embedded
            2. * Refuses to enter supervisor mode for code that hasn't been
               signed by one of those keys (or probably more than one,
               to forestall theft of one)
            3. this means: * no audio * no DV
            * no network
            * no non-.NET
               (explain what .NET is)
            * no competing operating systems
                    (Intel might be willing to give free licenses to OS coders.
                     But not if Microsoft stops them)
    H. Along the way we will see Windows only working with IO hardware
       that deals in encrypted data.  You will not be able to play just
       any sound out your sound card, nor display just any MPEG.  You
       will only be able to hear or see data which has been signed with
       a key that your kernel recognizes.
    I. So are we headed in this direction? We are taking steps. The first step
       is what's currently known as Palladium and Trusted Computing, explain
       these briefly.
    J. * TCPA and Pd.
            1. Why needed? * "Our products just aren't engineered for security"
            2. Microsoft took a month earlier this year to work on security.
               Then bragged about how much they did. They still have huge holes.
               The company is completely refactoring security, making it their
               top priority.  They are not going to bother to retrofit.  They
               are doing it from scratch, tailoring a future operating system
               about four years off to hardware that will be available then.
            3. * TCPA will produce machines that are capable of only running
               code which has been signed by an authority.
               * HP/Compaq, IBM, Intel, Microsoft
            4. * Intel is making good on its part of the bargain, producing
               the processor that these machines will use and promising it
               will be Digital Rights Management friendly.  When is it coming?
               * second half of 2003
               "its next generation of microchips, due next
               year, would include anti-piracy features that
               will protect computers against hackers and
               viruses while giving digital publishers powerful
               new tools to control the use of their products."
               Note these two separate issues being conflated.
    K. * Public perception
            1. * News.com
            2. * Bruce Schneier, Counterpane
                    "My fear is that Pd will lead us down a road
                    where our computers are no longer our
                    computers, but are instead owned by a
                    variety of factions and companies all
                    looking for a piece of our wallet."
            3. * Ross Anderson: "You can use it to defeat the GPL."
               A corporation can make a Pd-compatible operating
               system based on open-source software -- HP has
               expressed its intention to do so -- and fully comply
               with the GPL but it won't matter.  Since any changes
               change the kernel, they require a key to be run.
               You can modify it all you want but there is no hardware
               that will run your modifications.
-- 
  Jamie McCarthy
 http://mccarthy.vg/
  jamie@mccarthy.vg
Previous message: [KLUG Members] New laptop on the way...advice
Next message: [KLUG Members] difference between gnome and kde
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]