[KLUG Members] re: DRM in every Samsung machine

Mike Williams members@kalamazoolinux.org
Tue, 16 Mar 2004 18:18:02 -0500 

>
> Subject:
> [KLUG Members] DRM in every Samsung machine
> From:
> Jamie McCarthy <jamie@mccarthy.vg>
> Date:
> Tue, 16 Mar 2004 11:31:50 -0500
>
> To:
> members@kalamazoolinux.org
>
>
>At my KLUG talk "Your Rights Online" a couple years ago, I
>mentioned that the BIOS was one way for Digital Rights Management
>to work its way into the computer.  DRM is aka Trusted Computing,
>aka Treacherous Computing, aka whatever Microsoft wants to call
>"taking over the world" this week.
>
>Today's news is that all Samsung computers will now ship with the
>Phoenix "Core Managed Environment" BIOS, which implements this at
>a level Linux can't touch:
>
>    http://slashdot.org/article.pl?sid=04/03/16/1443252
>
>  
>
Perhaps.  All I found in the article was that there was partition only 
available to the BIOS, which Windows can't touch.  Windows will run 
without needing to access that partition, so Linux should be able to as 
well.  Sounds to me like nothing more insidious than the "system 
partition" that Compaq Proliants have always used. 

>If this becomes widespread, it's a very short hop for Microsoft to
>push BIOS manufacturers to ship, and computer makers to adopt, a
>BIOS that refuses to boot any hard drive whose boot sector has not
>been digitally signed by a trusted software company like Microsoft.
>I.e., computers that refuse to boot free software.  The rationale
>for this will be:  what good is it to have a laptop that will only
>boot Windows from the hard drive, if the thief can just put in a
>Knoppix CD and mount your Windows drive on Linux?
>
>  
>
Just off the top of my head, there are at least 3 better solutions to 
that little problem.  1) don't store sensitive stuff on the local drive 
(which IS guys have been saying for at least 10 years now).  2) Set the 
BIOS to only boot from the hard drive, and password protect it.  3) Use 
Encrypting File System, available on Windows 2000 and up.  EFS would 
still be vulnerable to reading the password file and 
dictionary-attacking it, but the files are not readable without a key 
that's connected to the Security ID.

For an operating system to work, there must be a well-defined interface 
between the hardware and the software.  Currently that's the BIOS, but 
if the BIOS is replaced with something else, it will either be an open 
standard any OS can write to, or somebody will manage to 
reverse-engineer it.  The xbox has plenty of hardware support for 
code-signing and such, but 3 different variants of it have already been 
broken.

>"Mark my words" 
> -- Jamie McCarthy http://mccarthy.vg/ jamie@mccarthy.vg
>