Apple, Intel and 'Trusted Computing'

[shamino]

When you buy an application, movie, ebook or tune and the vendor locks that item down to your machine it can be a very bad thing. ...

You mean, like music dowload sites to right now without any special hardware?

Now imagine losing your own personal data to this. Consider that some vendors may not like you doing sidegrades to other vendor's software. They can use this with proprietary formats to lock your data to their software.

And what stops them from doing this right now? They don't need TPM to store user-data in proprietary formats.

As a matter of fact, they do do this right now. Ever try to open an MS Outlook mailbox file from another application? It's incredibly difficult. And they do it without any TPM system.

This also enables pay-per-use software, music, videos, etc. Hollywood, the music industry and even the software industry have been trying to implement this for years.

They are implementing this right now. iTunes is one such example. Some such programs succeed and some fail, depending on what the users think of the service and its restrictions.

The addition of a hardware chip to make the encryption easier won't change this.

 

[cubist]

And who is going to do this?

Apple? Microsoft? Some secret government agency?

The reason for TCPA is so a corporation can control the machines they bought and paid for. So they can cut off an employee after his job is terminated, or to disable a laptop that may have been stolen.

Or so a software company can lock you out of access to your documents if they think that you did something wrong or didn't pay this month's protection money.

 

[savar]

3. The TPM chip in question is protected with a RSA encryption key pair, and is virtually unhackable unless someone somewhere made a flaw in the actual design around the TPM chip. You could essentially spend thousands of years trying to brute force the RSA key pair with all the computing power in the world, and still not succeed. This is serious ****.

How large is the private key? Haven't 256-bit keys been brute-forced by distributed computing?

 

[pubwvj]

I'd rather there were no DRM or annoying copy protection in the world. Give a big "thanks" to the pirates who steal software and music, for bringing these issues into our lives.

Ironically, realize that by far most of the pirated music, movies and software is done by professional pirates in places like China. Every security system can be cracked. They will crack it. Like most copy protection this will end up inconviencing the legitement buyers far more than the pirates and it won't make hardly any dent in the rate of piracy.

Furthermore, companies screw up. They make mistakes with the hardware and software. Putting the copy protection into hardware means that the mistakes will be that much harder and more expensive to correct.

This sort of thing is a very good reason to buy a Mac now, before Apple rolls out the MacIntel monsters, and then keep using it for a decade or more for the dust to settle before you start trusting "Trusted Computing".

 

[pubwvj]

How large is the private key? Haven't 256-bit keys been brute-forced by distributed computing?

Yes, years ago with significantly less powerful computers than we have today. All crypts will be cracked, all cracks will be hacked.

 

[shamino]

Or so a software company can lock you out of access to your documents if they think that you did something wrong or didn't pay this month's protection money.

And what makes you think there aren't companies doing that right now?

What do you think happens to your iDisk if you stop paying for your .mac account?

 

[SiliconAddict]

It can be used as a solid basis for advanced security features that will benefit large media conglomerate.

Fixed that for you.

 

[SiliconAddict]

Yes, years ago with significantly less powerful computers than we have today. All crypts will be cracked, all cracks will be hacked.

Ummm no...Wait a few year when quantum encryption hits the mainstream market.

 

[shamino]

The hackers from OSx86 report that the Rosetta binary constantly perform function calls to the Infinion TPM chip when running certain parts of the GUI, ergo the chip was ordered specifically by Apple, or the team developing Rosetta for Apple, to be present.

I was thinking further about this, and there's another even more obvious reason for this.

An encryption chip, when you get right down to it, is nothing more than a math coprocessor with a bunch of specialized functions. The functions that are used by encryption involve large-matrix arithmetic, raising large numbers to large powers, vector math on large arrays, non-linear sequence generation, etc.

What else uses this stuff? Graphics does.

You said it's being used for the GUI. Well, unless you're playing a DVD, there's no encryption involved in GUI code. But there is a huge amount of matrix and vector math if you make any use of OpenGL or CoreImage.

Now what is more likely, given what we know about Apple?

Steve Jobs decides that his company has built up enough goodwill and decides to become Hitler On Ice.

Or some creative programmers in Apple realize they have another x MFLOPS of processing power, thanks to that chip, and decide to take advantage of it to speed up some of the GUI code.

 

[shamino]

Ummm no...Wait a few year when quantum encryption hits the mainstream market.

Quantum encryption just means you'll need quantum hardware to break it. If everybody has quantum computing hardware (which they'll need if this concept ever becomes a product) then everybody will have the capability of breaking it.

 

[SiliconAddict]

The one big thing that people are missing is that the chips on the hardware mean exactly jack squat if the OS doesn’t support it. If Apple only programs their future OS’s to only use these chips to lock down X content or Y OS that is the only thing that can be used (Well short of third party companies building drivers to support the hardware to integrate into the OS but practically speaking that is prohibitively expensive for small time development shops.)
It all boils down to HOW apple is going to support these chips. Its hardly black and white or on and off. Apple may simply decide to use these chips to lock the OS to this type of hardware. Or they could use it for their own media content to make sure that the shanigans that have happened in the past with software such as HYMN doesn’t happen again. Or they could go as far as integrating an API into their system that allows a company to lock their content or software or [Y]. Its too early to tell where Apple is going with this. With their latest announcements from the 2 button mouse to X86, to the Mac Mini its pretty obvious Apple wants to be a major player again in the PC / Home entertainment industry. This frankly makes me fear the worst. Is Apple, which I mean is Jobs, willing to compromise their corporate morals for a large piece of the pie? MS certainly is which is music to the MPAA and RIAA’s ears. Apple may simply have no choice in the matter if they don’t want to be left in the dust. Only time will tell where Apple’s priorities are and how much they are willing to screw their user base over.

 

[pubwvj]

And what makes you think there aren't companies doing that right now? What do you think happens to your iDisk if you stop paying for your .mac account?

Exactly. One of the reasons I don't use .Mac at all. I don't want my internal system dependent on external servers like that.

 

[Loke]

Extrapolating this to "every Mac sold will have one" and "you won't be able to run what you want on your computer" is speculation and paranoia.

No more so than you speculating that the chip was incidentally present on the boards Apple bought, or how they dont neccessary use the chip at all despite it being present. Which we now know, of course, was BS.

You say that the "chips are simply encryption coprocessors". Why, of course they are! Thats the whole point. And they can potentially be controlled by someone else than you, and thats what scare people.

Do you expect people to believe what you claim, even when thousands of computer security experts around the world think the opposite? If it were so simple and harmless as you make it sound, then why arent we hearing the same arguments from the members of TCG? Are the hundreds of thousand of well informed opponents of TCPA so frikkin stupid, while you have "seen" through it all and understood the bigger picture? Either you have very high thoughs about yourself or you are being naive - no pun intended.

And who is going to do this?

Apple? Microsoft? Some secret government agency?

Its not far fetched that MS want to base their software model on subscription instead of licenses. Several software vendors have even said this model is believed to be the future. In fact, I think MS just bought a company specializing in delivering applications over a network.

In such a scenario, you are pretty much dependent on the functions provided by a TCPA plattform in order to "do it securely" from a corporate POV. If you dont renew your subscription for the program at a rate deemed fit by the producer, you dont get to view your files. Its actually that simple.

 

[Loke]

I was thinking further about this, and there's another even more obvious reason for this.

An encryption chip, when you get right down to it, is nothing more than a math coprocessor with a bunch of specialized functions. The functions that are used by encryption involve large-matrix arithmetic, raising large numbers to large powers, vector math on large arrays, non-linear sequence generation, etc.

What else uses this stuff? Graphics does.

You said it's being used for the GUI. Well, unless you're playing a DVD, there's no encryption involved in GUI code. But there is a huge amount of matrix and vector math if you make any use of OpenGL or CoreImage.

Now what is more likely, given what we know about Apple?

Steve Jobs decides that his company has built up enough goodwill and decides to become Hitler On Ice.

Or some creative programmers in Apple realize they have another x MFLOPS of processing power, thanks to that chip, and decide to take advantage of it to speed up some of the GUI code.

No, the Rosetta kernel extension probably checks if the PPC code is signed before executing it. But I think your suggestion was creative, even though so anti-tin-foil it made me laugh. It seems reasonable the encryption chip is used for...wait...wait...OpenGL! Yeaaayy. As if the dedicated graphics card in every Mac wasnt enough. Of course the TPM chip is being used by the GUI. The Darwin kernel is OPEN-SOURCE you know. Not much point in putting the fancy and very hush-hush TPM API calls and public encryption key into that one now, is it, so every hacker out there can poke it with a stick? You really made my day here. LOL.

 

[ph0rk]

Yeah right...1984 is a dead theory in my book, try Jennifer Government

Actually, "orwellian" usually means authoritarian (or totalitarian), rather than socialist.

You can have an orwellian world governed by corporations for example...

oh wait we already do.

at any rate, I don't see this as troublesome:

I wouldn't be surprised if the trusted hardware magic is how they plan on dealing with the issue of keeping OSX on macs, post intel switch.

 

[skinlayers]

Quantum encryption just means you'll need quantum hardware to break it. If everybody has quantum computing hardware (which they'll need if this concept ever becomes a product) then everybody will have the capability of breaking it.

Incorrent. Quantum computers with allow us to brute force any current encryption method that uses public keys (like RSA, SSL, SHA-1, etc). This is do to the fact that a qbit (quantum bit) can be both on and off at the same time. Enough qbits, and you have every single possible combination calculated and tested at once.

BUT

Along with quantum computing comes quantum encryption. Just like quantum physic's weird laws allow us to break any normal PKI encryption, it also allows us a new kind of unbreakable encryption. In a quantum system the act of observing changes a system. So the merely observing the data will alert both parties that the data stream is being tampered with. Pretty neat, huh?

 

[Freyqq]

Intel switch sounds good to me.

Face it. Macs are lagging in the hardware aspect right now but heavily excelling in the software aspect. Imagine if the hardware was even and software was excelling. Then imagine windows apps working on macs. People would have no reason to go windows anymore....

 

[Muzukun]

well... looks like my windows box will always have a special spot in my heart, and my room no matter what now ... *tosses money and upgrades the way of his windows pc* make my monster grow! ... *is to happy today*

 

[chukronos]

does this mean that they will have a G5 powerbook this year?

Anybody know how to build your own laptop and run OSx? I know you can build your own windows laptop but not sure about apple. When they release the new computers it would be great to be able to build your own and possibly avoid adding the unwated "big brother" chip.

 

[pubwvj]

Ummm no...Wait a few year when quantum encryption hits the mainstream market.

Quickly followed by the massive quantum parrellel group processors employed by the hackers, crackers and pirates to break the quantum encryption in record time!

 

[MontyZ]

.

 

[SiliconAddict]

Quickly followed by the massive quantum parrellel group processors employed by the hackers, crackers and pirates to break the quantum encryption in record time!

*sighs* Learn how the tech works before making comparisons to brute force attacks.

 

[puuukeey]

in response to whoever that was... plugin piracy was one of the first markets affected. Why else would they be the ones "driven" to use the ilok. and it freaks a lot of people out. it's one more step of beurocrosy in getting the things I OWN to work. and I do own them. DAW software was one of the leading uses of a mac when plugin piracy crept up. I'm a software developer too and I buy pleanty of software. try not to be so partisan

 

[Arcady]

I don't understand why everyone is in an uproar over this DRM stuff. Apple is just using it to make sure that OS X stays on computers that they build.

And some hacker will have it cracked in 12 hours after it is released, so who cares anyway?

 

[leekohler]

If I buy a machine I want to be able to do what I want with it. Free will. Whether we will for good or for bad should be up to us entirely. If you produce a machine that takes away that free will, don't expect me to buy it. I think everyone should feel this way. If you don't you must be one of THOSE people.

I agree entirely. It's my machine in my home.