Apple, Intel and 'Trusted Computing'

[shamino]

You say that the "chips are simply encryption coprocessors". Why, of course they are! Thats the whole point. And they can potentially be controlled by someone else than you, and thats what scare people.

This is no different from the encryption software that already exists in your copy of iTunes, or in your DVD player.

If you're that worried about a hardware chip encrypting everything, then you should be equally worried about software in the OS and your applications doing the same thing.

Do you expect people to believe what you claim, even when thousands of computer security experts around the world think the opposite?

The "thousands of experts" you're citing all sound like a bunch of screaming loonies wearing tinfoil hats. I've read their documents. They make a lot of dire predictions, but include zero technical information to back up their claims.

If it were so simple and harmless as you make it sound, then why arent we hearing the same arguments from the members of TCG?

I'm not saying it's harmless. I'm saying that all the rights you think will be lost are already gone, and have been for a very long time. All the stuff people want to use this chip for are already being done in software. And guess what? The world hasn't ended yet.

There are already plenty of subscription services, proprietary document formats and DRM-wrapped files. The market has decided which ones it wants to put up with and which ones it doesn't. Which is why iTunes is popular and Real is not.

You seem to think that simply moving pre-existing functionality from software into hardware will magically bring about armageddon.

 

[shamino]

No, the Rosetta kernel extension probably checks if the PPC code is signed before executing it.

An interesting theory, considering that most application code is not signed.

I know I never got a certificate from anyone, so none of the programs I compile have any signature. Are you claiming that these won't run through Rosetta? That would be rather interesting, because it would make the entire feature useless.

But I think your suggestion was creative, even though so anti-tin-foil it made me laugh. It seems reasonable the encryption chip is used for...wait...wait...OpenGL! Yeaaayy.

I didn't say that was the use. I said it's a possibility.

A coprocessor is a coprocessor. Using a TPM chip as an outboard vector math unit is no different from programs that make GPU calls for non-graphical features (like some audio apps do.)

Given that Apple has set several precedents for using coprocessors in non-traditional ways, this possibility isn't much of a stretch.

 

[siliconjones]

Sorry in advance.

[soapbox]All I'm saying is if I want to get around a DRM I don't want my hardware working against me. I'm not a pirate but I do wish to retain the ability to be one if I was so inclined.

In addition, being a TiVo user and Mac user, DRM has really gotten my ire lately. I understand for HBO and other cable networks. But anything broadcast over the public section of the electromagnetic spectrum belongs to the people. I don't care if NBC spends a lot to produce Friends or the latest "Who wants to marry a so and so?" The airwaves it is broadcast on belongs to you and I. It is only on loan to the broadcasters on our behalf by the FCC, funny I don't seem to remember being asked if this arrangement is still agreeable. Especially now with the abolishment of equal time.

I've stripped the DRM from every track I've purchased from the iTunes music store. Come get me corporate goons, FBI, republicans!!! I wanted to be able to use them in Traktor Dj Studio. (gasp)

I'm waiting for the RIAA backlash against pod-casting because you know it is coming. Consumers have to look out for the best interest of each other. I tell you what I would much rather spend a little more for a CD, Movie, or any media to be able to use it how I want. Anyone who believes different is only being a media whore at the cost of their own consumer rights.

All this "intellectual property" stuff has gone way to far. Seeing as this is a Mac forum, I surmise a great number of us would call ourselves artists. The work of other artists has "always" been the muse of artists. Where would civilization be today if since the beginning there had always been such strict control of creative works. In fact there would be no bible. [/soapbox]

Ps. Maybe the bible would be open source. Would that mean the Richard Stallman would be Jesus?

 

[VIREBEL661]

Power Macintosh x86 Total Control Edition.

No thanks.

Exactly how I feel. This one of the many reasons why I've stuck with the Mac for so many years - no m$ spyware, etc...

 

[MarcelV]

Most of the comments I have read are based on so much speculation. You can almost argue that Mac OS X is already a TC product. Apple has control over the hardware, Apple build the hardware and Apple ensures that a third party solution works with OS X.. There is no such generic hardware platform. One of the most important reasons why OS X is a very secure environment, stable and is working relatively flawlessly.

Because of the much more generic environment Apple has to deal with in the Intel world, Apple has to do something to ensure the same robustness of the hardware/software integration as in the PPC world. The move to Intel is not an attempt from Apple to make OS X available for everyone to run on generic x86 hardware. Apple is most and above all a hardware company. So, if you don't like that, then why are you using Apple at all at this time? Nothing is changing. Apple has control now, Apple will have control then. Just the tool to accomplish this will differ.

 

[Loke]

An interesting theory, considering that most application code is not signed.

Actually, its the other way around I think. The code run on a TPM Mac propably isnt signed as you say, but the Rosetta kernel extension probably checks to see if the hardware is "signed" before executing the PPC code.

My previous claim is how the XBox encryption works, by preventing unsigned code to run. The OSX way of doing it is preventing code to run on "unsigned" hardware.

You seem to think that simply moving pre-existing functionality from software into hardware will magically bring about armageddon.

If this is the reason for your confusion, its pretty straight forward: With software you have a choice to not use it or not buy it. If TCPA becomes common on every computer sold, you dont have a choice any more. If your ISP demands you have a TCPA enabled computer in order to lease you an IP adress, you dont have a choice any more. If "every" other entity on the internet demand you have a TCPA enabled plattform before they will initiate a session with you, you dont have a choice any more. Not even GNU/Linux will help you here - which actually is what Im using and have been for over 10 years.

Perhaps this is MS et al grand master plan in order to get rid of an increasingly troublesome competitor which cant be bought, controlled, reasoned with (read: threatened) or competed against on price, despite being the worlds biggest money making company? How exactly does an open source plattform fit into RIAA/MPAA plans when it comes to DRM management? We all know the answer, and the reality is they want it to go away. The key word is control - and open source cannot be controlled. Its in its very nature. It is evolution at its best IMO.

So yes, I do try to avoid closed source applications the best I can but I also own a Mac mini in order to "broaden" my horisont and peek at what competitors do.

 

[gekko513]

With software you have a choice to not use it or not buy it. If TCPA becomes common on every computer sold, you dont have a choice any more.

You have the same choice on whether or not you want to buy a piece of hardware. If TCPA becomes as bad as you say it will, there will always be Linux on non TCPA hardware.

Some digital content may not be made available for non-TCPA solutions, but the owners of the content have every right to choose to make or not make their content available in whatever form. Usually they will choose the way that gives most income. Selling content that can be copied and distributed around the world with the click of a button, may not give the highest income, but selling content within a TCPA system that is so restrictive that most people don't like it will not give the highest income either.

 

[generik]

It's incredible how paranoid people get over something they know nothing about.

The chip in question does not do a thing without software support. It has specialized hardware that can run encryption/authentication algorithms very fast, but that's about it.

If you want to use it to restrict what kind of system software you install, then the ROM code must be designed to use the chip in that capacity. If an OS wants to use it to restrict what computers it installs onto, the OS must be designed to use the chip in that capacity.

You should realize that everything this chip does can also be done in software. A ROM can restrict what boots without this chip - it will simply take longer to run whatever encryption/decryption is necessary.

As for restricting what software you can run, again this requires the operating system to do the work. The chip can make the DRM algorithms run faster, but that's all it will do. An OS can do all the same things without the chip. The chip can not impose any restrictions on software without support from the OS.

If Apple wants to implement some kind of system-wide DRM (and all indications are that they are not going to do this) they can do so with or without this chip. The chip may make it easier or faster, but that's it.

Assuming that this chip ends up in production Macs (which it may not) and assuming Mac OS uses it for anything (which it may not), here is what I think it will be used for:

• Make sure Mac OS doesn't run on non-Apple computers.
• Provide a DRM-API for applications to use for their own documents. This would make programs like iTunes (which already use DRM) run a bit faster, and it would allow third-party apps to apply DRM to their own documents with a minimum of software development.
• Provide a facility where software publishers can get most of the benefits of a security-dongle without having to actually ship dongles to customers.
• Provide a facility where a system administrator (the owner or an IT department) to restrict what applications are installed. For home users, parents can keep their kids from installing unwanted programs. For corporate users, an IT department can restrict computers to only using the corporate-standard software suite.
• Provide a unique serial number for software registration, to prevent piracy.

These are what I think Apple may want to use the chip for. Not necessarily what it will be used for. Note also that every single one of these things can be implemented right now, without any special chips. This chip just makes the code run faster.

I am certain that Apple will NOT use it to:

• Apply DRM to all your documents whether you want it or not
• Force application developers to apply DRM to their documents
• Alert law enforcement/Microsoft/the boogieman whenever DRM-authorization fails
• Prevent the computer's administrator (owner or IT group) from installing any software he wants to install.
• Prevent you from installing Linux/Windows/whatever. Apple has explicitly stated that they will not take steps to prevent this.

If Apple wanted to do any of this nonsense, it could do it right now, without any special chips. The fact that they have done nothing even close to these speaks volumes.

After reading your post, I just had to reply..

Just some specs here:
http://developer.intel.com/design/pentium4/papers/DrMOS.pdf

Anyway you are right in saying that in order to implement all these lockin features it would require software support, however you are DEFINITELY WRONG when you say that the extra capabilities of the chip can be emulated with present day software too.

Software binaries can EASILY be patched and modified.. but with trusted computing.. hey, suddenly it is a lot harder to say anymore.... Plus, I have to add, with TC it is possible to restrict a system BIOS to boot only *certain* signed code.

If the OS refuses to allow you access to a file, and you can't boot another OS to recover your file, and the harddrive refuses to work in another system for which it is not signed for.... please tell me how you are going to get at data for which you have right for?

Now, some of us might be dual booting Linux/MacOSX users. Imagine even that right being eroded away.

I'm pretty sure Apple would want to do all the things you have listed, after all Apple is not a kind, nor nice.. person.. not like such traits could be attributed to it. While Apple is a person in law only, but in reality it is a Corporation, it is only responsible to its shareholders, and prove itself via its quarterly profits.

NO MORE! NO LESS! That's it!

And if these do give various kickbacks from other members of the TC group, I'm pretty sure nothing is stopping them. Definitely not you, the customer. Since when you mattered into this when they decided to increase the prices of their systems for all their loyal and faithful users for the sake of maxmizing their profits?

Before you rebutt it, stop and think again... isn't it true?

Think about the time Apple stopped including floppy drives with their macs.. and start happily selling macs with NO FORM OF REMOVABLE STORAGE, for what reason? Looks? Or *more possibly* to reduce costs? Or perhaps that time when they put in.. *wow weee* a second processor in the Tower G4, when there wasn't even any software support yet!

Let's admit it, Apple only wants to make money. Even if sometimes they have to stoop to less than honest ways to do it. That's Steve's one and only responsibility as the CEO.

Anyhow Microsoft has already gotten the patents nailed down for the short and curlies, so I guess even if Steve Jobs got infected by an evil germ he will still have to beg Bill for licenses!

Read some of the patents for yourselves.. they are truly the makings of a sick and demented mind...

http://cryptome.org/ms-drm-os.htm

It has nothing to do with paranoia.. because can anyone please explain to me why else would such capabilities be slowly implanted into our consumer products?

As I've said again, Corporations cannot be entrusted to be all Jesus-like and kind and generous.. even if they start off completely ignorant of the new possibilies afforded by DRM lock-in technologies, it is only a matter of time before *someone* thought of a way to do that, and the others would follow suit shortly.

Trust Apple? Perhaps... and I do hope day you guys are going to enjoy receiving that monthly bill for that 200 or so hours of Microsoft Office usage, lest your certificate be revoked, with the effect of making every single one of your documents inaccessible, and you getting fired.

Sounds far fetched?

Think how computers and Microsoft are like 15 years ago, look at computers and Microsoft today. Think about how computers and Microsoft WILL be like in 15 years.

Remember, progress is not linear, it happens at a faster and faster pace as more underlying techniques get developed.

Even if you won't be around to suck it up in 15 years time, think of what your kids will be enjoying.

It won't be pretty.. At least not that MacOSX Aqua kind of pretty...

Because of the much more generic environment Apple has to deal with in the Intel world, Apple has to do something to ensure the same robustness of the hardware/software integration as in the PPC world. The move to Intel is not an attempt from Apple to make OS X available for everyone to run on generic x86 hardware. Apple is most and above all a hardware company. So, if you don't like that, then why are you using Apple at all at this time? Nothing is changing. Apple has control now, Apple will have control then. Just the tool to accomplish this will differ.

Different levels of control my friend.. with TC, married with OS support, and further married with prevalent broadband access today, it is now possible to enact what's essentially a Corporate iron curtain over your OWN computer.

When that time comes I certainly don't mind if Apple gives me my PowerMac for free, but do you think that will happen? Of course not, first I will have to pay for the device through which I will "enjoy" the content, then I will get to pay for each time I watch DVDs and enjoy my applications.

Realise this. Up to this present day what's stopping the content industries from enforcing pay per use/view poliicies on consumers? The inability to control the signal path taken by their content to consumer's eyeballs!

Now with TC and DRM, essentially even single bit of electronics, be it in your HDTV (helllooooo new HDMI interface!) or your satelite receivers... or your DVD players.. everything.. bowing down to the will of the content producers, dilligently phoning home and "authenticating" each time you load a DVD, or fire up an applications..

It's Bill Gate's ultimate wet dream....

 

[gekko513]

Read some of the patents for yourselves.. they are truly the makings of a sick and demented mind...

http://cryptome.org/ms-drm-os.htm

It has nothing to do with paranoia.. because can anyone please explain to me why else would such capabilities be slowly implanted into our consumer products?

As I've said again, Corporations cannot be entrusted to be all Jesus-like and kind and generous.. even if they start off completely ignorant of the new possibilies afforded by DRM lock-in technologies, it is only a matter of time before *someone* thought of a way to do that, and the others would follow suit shortly.

I read the patent and it described a seemingly robust way of protecting some digital data from being copied or used in a way that it wasn't intented. I found nothing sickening about it. It seems like it would prevent the computer from multitasking properly while the protected content is in memory, though, which could lead to a not-so-userfriendly system.

Corporations aren't kind and generous, no-one thinks they are, but they have to care about their customers if they want to keep getting money from them.

And there is one thing that I don't get. You talk about all the scary things that TCPA can and will be used for by *someone*, yet I haven't to date seen one concrete example of a scary scenario that is plausible.

 

[techgeek]

I can't believe the amount of FUD being spread about here.

We are talking about a single chip on a developer pre-release motherboard that Apple have themselves stated should not be taken to reflect the actual shipping hardware.
This chip != "Trusted Computing". That requires not only the chip, but a complete software solution to make use of it and an infrastructure to support it.

Why don't we all calm down and wait to see what the shipping product is like before starting to panic.

 

[Loke]

It seems like it would prevent the computer from multitasking properly while the protected content is in memory, though, which could lead to a not-so-userfriendly system.

Can you say: P R E V E N T C O D E I N J E C T I O N? Thats the reason they wont allow multitasking when playing back DRM content. They want to CONTROL what YOU do with YOUR computer! With HDMI the content providers even get to descide what kind of screen their content is allowed to be played back at!!! Yet you claim time after time that you havent seen a concrete example of a scary scenario that is plausible. If its OK for you to be a corporate puppet, dont assume everyone has the same POV. I certainly dont.

 

[gekko513]

Can you say: P R E V E N T C O D E I N J E C T I O N? Thats the reason they wont allow multitasking when playing back DRM content. They want to CONTROL what YOU do with YOUR computer! With HDMI the content providers even get to descide what kind of screen their content is allowed to be played back at!!! Yet you claim time after time that you havent seen a concrete example of a scary scenario that is plausible. If its OK for you to be a corporate puppet, dont assume everyone has the same POV. I certainly dont.

Preventing code injection while handling protected data is a good thing isn't it? Allowing protected video content to play through any kind of video output would kind of ruin the protected part of protected content, wouldn't it? Especially if it is lossless digital playback. And by the way, I'm no-ones puppet and I buy the products that suit my needs the most.

 

[nargilamonster]

those bastards!

If Apple follows suit with this I'm switching to Linux. Maybe I'll buy a G5 before I do (in 2-3 years) but I imaging the prices of Macs without this security chip will remain high for years because people don't want the security chip macs.

 

[idea_hamster]

Kinda sorta. Couldn't one also argue that the government has a duty - a constitutional one - to protect you from such intrusion by enforcing existing laws against this sort of thing? Failure to do so could be interpreted as a violation of constitutional rights?

A great idea, and I wish it were so.

Unfortunately, such an argument would get tossed out of court. It isn't that different from saying that the police should have prevented the burglar from breaking into my house and stealing my TV. If your TV gets stolen, you probably can't sue the government for letting it happen.

Besides, I wasn't suggesting that the government (federal or state) would fail to enforce the law. I haven't looked into whether there is are state or federal laws against a company controlling some software on your computer. (BTW -- Take iTunes. I'll admit right now that Apple could have put a clause in one of the licensing agreements that says that I have to sit in pickle juice for 24 hours. I haven't read them.)

My basic point was that one non-government "person" (like Adobe or Bill Gates) simply can't violate the constitutional rights of another non-government "person" (like you or me).

If the police enter your house without a warrant, find contraband and arrest you, it could be (but is not necessarily) a Fourth Amendment violation. If Steve Jobs enters your house without a warrant, finds contraband and has you arrested, it could be theft, burglary, tresspass, breaking and entering or lots of things -- but it's not a constitutional violation.

 

[AidenShaw]

Look on the bright side - it'll make "activation" so much easier for Apple

If Apple follows suit with this I'm switching to Linux. Maybe I'll buy a G5 before I do (in 2-3 years) but I imaging the prices of Macs without this security chip will remain high for years because people don't want the security chip macs.

The upside of this is that Apple can implement "activation" (locking OSX licenses to individual nodes) so easily.

You won't have the "I changed the NIC and upgraded my disk, now I need to re-activate" problem that potentially hits Windows activation.

The unique key in the TPCA chip can be tied to the OSX license.

Think of how much additional profit Apple will make when you'll have to buy a unique Leopard license for each system - you won't be able to buy one license and install it on both your Powermac and your Powerbook.

Cha-ching! Cha-ching!

 

[shamino]

If this is the reason for your confusion, its pretty straight forward: With software you have a choice to not use it or not buy it. If TCPA becomes common on every computer sold, you dont have a choice any more.

Why? Every single spec says the chips can be disabled. As a matter of fact, are required to be shipped to customers in the disabled state.

If your ISP demands you have a TCPA enabled computer in order to lease you an IP adress, you dont have a choice any more.

What if your local ISP demands that you install a proprietary DRM kernel extension in your operating system before letting you connect?

There is no difference.

If "every" other entity on the internet demand you have a TCPA enabled plattform before they will initiate a session with you, you dont have a choice any more. Not even GNU/Linux will help you here - which actually is what Im using and have been for over 10 years.

This can also happen without a hardware chip.

 

[obeygiant]

i just hope this doesnt mean viruses for mac computers

 

[Yarvin]

It depends on what it's used for. If it's just for software and media where the copyright holders want to use it, well, they're doing that already. However, if it's like Microsoft's Palladium where software has to be "certified" to run, no way. I like Open Source software and want to be free to use any version of it I please, certified or not, which is what Palladium threatens (all in the name of security, of course).

Anyway, we'll see what happens.

 

[shamino]

However, if it's like Microsoft's Palladium where software has to be "certified" to run, no way.

Nobody is saying that Palladium (or anything similar) will force every user to run nothing but signed applications.

The purpose is so that a corporate IT department can put their stamp of approval on the apps they want to support, and prevent their employees from installing anything else.

A lot of corporations have policies like this now, but enforcement is difficult, usually involving remote-access software to detect unauthorized apps, followed by corporate disciplinary action when unauthorized apps are detected. It saves everybody a lot of time (and the employees a lot of aggravation) if the OS can block the app at the time of installation instead.

None of this is in any way applicable to a home user. After all, how is Microsoft going to know what apps you want to allow on the computer and what you don't want to allow? And before you answer "only allow what Microsoft signs", think about the impossible situation that would put them in. All software development would effectively cease, because nobody is going to run his app through a certification process every time he compiles his code (which may happen dozens of times a day while a program is under development.)

As much as you may think Microsoft wants to rule the world, they don't want to put the entire software industry out of business. They know very well that they would end up putting themselves out of business at the same time.

 

[shawnce]

i just hope this doesnt mean viruses for mac computers

Yes lots of them... but each virus will only run on a specific system with a specific key... so Apple will have to distribute them

 

[Draelius]

This sounds like a ploy...

...to boost current Powerbook sales.

Gives Apple an out to end production of their notebook series with the G4.

On a serious note, it'll be a cold day in hell before Apple gets me to pay them to control my computer.

 

[cgc]

hasn't trusted computing been around since about 1999 when those id chips were being implimented into the pentium 3's? i remember those being a huge privacy concern at that point in time..

Would this Trusted Computing chip interfere with the Mind-Control Chip the U.S. Government has imbedded in my head?

 

[iMeowbot]

Would this Trusted Computing chip interfere with the Mind-Control Chip the U.S. Government has imbedded in my head?

Ah, you must be thinking of Operation Bluetooth. The beauty of the technology is that They don't even need implantable devices, all it takes is a small amount of social engineering and subjects are begging to carry the transmitters around. Don't forget to "synchronize" your "telephone"!

 

[cgc]

Ah, you must be thinking of Operation Bluetooth. The beauty of the technology is that They don't even need implantable devices, all it takes is a small amount of social engineering and subjects are begging to carry the transmitters around. Don't forget to "synchronize" your "telephone"!

I KNEW IT!

 

[Loke]

This might be appropriate...

"Did you really think that we want those laws to be observed?" said Dr. Ferris. "We want them broken. You'd better get it straight that it's not a bunch of boy scouts you're up against - then you'll know that this is not the age for beautiful gestures. We're after power and we mean it. You fellows were pikers, but we know the real trick, and you'd better get wise to it. There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens' What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted - and you create a nation of law-breakers - and then you cash in on guilt. Now that's the system, Mr. Rearden, that's the game, and once you understand it, you'll be much easier to deal with."
- Ayn Rand, Atlas Shrugged, 1957

-