Intel's D865GRH reference motherboard
Intel's PDF on LaGrande and TCI
Some highlights:
Requires new hardware that ranges from motherboard and processor down to specific keyboards, BIOS, and graphics cards. If this isn't a recipe for hardware vendors making ridiculous amounts of money on refreshing the purchase cycle, I'd love to hear what it is.
Also, see the widespread criticism of "signed code" approach, and how it's the vulnerability in XP currently.
IBM defends TCA and states that they offer products with the chips already.
Tom's Hardware references the existing, manufactured chipsets:
National's SafeKeeper family includes two parts, the PC8374T Desktop and PC8392T Notebook Trusted I/O devices, which are based on National's embedded 16-bit CompactRISC core technology. Both reside on the low-pin-count (LPC) bus, which sits at the intersection of input devices to the PC. Both chips are based on TCG's TPM 1.1b specification. The desktop chip is priced at $5 in 1,000-unit volumes, the notebook chip at $7.
CNet coverage:
Applauded in the paper are three features of the best-known trusted computing technology, Microsoft's Next-Generation Secure Computing Base, that may be positive ways of securing consumers' computers. However, the EFF criticized a fourth feature--known as remote attestation--as a threat that could lock people into certain applications, force unwanted software changes on them and prevent reverse engineering.
Remote attestation allows other organizations that "own" content on a person's computer to ascertain whether the data or software has been modified. Such technology could easily be at odds with a computer owner's interests, said Seth Schoen, staff technologist for the EFF and the primary author of the paper.
...
The companies have formed a new group, the Trusted Computing Group, to work on a single hardware design that will be supported by a number of software programs, including Microsoft's controversial security prototype.
More CNet:
Richard Stallman, founder of the Free Software Foundation and of the GNU project for creating free versions of key Unix programs, lampooned the technology in a recent column as "treacherous computing."
"Large media corporations, together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you," he wrote. "Proprietary programs have included malicious features before, but this plan would make it universal."
He and others, such as Cambridge University professor Ross Anderson, argue that the intention of so-called trusted computing is to block data from consumers and other PC users, not from attackers. The main goal of such technology, they say, is "digital-rights management," or the control of copyrighted content. Under today's laws, copyright owners maintain control over content even when it resides on someone else's PC--but many activists are challenging that authority.
Extremetech dissects an Intel Presentation:
Looking at the above slide, you can see that CPU extensions were required to ensure domain separation, and to provide a secure space for the protected kernel and domain manager (DM) software. This means that the protected kernel and domain manager must be able to operate at a privilege level that is more privileged than Ring 0 in today's x86 CPUs. You may recall that many core OS services, kernel functions, and device drivers generally operate at Ring 0. Application software operates at Ring 3, and Rings 1 and 2 in x86 chips aren't really used much, though available if intermediate levels are desired. The problem in today's x86 architecture is that hacking programs can compromise Ring 0 security, and therefore a safer, restricted-access, unhackable (one hopes) protection level is required.
While Intel did not formally name this highest protection level yet, I saw a few references to "Ring -1" in a few foreign tech Web sites earlier this year, though they were simply concocting a logical name based on what little was disclosed about LaGrande at the time. It is supposed to be near impossible (though we know we might eat these words someday) for a hacker or errant application to set itself running at this highly privileged privilege level, or access other protected code residing and/or executing at that level. I'll soon describe how the trusted execution environment is set up based on Grawrock's class material.
...
Only USB mice and keyboards are covered by LT technology as protected input devices as defined today, not PS/2 mice and keyboards. Also, graphics adapters must be re-architected to support a secure channel from the system to the frame buffer. The ICH (I/O controller hub) has protected access to the TPM for reading and writing information. Finally, in order to be considered a LaGrande-compliant platform, the system must include an LT CPU, LT compatible chipset, and the new TPM version 1.2. The TPM v1.2 specification is not available yet, but to get familiar with the technology you can download the latest public TPM 1.1b spec. Note that the Trust Computing Group's TPM spec provides a superset of TPM capabilities required by LT.
