Free Rootkit with Every New Intel Machine
Ian Farquhar (ifarquha)
ifarquha at cisco.com
Sat Jun 23 18:41:03 EDT 2007
I agree with Peter here. I also tried to procure a motherboard with a TPM chip - to play with Bitlocker mostly - and came to
the same conclusion.
I did find a few MBs, mostly from Intel, and a couple of other vendors. All of these were corporate-style MB's, as opposed to
the gamer/enthusiast style I needed.
For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which "features security enhancement by TPM". More common (ASUS, Foxconn) was
the "TPM Connector", which seemed to be a hedged bet, by replacing the cost of the TPM chip with the cost of a socket.
I also went looking for a TPM on some other delivery mechanism (USB stick? PCI card? Anything...) but didn't turn anything up
I was actually able to purchase at the time (but maybe not now - see the BCM5751 below).
There's a slightly out of date matrix of products here:
http://www.tonymcfadden.net/tpmvendors_arc.html
I too have heard rumors of TPM functionality being included in either North or South Brigdes, but I haven't seen that happen yet
(aside from Intel, few vendors release detailed chipset datasheets anyway). Winbond do have a "Trusted IO" series of chips
which are basically LPC controllers plus the TPM chip (all now "not recommended for new designs"), and Transmeta did embed the
TPM in the TM5800. Apparently Broadcomm also did embed a TPM on their BCM5751 and BCM5751M ethernet controllers.
Interestingly, you will find the BCM5751 on several high end motherboards, but the presence of TPM functionality isn't often
mentioned. Riiigggghhhhtttt.... :)
Apple is one vendor who I gather does include a TPM chip on their systems, I gather, but that wasn't useful for me.
Ian.
-----Original Message-----
From: owner-cryptography at metzdowd.com [mailto:owner-cryptography at metzdowd.com] On Behalf Of Peter Gutmann
Sent: Saturday, 23 June 2007 10:49 PM
To: Jeff.Hodges at KingsMountain.com
Cc: cryptography at metzdowd.com
Subject: Re: Free Rootkit with Every New Intel Machine
Jeff.Hodges at KingsMountain.com writes:
>my understanding from a person active in the NEA working group (IETF)
>is that TPMs these days "come along for free" because they're included
>on-die in at least one of said chips.
Check again. A few months ago I was chatting with someone who works for a large US computer hardware distributor and he located
one single motherboard (an Intel one, based on an old, possibly discontinued chipset) in their entire inventory that contained a
TPM (they also had all the ex-IBM/Lenovo laptops, and a handful of HP laptops, that were reported as having TPMs). He also said
that there were a handful of others (e.g. a few Dell laptops, which they don't
carry) with TPMs.
I've seen all sorts of *claims* of TPM support, but try going out and buying a PC with one (aside from IBM/Lenovo and the
handful of others) - you have to look really, *really* hard to find anything, and if you do decide you specifically want a
TPM-enabled MB or laptop you're severely restricting your options (unless it's a Lenovo).
Unless something truly miraculous happens, TPMs are destined to end their lives as optional theft-discouragement gadgets for
laptops (assuming they're running Windows XP, or possibly Vista if you can find the drivers). They've certainly failed to make
any impression on the desktop market.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list