Free Rootkit with Every New Intel Machine

David G. Koontz david_koontz at xtra.co.nz
Mon Jun 25 00:42:56 EDT 2007 

Peter Gutmann wrote:
> "Ian Farquhar (ifarquha)" <ifarquha at cisco.com> writes:
> 
>> For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which "features security
>> enhancement by TPM".  More common (ASUS, Foxconn) was the "TPM Connector",
>> which seemed to be a hedged bet, by replacing the cost of the TPM chip with
>> the cost of a socket.
> 
> Those are actually misleading, since there's no certainty that you'll be able
> to find anything that'll actually plug into them.  That is, not only are the
> TPM whatever-they-are-that-goes-there's almost impossible to find, but if you
> do find one there's no guarantee that it'll actually work when plugged into
> the header. In practice this is just a way of adding the "TPM" keyword to your
> marketing without having to actually do anything except include a dummy header
> on the MB.

There are third party TPM modules, which could allow some degree of
standardization:

http://www.ieiworld.com/en/news_content.asp?id=erbium/projectOBJ00244201&news_cate=News&news_sub_cate=Product

The IEI TPM module is used in their own motherboards and some VIA
motherboards.  They actively market the pluggable modules.  Thinkpads
appear to use a different connector:
https://www.cosic.esat.kuleuven.be/publications/article-591.pdf
30 pins instead of 20 pins.  The Low Pin Count bus is an ISA bus
replacement is specified as the TPM interface, and isn't defined for
connector use, so a connector pin out isn't standardized.

http://www.intel.com/design/chipsets/industry/25128901.pdf  (the spec)

> 
> (For people who don't work with the innards of PCs much, most motherboards
> have assorted unused headers, sites for non-installed ICs, and so on, as a
> standard part of the MB.  The TPM header is just another one).
> 
> Peter.
> 

In addition to pluggable modules, TPM can also be an assembly bill of
materials option, where you have a  chip and a few passive components
not stuffed for non-enterprise PCs or notebooks.  The advantage of a
pluggable module would be to allow late binding build configurations
when you can't adequately forecast demands.

Even the low costs of TPM hardware, patent licenses, BIOS licenses,
etc., are probably enough to prevent blanket inclusion in personal
computers not intended for enterprise use today.  TPM can also be built
into chip sets like Intels Bearlake, which removes the hardware cost.
TPM may well end up being present ubiquitously.

One of the driving forces for TPM adoption going forward will be
enterprise remote or "distributed" management. http://www.dmtf.org/home
Doing distributed management with TPM allows some degree of security
that would otherwise be missing. Distributed management is  the purpose
of Intels vPro and iAMT initiatives.  Note that the distributed
management push is relatively recent, going mainline in the last year or
so and may  signal an upcoming acceleration in TPM adoption.  Also of
note is that the membership list for the Distributed Management Task
Force contains most of the big name PC sellers.

Distributed management can be OS 'gnostic, the driving need is the
ability to handle large volumes of software updates and security
patches. While some OS's require large volumes of security patches,
others are evolving fast enough to require automated  updates. We're
pretty much guaranteed to see see enterprise adoption across all platforms.

Linux supports TPM devices directly, as will Solaris.  Apple (mis)uses
TPM to unsuccessfully prevent OS X from running on non-Apple Hardware.
All Apple on Intel machines have TPM, that's what 6 percent of new PCs?
 There is a virtual TPM in Xen, IBM would tell you that you can't
operate a trusted computer with out a security server for providing
virtual TPM storage.  They're willing to sell you one and Microsoft
doesn't want you to operate Vista virtually without a trustworthy
Trusted Platform Module.

It may be inappropriate to build a system with absolute trust in TPM to
protect "intellectual property".  There are other architectures that can
do better, say a blade server running a virtual copy of an OS.  The
element providing greater security is removing the potentially malicious
end-user from physical access, and not allowing access beyond the
virtual machine.  Thin clients and web applications come to mind for
protecting corporate secrets, too.  TPM is predicated on the notion that
the corporate universe is comprised of fully capable computers.  The
idea for Trusted Computing comes mainly from hardware vendors, so the
bias isn't surprising.

No one likes the idea of TPM on their personal machines,it's really
driven by enterprise needs, although you could imagine a market for a
service intended to keep your personal Windows PC updated.  There can be
useful side effects to having TPM on personal computers.  TPM could
provide secure storage for keys to software or hardware encrypted disk
drives, the alternative might imply uncovering the equivalent of master
keys over questionable channels during boot up. Secure Disks with
hardware encryption may have little or no cost penalty and
Linux/BSD/Solaris, etc., will accommodate them at some point.








































---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list