Free Rootkit with Every New Intel Machine

Ian Farquhar (ifarquha) ifarquha at cisco.com
Mon Jun 25 19:50:50 EDT 2007 

> It seems odd for the TPM of all devices to be put on a pluggable module as 
> shown here.  The whole point of the chip is to be bound tightly to the 
> motherboard and to observe the boot and initial program load sequence.

Maybe I am showing my eternal optimist side here, but to me, this is how TPM's should be used, as opposed to the way their
backers originally wanted them used.  A removable module whose connection to a device I establish (and can de-establish,
assuming the presence of a tamper-respondent barrier such as a sensor-enabled computer case to legitimize that activity) is a
very useful thing to me, as it facilitates all sorts of useful applications.  The utility of the original intent has already
been widely criticised, so I won't repeat that here.  :)

It also shows those interesting economics at work.  The added utility of the TPM module (from the PoV of the user) was marginal
at best despite all claims, yet it facilitated functionality which was contrary to most user's interests.  The content industry
tried to claim that the TPM module would facilitate the availability of compelling content - which they tried to sell as it's
user utility - but like most of their claims it was a smoke and mirrors trick.

Consequently, the razor-edged economics of the motherboard and desktop industry has comprehensively rejected TPM except in
certain specialized marketplaces where higher profit margins are available (eg. Servers, corporate desktops).  The chipset
manufacturers have also failed to add this functionality to their offerings to date.

Now Vista has added Bitlocker, which arguably adds a user valuable feature for which a TPM module is needed (yes, you can run it
without TPM, but it's painful).  I wonder if we'll start to see more "TPM connectors" appearing, or even full TPM modules on
motherboards and cores on south bridge dies?

Personally, I'd like to see a TPM implemented as a tamper-respondent (ie. Self-powered) module mounted on the motherboard in a
socket which allows removal detection.  That way you get the flexibility of moving the module, with the safety of a programmed
response to an unauthorized removal.

Ian.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list