Free Rootkit with Every New Intel Machine

[Hal Finney]

Ian Farquhar writes:
> [Hal Finney wrote:]
> > It seems odd for the TPM of all devices to be put on a pluggable module as 
> > shown here.  The whole point of the chip is to be bound tightly to the 
> > motherboard and to observe the boot and initial program load sequence.
>
> Maybe I am showing my eternal optimist side here, but to me, this
> is how TPM's should be used, as opposed to the way their backers
> originally wanted them used.  A removable module whose connection to
> a device I establish (and can de-establish, assuming the presence of
> a tamper-respondent barrier such as a sensor-enabled computer case to
> legitimize that activity) is a very useful thing to me, as it facilitates
> all sorts of useful applications.  The utility of the original intent
> has already been widely criticised, so I won't repeat that here.  :)

Would that basically be the same as a removable smart card or
crypto token?  Those do exist and I agree that they have many useful
applications.  However their purpose is somewhat different from the TPM,
which is more specialized.


> It also shows those interesting economics at work.  The added utility of
> the TPM module (from the PoV of the user) was marginal at best despite
> all claims, yet it facilitated functionality which was contrary to
> most user's interests.  The content industry tried to claim that the
> TPM module would facilitate the availability of compelling content -
> which they tried to sell as it's user utility - but like most of their
> claims it was a smoke and mirrors trick.

At this point we are reduced to speaking hypothetically.  The TPM has
not provided either much benefit or much harm so far.  It has not (AFAIK)
been used to protect any content, for good or evil.  It has instead only
been used as a sort of glorified, non-removable smart card, which indeed
does not provide much utility.


> Consequently, the razor-edged economics of the motherboard and desktop
> industry has comprehensively rejected TPM except in certain specialized
> marketplaces where higher profit margins are available (eg. Servers,
> corporate desktops).  The chipset manufacturers have also failed to add
> this functionality to their offerings to date.
>
> Now Vista has added Bitlocker, which arguably adds a user valuable feature
> for which a TPM module is needed (yes, you can run it without TPM, but
> it's painful).  I wonder if we'll start to see more "TPM connectors"
> appearing, or even full TPM modules on motherboards and cores on south
> bridge dies?

I think the focus is likely still to be on laptop systems where the
benefits of an encrypted file system are especially high.  However if
Bitlocker comes down to the lower level Vistas then we may see TPMs
start to appear on lower end laptops.


> Personally, I'd like to see a TPM implemented as a tamper-respondent
> (ie. Self-powered) module mounted on the motherboard in a socket which
> allows removal detection.  That way you get the flexibility of moving
> the module, with the safety of a programmed response to an unauthorized
> removal.

Interesting idea, although it's not clear what you would do with it.
The TPM architecture is enormously complex but it is entirely focused
on binding a TPM to a platform.  Breaking that rule would invalidate so
much of the TPM design that you might do better starting with a new chip
with its own functions and purpose.

Hal Finney

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com