Free Rootkit with Every New Intel Machine

[David G. Koontz]

David G. Koontz wrote:

> 
> I picked on one motherboard, a Gigabyte GA-P3-DQ6 which has the 20 pin
> header for the IEI TPM pluggable. After an extensive investigation I
> found no direct evidence you can actually do as Peter states and roll
> your own building a TPM enabled system. That includes downloading the
> BIOS and trying to search it.  Found evidence of a TPM driver, no hard
> proof though.  Why the emphasis on doing this as an end user anyway?
> Heck you should have seen how hard it was to get DVDs to work with
> Windows98 on an Intel D815 motherboard as an end user.  If took the same
> level of investigation, and I still got lucky.  The information
> necessary is available to OEMs, not generally end users.  Looking across
> various vendors motherboards you see statements in the specifications
> stating TPM v1.2 support which I'd be inclined to think means BIOS
> support.

I found another Gigabyte board GA-N680SLI-DQ6 with TPM, available from
Ascent here in New Zealand.  I looked at the BIOS for it.  It was close
to brand new and mentioned it would take loadable drivers and didn't
have reference to TPM.   This leads creedence to the requirement for OEM
access to enable TPM.  The TPM driver wasn't available on the download
page for the board.  This board has the IEI 20 pin connector on it.

The IEI page provides no links to documentation.  The page shows various
software management interfaces that are specific to TPM chip vendors, so
I looked for them up.  There are three modules based on infineon, atmel
and sinosun TPM chips.

Looking at the Infineon TPM v1.2 page we see the complete information
isn't publicly available.  There is no indication of how to do PC-BIOS
integration, no in depth datasheet/manual, etc.  It's probably not
possible to to implement under windows without a partnership.

I checked the Atmel site and the public information there was sparse.

The Sinosun site has some basic information on management software.
These would require your're are in partnership, although I found an
advertisement for the Sinosun TPM software management tools ($26.99 US)
http://www.orbitmicro.com/global/20pinsinosuntpmmoduleswmanagementtool-p-4385.html
Orbit Micro is a system integrator and IEI distributor and probably can
provide a white box solution.

You're still at the mercy of the Motherboard/PC vendor for BIOS support.

The Supermicro motherboard with integrated TPM has a BIOS that is TPM
aware..  It probably uses an ST19WP18-TPM-C from Standard Microsystems
(Found by searching their FAQ, another board with TPM).

There is some information on software development environment:
http://www.st.com/stonline/products/families/smartcard/sc_support.htm

This compares the three TPM chip versions:
http://www.st.com/stonline/stappl/productcatalog/app?path=/comp/stcom/PcStComOnLineQuery.showresult&querytype=type=product$$view=table&querycriteria=RNP139=1120.0
and prompted examination of the their pdf files, the sections on the
back on software.

The drivers are actually in ROM on the ST chips, with a flag system for
the host BIOS, allowing the same BIOS to work with or without TPM.  This
may explain  some of the lack of visibility in some BIOS images. The
windows drivers are embedded, too.  The -TMP-C version used by the
Supermicro motherboard talks about the use of Embassy Security Center
suite from Wave Systems.  There is a right to use license transfered
with the chip: http://www.st.com/stonline/press/news/year2004/p1499m.htm
also mentioned: http://www.tonymcfadden.net/tpmvendors_arc.html#software
The last link gives insight into the Atmel software, too.

The IEI pluggable TPM module web page shows software interfaces from
three different vendors for the three different chips it uses.  The
Winbond chip is shown being administered by Wave's ESC.  No indication
of licensing terms.

For open source/linux afficionados there's jtpmtools:

http://trustedjava.sourceforge.net/  (probably ripe for a tcl wrapper)

And information on the Open Trusted Computing web site:
http://www.opentc.net

(http://www.wavesys.com/products/TPM_Matrix.html  describes the
currently available TPM products from various system vendors.)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com