1. This forum section is a read-only archive which contains old newsgroup posts. If you wish to post a query, please do so in one of our main forum sections (here). This way you will get a faster, better response from the members on Motherboard Point.

Intel corp: computer OWNERS are the ENEMY and we must protect ourchips from them.

Discussion in 'PC Hardware' started by ultimauw, Jan 8, 2009.

  1. ultimauw

    ultimauw Guest

    http://it.slashdot.org/article.pl?sid=09/01/06/2132247

    (notice that they call the locked down execution part "TXT". I don't
    trust anyone who has to resort to [W][O][R][D][G][A][M][E] to try
    to sneak stuff like this under the public radar.

    From the same page http://it.slashdot.org/comments.pl?sid=1082397&cid=26351915
    I am a programmer, and in particular I have studied the Trusted
    Platform Technical Specification documentation. All 332 pages of dense
    technicaleese. There is one particular page I would like to cite. In
    the TCPA Main TCG Architecture v1_1b.pdf on page 277 the documentation
    comes right out and announces the fact it is designed to be secure
    against "rogue Owners".

    You are either mistaken, or you're full of crap. The chip is in fact
    designed to lock the computer against the owner. Yes, locks that are
    designed to protect the computer against it's owner will also prevent
    outside attackers from doing things that the owner himself is
    forbidden to do. However that is incidental. A hostile Trusted
    Computing system trying to lock computers against their owners is
    fundamentally different than a system designed to secure computers for
    the owner.

    If you really do believe that this is solely intended for the benefit
    of the owner, perhaps you could answer some questions for me.

    Why the absolute refusal to implement the EFF's Owner Override
    proposal? It would give the owner full control of his own computer
    while still securing against remote attacks. You could even secure
    against local attackers (other than the owner) by placing adding some
    sort of Owner Authentication element to the Override system.

    Or how about my proposal? I merely want a printed copy of the master
    key to my own computer. I merely want the option to buy a computer
    that comes with a printed copy of my master key. (Technical note: I am
    referring to the PrivEK key, and having the option to export the RSK
    key encrypted to the PrivEK would be beneficial for ease and security
    reasons.) Go ahead, explain to why I am absolutely forbidden to know
    the master key to my own computer. Go ahead and explain why they
    absolutely refuse to PERMIT anyone to manufacture any compatible Trust
    Chip that permits the owner to know their own master key.

    And best of all, explain to me all of the documented systems and plans
    to REVOKE and (for all practical purposes) brick any chip if they ever
    detect that you have learned the master key locked inside you
    computer, if you ever learn the master key to control your own
    computer, if they ever detect that you have the power and control to
    override any DRM system based on the chip.

    And don't even try the line about how this revocation system is "not
    part of the chip itself". The chip was explicitly designed to secure
    the computer against the owner, the chip was explicitly designed to to
    support that revocation system, and the chip's technical documentation
    and design specification explicitly mention this revocation system.

    The design specs endlessly list all of the things that the owner MUST
    be forbidden to be able to do, all of the things the owner MUST be
    forbidden to know, the specification even has a section that mandates
    that any owner's data under "non-migable keys" MUST be effectively
    impossible to back up and MUST be irretrievably lost if the chip ever
    dies.

    And on and on and on. Yes, the chip was explicitly designed to
    consider the owner to be the enemy. The chip is explicitly designed to
    be secure against "attacks" by the owner. Yes, the current generation
    of chips are relatively vulnerable to physical attack - by the owner
    or by a hostile attacker. However it is fundamentally designed to lock
    against the owner, there is a supplemental specification on how to
    increase the physical security against the owner and how to certify
    hardware as possessing stronger anti-owner physical security, and
    there is mention in the CHIP speck itself and in supplemental
    specifications on how to revoke and lock-out any chip where an owner
    does manage to gain local override control over his own computer.

    Yes, there are some people working on Trusted Computing with the
    intent of securing your computer for you, of protecting you against
    remote attackers. However that does not change the fact that the
    system is indeed designed to lock computers against the owner, that it
    is indeed designed explicitly for DRM support, that it is explicitly
    designed to be hostile to the owner, it does not change the fact that
    they COULD design a pro-owner system to secure your computer for you
    without these anti-owner aspects, but that they refuse to permit any
    compatible pro-owner chip that does not also impose these anti-owner
    DRM style enforcement systems as well.
     
    ultimauw, Jan 8, 2009
    #1
    1. Advertisements

  2. ultimauw

    Arno Wagner Guest



    This is very old news and well known in the academic IT security
    community. It is also the main counterargument to this hardware.

    From the refusal to give the user control at need, I deduce that
    this chip is indeed primarily targetted at taking control away
    from the user, and that protecting against external threats
    is only a secondary goal, or maybe just somethign invented by
    marketing.

    Still important to explain this to people until this technological
    atrocity goes away.

    Arno
     
    Arno Wagner, Jan 8, 2009
    #2
    1. Advertisements

  3. ultimauw

    ultimauw Guest



    What this needs to be is shown on mainstream media. Or course, given
    that mainstream media is a bunch of corporate whores it might be very
    hard to do so, but it has to be done. Any ideas?
     
    ultimauw, Jan 8, 2009
    #3
  4. ultimauw

    Bob Eager Guest



    You obviously aren't aware that the term 'text' for the execution part
    has been around since the early 1970s, and wasn't originated by Intel
    even then. I first encountered it in 1976 when I started using UNIX.

    Not that I agree with all this either..!
     
    Bob Eager, Jan 8, 2009
    #4

  5. While I don't encourage complacency, it will --
    just like the Intel CPU Serial Number was a flop.

    A few content providers have always tried to increase their
    control over their customers. Starting with trying to
    licence paper books. Rapacious. While some have accepted
    the restrictions, enough have always rejected them to make it
    an economically losing proposition for the content providers.

    However, there is no guarantee this will always be the case.
    TiVo is a counter-example.


    -- Robert
     
    Robert Redelmeier, Jan 8, 2009
    #5
  6. ultimauw

    JAD Guest

    Can you say "Computer Appliance"?
     
    JAD, Jan 8, 2009
    #6
  7. ultimauw

    ultimauw Guest

    It will be a very sad day if they manage to dupe the masses by selling
    it like that. Even worse, it will probaly work. Just give it some
    cheezy name (iTrust?) and a slick marketing campaign, and the masses
    will buy it. You can probaly still buy basic PCs you have the key to
    (marketed as pro or business) for the low low price of $8,000.
     
    ultimauw, Jan 8, 2009
    #7
  8. ultimauw

    Jon Danniken Guest

    There's always "software as a service" and tiers of internet access marketed
    by which webpages you can go to.

    Jon
     
    Jon Danniken, Jan 9, 2009
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.