Intel to include DRM in new Pentium 4 series processors

Ben Laurie ben at algroup.co.uk
Thu, 12 Sep 2002 19:14:14 +0100 

Nicholas Bohm wrote:
> At 19:40 12/09/2002 +0800, Brian Gladman wrote:
> 
>> Over the last two years I have been briefed in detail on TCPA 
>> developments
>> and also briefed in detail (under Non Disclosure Agreements) on a 
>> number of
>> implementations of TCPA being undertaken by major companies.
>>
>> I think Ross is right to suggest that the community at large needs to
>> understand TCPA and its derivatives and hence make a judgement on the 
>> impact
>> that this technology will have on the market.  I hence thought that it 
>> might
>> be helpful if I set out my own position (TCPA is evolving so this is 
>> subject
>> to change).
>>
>> At one level TCPA (I will use this term to cover both TCPA and the 
>> related
>> implementations) allows a PC owner to have a higher confidence in the
>> software that is running on their machine.  It will offer secure boot
>> protection, secure driver loading and verification and OS metrics that 
>> allow
>> a _machine owner_ to determine and verify what OS and what application
>> software runs on their machine.  All of these facilities are under the 
>> sole
>> control of the machine owner and they can if they wish switch them off 
>> (this
>> is the default).
>>
>> It is true that a company can take GPL'd software and provide it in a 
>> form
>> that allows the user to say that it is _this_ particular version of the
>> software that they want to run.   The company providing this software 
>> has to
>> comply with the GPL (assuming that this holds up legally) and this means
>> that anyone else can compile and sign this software and a PC owner can
>> choose to use this alternative.  They can do this themselves if they 
>> choose
>> or they can take the software from any Free Software/Open Source 
>> distributor
>> that wishes to supply TCPA signed OS or applications software.
> 
> 
> This seems to imply that the owner of a TCPA machine can use it to 
> verify any signatures he wants (i.e. import into TCPA any public keys he 
> trusts) and will not be dependent on having keys signed by parties 
> approved by the TCPA consortium or anyone else.
> 
> Is this in fact a feature of TCPA?

According to my understanding it is. But if you want to be cynical about 
it, here's the thing: TCPA will attest to a remote party that particular 
software has been booted and that can, of course, then be leveraged to 
attest that particular packages are/are not running. So, yes, you get to 
install your own keys, and run whatever you want. But funnily enough, 
unless it is what www.disney.com wants you to run, www.disney.com won't 
be sending you a copy of Snow White. Similarly, Word may decline to run 
unless the right OS is running, and that OS may refuse to allow access 
to files that have been revoked. I think you can see where this is going.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff