Intel to include DRM in new Pentium 4 series processors

Matthew Astley lists-ukcrypto at fruitcake.demon.co.uk
Fri, 13 Sep 2002 03:43:49 +0100 

On Thu, Sep 12, 2002 at 09:51:44PM +0800, Brian Gladman wrote:
> From: "Nicholas Bohm" <nbohm@ernest.net>
> > At 19:40 12/09/2002 +0800, Brian Gladman wrote:

> > >It is true that a company can take GPL'd software and provide it
> > >in a form that allows the user to say that it is _this_
> > >particular version of the software that they want to run. The
> > >company providing this software has to comply with the GPL
> > >(assuming that this holds up legally) and this means that anyone
> > >else can compile and sign this software and a PC owner can choose
> > >to use this alternative.

This is the nub .. erm, crux of your earlier mail, I believe: that you
personally think it is very important that

  Joe Public [Limited Company] can sign a binary, and
  Colin Customer can load the appropriate key and run the binary.

Of course Joe PLC has to be able to sign code. The whole project would
sink like a stone otherwise.

So are we back to key management again? Familiar ground. 8-)

Does the key have to be signed/issued by a CA? Or can you generate
your own and get it signed by a friend, a la PGP?

For the record I note that Microsoft's current MUAs use the CA route.
PKCS#foo, is it? This system has always seemed rather feudal to me.

> > >They can do this themselves if they choose or they can take the
> > >software from any Free Software/Open Source distributor that
> > >wishes to supply TCPA signed OS or applications software.

The distributor, being an instance of Joe Public, appears to be
irrelevant at this point.

There's another case here. Is Colin Customer allowed to self-sign an
old copy of Office 97, in order to make that run on his new machine?
Can this be controlled independently of his ability to sign code for
which he has source?

I can't see that there is any benefit to Microsoft in preventing this.
Old Microsoft software can just be "other software". No big deal, even
if it's pirated.

> > This seems to imply that the owner of a TCPA machine can use it to
> > verify any signatures he wants (i.e. import into TCPA any public
> > keys he trusts) and will not be dependent on having keys signed by
> > parties approved by the TCPA consortium or anyone else.
> >
> > Is this in fact a feature of TCPA?
> 
> Yes, I believe this to be the case.

This is where I have to pick flies, sorry. It isn't the case now,
because the system doesn't exist (in public) yet.


It seems obvious that businesses will always be able to buy a signing
key from someone.

Discussion may ensue on whether this will be done annually, as for SSL
keys these days, or per running instance per annum. 'The Register'
tells me that Microsoft have been kicking around the idea of a
subscription model for Office 10.


You've made it plain that you have gone to some trouble to make sure
that the hardware's user will be able to load any key, when the system
is first released.

Given the little I know 8-/ , the rules appear to be simple:

  code signed by r00t is good

  code signed in a CA chain from r00t is also good

  code signed by [certificate loaded in by the owner] is good

That last one doesn't quite fit. It's a special case.

When the user clicks the "Yes I trust this software vendor" button,
does the hardware whip out its internal signing key and sign on the
user's behalf?


Based on this I don't see how anyone can promise that the hardware
owner will _always_ be able to load any key he wishes.

If the special case is removed, for example by no longer trusting keys
certified by the local hardware, then the machine turns into a TV.
Read only.

Whether to allow local code signing is just one bit, and it can be
stored in OTP ROM or flash, in the CPU. It's all just software, and
the software controls the trust. That's the whole point isn't it?


This isn't such a disaster though. If I want to run my own programs,
after the self-sign is disabled, then I can just buy a licence for my
compiler.

Given that the hardware will probably be subsidised initially (as with
the X-box) it only seems fair that people who want to get something
extra out of the machine will have to pay back the difference.

Excuse me while I refill my brush with non-drip sarcasm. 8-(


Matthew  #8-)