Intel to include DRM in new Pentium 4 series processors

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Sat, 14 Sep 2002 04:21:17 +0800 

From: "David Wagner" <daw@mozart.cs.berkeley.edu>
Newsgroups: isaac.lists.ukcrypto
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Friday, September 13, 2002 11:41 PM
Subject: Re: Intel to include DRM in new Pentium 4 series processors


> Brian Gladman wrote:
> >As a person with an interest in good security it will be the emergence of
a
> >TCPA machine that will lead to my move from Windows to GNU/Linux since
TCPA
> >hardware security features combined with Free/Open Source software will
> >provide me with an order of magnitude improvement in security compared
with
> >what I have now.
>
> An order of magnitude improvement in security?  Hmm.
> May I ask, against what kinds of threats?

Mainly those that involve deliberate or accidental expolitable weaknesses in
the operating system kernel and the lower level supporting code in driver
and component BIOSes.

> This is a very interesting claim.  However, after that
> teaser, I hope you'll elaborate.  I must admit I'm having
> trouble seeing how TCPA would make any difference in
> the way I use computers every day.  Boot sector viruses?
> I've never gotten one.  Remote verification of trustworthy
> boot?  Solves a non-problem (for me); I've never seen
> an untrustworthy boot.

I have never seen one I trust yet.

> Trojen horses in the operating
> system?  I've never seen one.  Just about all of my
> security problems have been network security problems:
> e.g., remote penetrations (say, by buffer overflow) of
> privileged applications.  I can't see how TCPA would help
> with this problem.
>
> What am I missing?

I would guess that the number of users who have been attacked using such
techniques is very, very small. And the number who have noticed such attacks
when they have been carried out is very much smaller still.

And if this is your criteria for security you don't need a secure boot
sequence or code integrity metrics.

But I have seen such attacks used and I have designed and carried them out
myself (although not in an operational setting) and this is why I worry
about them.  In this sense I am as much a prisoner of my past experience as
anyone else.

What are you missing?  I'm not sure but one possibility is that you are not
worried about attacks that commonly reported experience suggests are not
used by attackers?

I am not going to be tempted into a description of what I would like to see
in a secure boot sequence since this is not a simple exercise.  But I don't
think there is any real integrity or assurance in current boot sequences and
I would like to see improvements in this respect.  And going beyond this, a
Free/Open Source OS based around a small kernel (e.g like T-Mach) with
appropriate hardware support can get me the sort of security improvements I
am after.

I admit I was using 'order of magnitude' too loosely - what I really meant
was that I would be able to move from no trust in my system to a reasonable
level of trust in it.

I agree that this won't come from TCPA alone but some aspects of TCPA are
steps in this direction (it provides support for a secure boot sequence and
for the code integrity metrics).

  Brian