Intel to include DRM in new Pentium 4 series processors

[Brian Gladman]

----- Original Message -----
From: "Ben Laurie" <ben@algroup.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Saturday, September 14, 2002 7:02 AM
Subject: Re: Intel to include DRM in new Pentium 4 series processors


> Brian Gladman wrote:
> > From: "David Wagner" <daw@mozart.cs.berkeley.edu>
> > Newsgroups: isaac.lists.ukcrypto
> > To: <ukcrypto@chiark.greenend.org.uk>
> > Sent: Friday, September 13, 2002 11:41 PM
> > Subject: Re: Intel to include DRM in new Pentium 4 series processors
> >
> >
> >
> >>Brian Gladman wrote:
> >>
> >>>As a person with an interest in good security it will be the emergence
of
> >>
> > a
> >
> >>>TCPA machine that will lead to my move from Windows to GNU/Linux since
> >>
> > TCPA
> >
> >>>hardware security features combined with Free/Open Source software will
> >>>provide me with an order of magnitude improvement in security compared
> >>
> > with
> >
> >>>what I have now.
> >>
> >>An order of magnitude improvement in security?  Hmm.
> >>May I ask, against what kinds of threats?
> >
> >
> > Mainly those that involve deliberate or accidental expolitable
weaknesses in
> > the operating system kernel and the lower level supporting code in
driver
> > and component BIOSes.
>
> It seems to me that trusted boot does not defend you against these
> classes of attack; at least, not until next time you reboot (which, on a
> typical box I run, will be many months, if not years, later).

Assuming it has value this is still a benefit even if it is one that is
exploited infrequently. And, of course many PCs are rebooted very
frequently.

But TCPA metrics are not limited to being used at boot time and it may well
make more sense to use them in other ways on a server exposed to attacks via
a network connection.

   Brian