Intel to include DRM in new Pentium 4 series processors

Matthew Astley lists-ukcrypto at fruitcake.demon.co.uk
Sat, 14 Sep 2002 17:07:06 +0100 

On Sat, Sep 14, 2002 at 04:12:11PM +0800, Brian Gladman wrote:

> [...]
>
> I see improving the trustworthiness of mass market PCs as a
> challenging task and one that requires steady incremental progress
> in removing sources of vulnerability.

The TCPA appears not to be an incremental improvement, but more of a
large scale redesign. Now if the boot sequence, for example, is as
broken as you say it is, then that should be fixed.

What worries me most is that the whole scheme appears to be a power
grab on a massive scale. That isn't an incremental improvement.

> [...]

> I would also say that I don't think that large chip and PC suppliers
> put things like this in their products unless there is a demand for
> them. [...]

...or unless they were bullied into it by the company that holds the
world to x86 hardware. Without Windows the world is free to run ARM,
Sparc, G4 or whatever. Even if this is a PITA for the games companies.

Would it be fair to say that, given the design an capital costs of
making a modern processor, it would not be economical to produce one
with and one without TCPA support? Or can the TCPA instructions be
entirely burned out from the core?

> My experience in these debates is that people argue against things
> like secure boot and code metrics, not because these things don't do
> some of what their advocates claim, but rather because people fear
> that these might actually be rather effective. And people see a high
> degree of of self protection against vested interests in being able
> to run code on their machines that is not subject to such less
> easily subvertible hardware controls because they fear that the
> latter will not be under their own control.
> 
> I understand and completely support this concern since loss of
> control is loss of security. But this should be argued in its own
> right, not turned into an argument that those who do want these
> facilities don't understand the security risks that they face (I am
> not suggesting that this is where you are coming from).

This is interesting. It's almost certainly where I'm coming from, at
least in part.

Does the industry expect me to buy into this of my own free will? It
hasn't proven to me that I will be in complete control of the hardware
on my desk[1]. Therefore I see it as the industry attempting to push
me into buying the hardware because it thinks I have no alternative.


The other problem I have is that the system appears to be set up in
such a way that Larry Livestock will legally and practically give up
much of the control that he has payed for, in much the same way that
he gives up control of his finances to his bank manager. Just because
it doesn't surprise me, doesn't make it right.


Matthew  #8-)
-- 
[1] Arguments stand that I'm not in complete control now, and in some
    cases I shouldn't be in control just because the thing is on my
desk. However, many of these problems have other cheaper solutions.