Intel to include DRM in new Pentium 4 series processors

[David Wagner]

Brian Gladman wrote:
>I am not quite sure of the extent of your disbelief in these forms of
>attack:
>(a) do you deny that such attacks are possible;
>(b) do you deny that secure boot and code metrics have some value in
>thwarting them

I'm arguing that we should view this as a risk management problem.
There are lots of possible attacks, but not all are equally probable,
and not all deserve equal attention.

I rank the risks by their probabilities of occurrence and their impact
if they do occur.  I claim that the risk from "insecure boot" attacks
is orders of magnitude smaller than the risk from buffer overruns and
the like.  For typical users, they are a much rarer form of attack, and
the impact may not be much greater than the impact of buffer overruns
and the like.

If my claim is accurate, then "insecure boot" attacks are in the noise.
Even if we have a perfect fix for "insecure boot" attacks, it will make
only a very small difference to the total risk.  And from Amdahl's law,
we know that, all else being equal, it is better to focus our energies
on the terms that make the largest contribution to the total risk,
not the marginal stuff.

Sure, attacks are possible.  I'm not sure whether TCPA has value in
defending against them (what's wrong with booting off of a floppy or
CD-ROM?), but for the sake of this discussion, I'll accept for the moment
that TCPA may provide an effective defense.  But that's not enough for
TCPA to provide an order of magnitude improvement in security.