[Reader-list] Palladium/TCPA Consequences
pankaj at sarai.net
Sat Dec 21 00:48:51 IST 2002
In June 2002, Microsoft released information regarding its new
"Palladium" initiative. Palladium is a system that combines
software and hardware controls to create a "trusted" computing
TCPA stands for the Trusted Computing Platform Alliance. it is
an initiative led by Intel teaming up with fellow founders
Microsoft, Compaq, HP and IBM. Now there are 180 member companies
of the TCPA, including AMD, Novell, Nvidia, Infineon, and just
about every significant IT security vendor.
The main points here are security and DRM. lets take them one by
Palladium OS will stop viruses by preventing the running of
malicious programs, will store personal data within an encrypted
folder, will depend on hardware that has either a digital signature
or a tracking number, will filter spam. just what everyone wanted
but all these features are already avaliable as third party tools.
We have had most of these capabilities in software for years, but
haven't bothered to exercise them.
The system will incorporate Digital Rights Management technologies
for media files of all types (music, documents, e-mail communications).
Additionally, the system purports to transmit data within the computer
via encrypted paths.
This is the more intresting part, what this means is that it is up to an
application to set the security policy for its files, using an "online
policy server." So Media Player will determine what sort of conditions get
attached to protected titles, Disney will be able to sell you DVDs that will
decrypt and run on a Palladium platform, but which you won't be able to copy.
The music industry will be able to sell you music downloads that you won't
be able to swap. They will be able to sell you CDs that you'll only be able
to play three times, or only on your birthday. All sorts of new marketing
possibilities will open up.
TCPA / Palladium will also make it much harder for you to run unlicensed
software. Pirate software can be detected and deleted remotely.
There are many other possibilities. Governments will be able to arrange things
so that all Word documents created on civil servants' PCs are `born classified'
and can't be leaked electronically to journalists.
There will be remote censorship: the mechanisms designed to delete pirated
music under remote control may be used to delete documents that a court (or
a software company) has decided are offensive - this could be anything from
pornography to writings that criticise political leaders.
Software companies can also make it harder for you to switch to their competitors'
products; for example, Word could encrypt all your documents using keys that only
Microsoft products have access to; this would mean that you could only read them
using Microsoft products, not with any competing word processor like OpenOffice.
The known elements of the Microsoft DRM system will control users and limit
the abilities of computers. Microsoft has obtained approval for two patents
in December 2001 that contained many of the basic elements of a trusted
Lets see how this works. TCPA provides for a monitoring and reporting component
to be mounted in future PCs. The preferred implementation in the first phase of
TCPA is a `Fritz' chip - a smartcard chip or dongle soldered to the motherboard.
The early versions might be vulnerable to anyone with the tools and patience to
crack the hardware e.g., get data on the bus between the CPU and the Fritz chip.
However, from phase 2, the Fritz chip will disappear inside the main processor
and things will get a lot harder.
When you boot up your PC, Fritz takes charge. checks that the boot ROM is as
expected, executes it, measures the state of the machine; then checks the first
part of the operating system, loads and executes it, checks the state of the
machine; and so on. The trust boundary, of hardware and software considered to
be known and verified, is steadily expanded. A table is maintained of the hardware
(audio card, video card etc) and the software (O/S, drivers, etc); Fritz checks
that the hardware components are on the TCPA approved list, that the software
components have been signed, and that none of them has a serial number that has
been revoked. If there are significant changes to the PC's configuration,
the machine must go online to be re-certified. The result is a PC booted into a
known state with an approved combination of hardware and software (whose licences
have not expired). Control is then handed over to enforcement software in the o
perating system - this will be Palladium if your operating system is Windows.
There is another problem TCPA will undermine the General Public License (GPL),
At least two companies have started work on a TCPA-enhanced version of GNU/linux.
This will involve tidying up the code and removing a number of features. To get
a certificate from the TCPA corsortium, the sponsor will then have to submit the
pruned code to an evaluation lab, together with a mass of documentation showing
why various known attacks on the code don't work. (The evaluation is at level E3
- expensive enough to keep out the free software community, yet lax enough for
most commercial software vendors to have a chance to get their lousy code through.
Although the modified program will be covered by the GPL, and the source code will
be free to everyone, it will not make full use of the TCPA features unless you have
a certificate for it that is specific to the Fritz chip on your own machine. That
is what will cost you money (if not at first, then eventually).
TCPA appears designed to maximise the effect, and thus the economic power, of such
behaviour. Given Microsoft's record of competitive strategic plays, I expect that
Palladium will support them. So if you control a TCPA-enabled application, then
your policy server can enforce your choice of rules about which other applications
will be allowed to use the files your code creates. These files can be protected
using strong cryptography, with keys controlled by the Fritz chips on everybody's
machines. What this means is that a successful TCPA-enabled application will be
worth much more money to the software company that controls it, as they can rent
out access to their interfaces for whatever the market will bear. So there will be
huge pressures on software developers to enable their applications for TCPA; and if
Palladium is the first operating system to support TCPA, this will give it a
competitive advantage over GNU/Linux and MacOS with the developer community.
On a TCPA-enhanced Linux system you will still be free to make modifications to
the modified code, but you won't be able to get a certificate that gets you into
the TCPA system. Something similar happens with the linux supplied by Sony for
the Playstation 2; the console's copy protection mechanisms prevent you from
running an altered binary, and from using a number of the hardware features.
Once the majority of PCs on the market are TCPA-enabled, the GPL won't work
as intended. The benefit for Microsoft is not that this will destroy free software
directly. The point is this: once people realise that even GPL'led software can be
hijacked for commercial purposes, idealistic young programmers will be much less
motivated to write free software.
$you = new YOU;
honk() if $you->love(perl);
More information about the reader-list