ThinkWiki - User contributions [en]

TCPA/TCG - Trusted or Treacherous

2005-07-20T17:58:59Z

Shpedoikal: /* DRM - Digital Rights Management */

{| width="100%"
|style="vertical-align:top;padding-right:20px;white-space:nowrap;" | __TOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">The Members of the Trusted Computing Group (TCG), formerly the Trusted Computing Platform Allience (TCPA), are working on a paradigm shift in information technology, which could become the biggest change of the information landscape since decades.

This article tries to gather information about the implications of the TCPA and TCG effords. To many users these implications seem rather treacherous than trustworthy. This article tries to give a short summarized overview over the facts from a rather netral point of view.

We will start with a quote:

''"It is clear that trusted computing hardware provides security benefits, if software is prepared to take advantage of it. But trusted computing has been received skeptically and remains controversial. Some of the controversy is based on misconceptions, but much of it is appropriate, since trusted computing systems fundamentally alter trust relationships. Legitimate concerns about trusted computing are not limited to one area, such as consumer privacy or copyright issues.'' <br />
''We have at least two serious concerns about trusted computing. First, existing designs are fundamentally flawed because they expose the public to new risks of anti-competitive and anti-consumer behavior. Second, manufacturers of particular "trusted" computers and components may secretly implement them incorrectly."'' <br />
''Source: [http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php Electronic Frontier Foundation]''</div>
|}

==TC - Trusted Computing==
Recently, the number of known security incidents has been dramatically increasing. Thus, security issues in computer industry have been pushed forward. So far, digital content on computers couldn't be efficiently protected since every security mechanism accessible by software could always be circumvent by software.

The idea of Trusted Computing is to provide a hardware chip (TPM) that assists software in:
* secure storage of security related data like keys, certificates, data and checksums
* encryption and decryption
* validation of certificates
* (Remote) Platform Attestation (''meaning that somebody can check the state of your personal computer over the internet'')
* Sealing (''meaning encrypting data in a state where a specific platform or application may be required to decrypt it'')

Although a TPM will assist in the above operations, software support is required to enable any enforcement of a security policy on a platform with a TPM. A TPM in and of itself cannot disable any part of your computer.

==A short history of TCPA, TCG, Palladium and NSCB:==
* 1999: The Trusted Computing Platform Alliance (TCPA) is founded by Intel, Microsoft, HP, Compaq and IBM.
* February 2002: The TCPA Main Specification Version 1.1b is being published.
* Early 2003: The name of Microsofts own TC-Projekt "Palladium" is changed to "next-generation secure computing base" (NGSCB).
* April 2003: The Trusted Computing Group (TCG) is founded by AMD, HP, IBM, Intel and Microsoft.
* Summer 2004: Microsoft seems to have stopped their "NGSCB"-effort.

==The TCPA==
Founded 1999 by Compaq, HP, IBM, Intel and Microsoft, the TCPA counts around 200 members by now, among them Adobe, AMD, Fujitsu-Siemens, Gateway, Motorola, Samsung, Toshiba and many others.

==The TCG==
As successor of the TCPA, the TCG was founded by AMD, HP, IBM, Intel and Microsoft in April 2004.

==TCG Hardware Architecture==
The Trusted Platform Module (TPM) (a.k.a. "Fritz"-Chip) is the central element of the TCG architecture. Imagine a hardwired smart card for a abstract picture of this architecture.

The integration of the whole functionality into the CPU is also discussed, which would increase resistance against tampering attacks (see also Intel "LaGrande").

Regarding the hardware security of the "Trusted Platform Modules (TPM)", there were two important critiques:
*The first one has been the insuficient security certification against hardware attacks. In TCG 1.2 this critique has been addressed by an improvement of the hardware requirements. It has to be seen how strong the resistance against sophisticated attacks at intensively daily usage will be.
*The second one addreses the 'black box'-characterisitcs and risk 'hidden channels' in the TCG-Hardware, which can be easily implemented and used to send secret information to third parties.

==TC - Treacherous Computing?==
Generally, there are good arguments that these features can be used to improve the security of computer systems. Trusted Computing offers a lot of features which can be used to protect the personal computer against malicious software and users.

But according to a lot of technical analysis, most researchers have fundamental critics on the main design considerations. The new infrastructure will offer '''only minor protection against worms and viruses''', although TCG is telling something completely different. Furthermore, some of these features can already be established by todays smart card supported systems, so where is the need for TCG 1.1?

''We recognize that hardware enhancements might be one way to improve computer security. But treating computer owners as adversaries is not progress in computer security. '''The interoperability, competition, owner control, and similar problems inherent in the TCG and NCSCB approach are serious enough that we recommend against adoption of these trusted computing technologies until these problems have been addressed. Fortunately, we believe these problems are not insurmountable''', and we look forward to working with the industry to resolve them."'' <br />
Source: [http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php Electronic Frontier Foundation], bold emphasis by [[User:Pitsche|Pitsche]]

There are a lot of drawbacks to this kind of security implementation:
*The concept prevents even the device owner from certain operations.
*Remote Attestation is a good feature to remotely detect tampering of the computer, as long as this 'somebody' is the owner of the platform. But if this Remote Attestation is used by third parties, serious privacy and market domination issues arise.
*There are certainly legitimate reasons for Sealing. But the main use case seems to be consumer-unfriendly new 'business cases' for content dealers which involve locking down content to a single platform, based on connecting content to a specific device without any migration options.

Additionally, the market domination of Microsoft, obscurities regarding the needed trust infrastructure and a heap of patents have lead to critical evaluations from cryptographers, privacy organizations and European institutions. <br />
Because of this pressure the Trusted Computing Group has modifed its proposal. The recent specification is "TCG 1.2".

=== DRM - Digital Rights Management ===
The philosophy behind Remote Platform Attestation and Sealing seems to be a protection of the computer system like a ThinkPad or electronic device like a MP3-Player ''against'' its user and owner.

What will do this to the use of digital media content on computers or other electronic devices? The answer of the IT- and the Entertainment-Industry is "Digital Rights Management" or just shortly "DRM".

''The DRM component takes control over the rest of the user's device which they rightfully own (e.g. MP3-Player'' '''or a ThinkPad)''' ''and restricts how it may act, regardless of the user's wishes (e.g. preventing the user from copying a song). All forms of DRM depend on the device imposing restrictions that cannot be legally disabled or modified by the user. In other words, the user has no choice.'' Bold emphasised by [[User:Pitsche]].

So a new 'name' for DRM came up: '''Digital Restrictions Management''' instead of Digital Rights Management.

Read more at [[Wikipedia:Digital rights management]].

Keep in mind that neither enabling your TPM or installing [http://trousers.sourceforge.net TrouSerS] will implement any DRM features on your ThinkPad. Other software packages that implement DRM on Linux should be posted here.

=== Censorship and Avoiding Whistle Blowers ===
The Siamese twin of Digital Restriction Management is censorship. '''The same techniques which avoid copying music songs can be used to limit the access to all kinds of documents'''. The combination of DRM and observation hardware like TCG leads to very dangerous implications.

Giving a real world example, the Chinese government could easily block the use of all documents containing the words "Dalai Lama" on 'trusted' computer systems.

Another application is the fight against whistle blowers. E.g. government documents about the deportation of own citizens to countries with a doubtful law system or about supporting illegal wars could be made readable for government computers only and combined with a expiration date. This might make it very dificult for the society or following generations to disclose these breaches of humanity.

=== Summary ===
There are still a lot of critical questions, even though TCG 1.2 contains many steps into the right direction.

== Thinkpads with and without TCPA/TCG ==

If you want to know, which ThinkPads are equipped with TCPA Technology like IBM Embedded Security Subsystem or IBM Embedded Security Subsystem 2.0 and which of them are TCPA/TCG clean models, please [[Embedded Security Subsystem#Models featuring this Technology|see the complete list of models]] at the article about [[Embedded Security Subsystem]].

== OpenSource Software and TCG ==
The TrouSerS project aims at implementing each TSS (Trusted computing Software Stack) specification as it is released. TrouSerS is now part of the [http://packages.gentoo.org/packages/?category=app-crypt;name=trousers Gentoo] distribution.

There are many misconceptions surrounding open-source software and trusted computing. Please see the [http://trousers.sf.net/faq.html TrouSerS FAQ] for answers to some common questions.

== Related Links ==
*[http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html 'Trusted Computing' Frequently Asked Questions] - Anti-TC FAQ by Cambridge University security director and professor [[Ross Anderson]].
*[http://www.againsttcpa.com/ Against-TCPA]
*[http://invisiblog.com/1c801df4aee49232/article/0df117d5d9b32aea8bc23194ecc270ec Interesting Uses of Trusted Computing]
*[http://www.gnu.org/philosophy/can-you-trust.html Can you trust your computer?] essay by the FSF
*[http://www.protectprivacy.org/topic--lang-en.html The civil rights organisation Protect Privacy]
*[http://trousers.sourceforge.net/faq.html The TrouSerS FAQ.]

== Read more at Wikipedia, the free encyclopedia: ==
*[http://en.wikipedia.org/wiki/Trusted_computing Trusted Computing]
*[http://en.wikipedia.org/wiki/Trusted_Computing_Platform_Alliance Trusted Computing Group (formerly known as TCPA)]
*[http://en.wikipedia.org/wiki/Fritz-chip Fritz-Chip]
*[http://en.wikipedia.org/wiki/Palladium_operating_system Palladium]
*[http://en.wikipedia.org/wiki/Category:Cryptography Wikipedia-Category: Cryptography]
*[http://en.wikipedia.org/wiki/Category:Copyright_law Wikipedia-Category: Copyright Law]
*[http://en.wikipedia.org/wiki/Category:Digital_rights_management Wikipedia-Category: Digital Rights Management]


[[Category:Glossary]]

TCPA/TCG - Trusted or Treacherous

2005-07-14T22:48:19Z

Shpedoikal: /* TC - Trusted Computing */

{| width="100%"
|style="vertical-align:top;padding-right:20px;white-space:nowrap;" | __TOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">The Members of the Trusted Computing Group (TCG), formerly the Trusted Computing Platform Allience (TCPA), are working on a paradigm shift in information technology, which could become the biggest change of the information landscape since decades.

This article tries to gather information about the implications of the TCPA and TCG effords. To many users these implications seem rather treacherous than trustworthy. This article tries to give a short summarized overview over the facts from a rather netral point of view.

We will start with a quote:

''"It is clear that trusted computing hardware provides security benefits, if software is prepared to take advantage of it. But trusted computing has been received skeptically and remains controversial. Some of the controversy is based on misconceptions, but much of it is appropriate, since trusted computing systems fundamentally alter trust relationships. Legitimate concerns about trusted computing are not limited to one area, such as consumer privacy or copyright issues.'' <br />
''We have at least two serious concerns about trusted computing. First, existing designs are fundamentally flawed because they expose the public to new risks of anti-competitive and anti-consumer behavior. Second, manufacturers of particular "trusted" computers and components may secretly implement them incorrectly."'' <br />
''Source: [http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php Electronic Frontier Foundation]''</div>
|}

==TC - Trusted Computing==
Recently, the number of known security incidents has been dramatically increasing. Thus, security issues in computer industry have been pushed forward. So far, digital content on computers couldn't be efficiently protected since every security mechanism accessible by software could always be circumvent by software.

The idea of Trusted Computing is to provide a hardware chip (TPM) that assists software in:
* secure storage of security related data like keys, certificates, data and checksums
* encryption and decryption
* validation of certificates
* (Remote) Platform Attestation (''meaning that somebody can check the state of your personal computer over the internet'')
* Sealing (''meaning encrypting data in a state where a specific platform or application may be required to decrypt it'')

Although a TPM will assist in the above operations, software support is required to enable any enforcement of a security policy on a platform with a TPM. A TPM in and of itself cannot disable any part of your computer.

==A short history of TCPA, TCG, Palladium and NSCB:==
* 1999: The Trusted Computing Platform Alliance (TCPA) is founded by Intel, Microsoft, HP, Compaq and IBM.
* February 2002: The TCPA Main Specification Version 1.1b is being published.
* Early 2003: The name of Microsofts own TC-Projekt "Palladium" is changed to "next-generation secure computing base" (NGSCB).
* April 2003: The Trusted Computing Group (TCG) is founded by AMD, HP, IBM, Intel and Microsoft.
* Summer 2004: Microsoft seems to have stopped their "NGSCB"-effort.

==The TCPA==
Founded 1999 by Compaq, HP, IBM, Intel and Microsoft, the TCPA counts around 200 members by now, among them Adobe, AMD, Fujitsu-Siemens, Gateway, Motorola, Samsung, Toshiba and many others.

==The TCG==
As successor of the TCPA, the TCG was founded by AMD, HP, IBM, Intel and Microsoft in April 2004.

==TCG Hardware Architecture==
The Trusted Platform Module (TPM) (a.k.a. "Fritz"-Chip) is the central element of the TCG architecture. Imagine a hardwired smart card for a abstract picture of this architecture.

The integration of the whole functionality into the CPU is also discussed, which would increase resistance against tampering attacks (see also Intel "LaGrande").

Regarding the hardware security of the "Trusted Platform Modules (TPM)", there were two important critiques:
*The first one has been the insuficient security certification against hardware attacks. In TCG 1.2 this critique has been addressed by an improvement of the hardware requirements. It has to be seen how strong the resistance against sophisticated attacks at intensively daily usage will be.
*The second one addreses the 'black box'-characterisitcs and risk 'hidden channels' in the TCG-Hardware, which can be easily implemented and used to send secret information to third parties.

==TC - Treacherous Computing?==
Generally, there are good arguments that these features can be used to improve the security of computer systems. Trusted Computing offers a lot of features which can be used to protect the personal computer against malicious software and users.

But according to a lot of technical analysis, most researchers have fundamental critics on the main design considerations. The new infrastructure will offer '''only minor protection against worms and viruses''', although TCG is telling something completely different. Furthermore, some of these features can already be established by todays smart card supported systems, so where is the need for TCG 1.1?

''We recognize that hardware enhancements might be one way to improve computer security. But treating computer owners as adversaries is not progress in computer security. '''The interoperability, competition, owner control, and similar problems inherent in the TCG and NCSCB approach are serious enough that we recommend against adoption of these trusted computing technologies until these problems have been addressed. Fortunately, we believe these problems are not insurmountable''', and we look forward to working with the industry to resolve them."'' <br />
Source: [http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php Electronic Frontier Foundation], bold emphasis by [[User:Pitsche|Pitsche]]

There are a lot of drawbacks to this kind of security implementation:
*The concept prevents even the device owner from certain operations.
*Remote Attestation is a good feature to remotely detect tampering of the computer, as long as this 'somebody' is the owner of the platform. But if this Remote Attestation is used by third parties, serious privacy and market domination issues arise.
*There are certainly legitimate reasons for Sealing. But the main use case seems to be consumer-unfriendly new 'business cases' for content dealers which involve locking down content to a single platform, based on connecting content to a specific device without any migration options.

Additionally, the market domination of Microsoft, obscurities regarding the needed trust infrastructure and a heap of patents have lead to critical evaluations from cryptographers, privacy organizations and European institutions. <br />
Because of this pressure the Trusted Computing Group has modifed its proposal. The recent specification is "TCG 1.2".

=== DRM - Digital Rights Management ===
The philosophy behind Remote Platform Attestation and Sealing seems to be a protection of the computer system like a ThinkPad or electronic device like a MP3-Player ''against'' its user and owner.

What will do this to the use of digital media content on computers or other electronic devices? The answer of the IT- and the Entertainment-Industry is "Digital Rights Management" or just shortly "DRM".

''The DRM component takes control over the rest of the user's device which they rightfully own (e.g. MP3-Player'' '''or a ThinkPad)''' ''and restricts how it may act, regardless of the user's wishes (e.g. preventing the user from copying a song). All forms of DRM depend on the device imposing restrictions that cannot be legally disabled or modified by the user. In other words, the user has no choice.'' Bold emphasised by [[User:Pitsche]].

So a new 'name' for DRM came up: '''Digital Restrictions Management''' instead of Digital Rights Management.

Read more at [[Wikipedia:Digital rights management]].

=== Censorship and Avoiding Whistle Blowers ===
The Siamese twin of Digital Restriction Management is censorship. '''The same techniques which avoid copying music songs can be used to limit the access to all kinds of documents'''. The combination of DRM and observation hardware like TCG leads to very dangerous implications.

Giving a real world example, the Chinese government could easily block the use of all documents containing the words "Dalai Lama" on 'trusted' computer systems.

Another application is the fight against whistle blowers. E.g. government documents about the deportation of own citizens to countries with a doubtful law system or about supporting illegal wars could be made readable for government computers only and combined with a expiration date. This might make it very dificult for the society or following generations to disclose these breaches of humanity.

=== Summary ===
There are still a lot of critical questions, even though TCG 1.2 contains many steps into the right direction.

== Thinkpads with and without TCPA/TCG ==

If you want to know, which ThinkPads are equipped with TCPA Technology like IBM Embedded Security Subsystem or IBM Embedded Security Subsystem 2.0 and which of them are TCPA/TCG clean models, please [[Embedded Security Subsystem#Models featuring this Technology|see the complete list of models]] at the article about [[Embedded Security Subsystem]].

== OpenSource Software and TCG ==
The TrouSerS project aims at implementing each TSS (Trusted computing Software Stack) specification as it is released. TrouSerS is now part of the [http://packages.gentoo.org/packages/?category=app-crypt;name=trousers Gentoo] distribution.

There are many misconceptions surrounding open-source software and trusted computing. Please see the [http://trousers.sf.net/faq.html TrouSerS FAQ] for answers to some common questions.

== Related Links ==
*[http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html 'Trusted Computing' Frequently Asked Questions] - Anti-TC FAQ by Cambridge University security director and professor [[Ross Anderson]].
*[http://www.againsttcpa.com/ Against-TCPA]
*[http://invisiblog.com/1c801df4aee49232/article/0df117d5d9b32aea8bc23194ecc270ec Interesting Uses of Trusted Computing]
*[http://www.gnu.org/philosophy/can-you-trust.html Can you trust your computer?] essay by the FSF
*[http://www.protectprivacy.org/topic--lang-en.html The civil rights organisation Protect Privacy]
*[http://trousers.sourceforge.net/faq.html The TrouSerS FAQ.]

== Read more at Wikipedia, the free encyclopedia: ==
*[http://en.wikipedia.org/wiki/Trusted_computing Trusted Computing]
*[http://en.wikipedia.org/wiki/Trusted_Computing_Platform_Alliance Trusted Computing Group (formerly known as TCPA)]
*[http://en.wikipedia.org/wiki/Fritz-chip Fritz-Chip]
*[http://en.wikipedia.org/wiki/Palladium_operating_system Palladium]
*[http://en.wikipedia.org/wiki/Category:Cryptography Wikipedia-Category: Cryptography]
*[http://en.wikipedia.org/wiki/Category:Copyright_law Wikipedia-Category: Copyright Law]
*[http://en.wikipedia.org/wiki/Category:Digital_rights_management Wikipedia-Category: Digital Rights Management]


[[Category:Glossary]]

TCPA/TCG - Trusted or Treacherous

2005-07-14T16:23:09Z

Shpedoikal: /* OpenSource Software and TCG */

{| width="100%"
|style="vertical-align:top;padding-right:20px;white-space:nowrap;" | __TOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">The Members of the Trusted Computing Group (TCG), formerly the Trusted Computing Platform Allience (TCPA), are working on a paradigm shift in information technology, which could become the biggest change of the information landscape since decades.

This article tries to gather information about the implications of the TCPA and TCG effords. To many users these implications seem rather treacherous than trustworthy. This article tries to give a short summarized overview over the facts from a rather netral point of view.

We will start with a quote:

''"It is clear that trusted computing hardware provides security benefits, if software is prepared to take advantage of it. But trusted computing has been received skeptically and remains controversial. Some of the controversy is based on misconceptions, but much of it is appropriate, since trusted computing systems fundamentally alter trust relationships. Legitimate concerns about trusted computing are not limited to one area, such as consumer privacy or copyright issues.'' <br />
''We have at least two serious concerns about trusted computing. First, existing designs are fundamentally flawed because they expose the public to new risks of anti-competitive and anti-consumer behavior. Second, manufacturers of particular "trusted" computers and components may secretly implement them incorrectly."'' <br />
''Source: [http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php Electronic Frontier Foundation]''</div>
|}

==TC - Trusted Computing==
Recently, the number of known security incidents has been dramatically increasing. Thus, security issues in computer industry have been pushed forward. So far, digital content on computers couldn't be efficiently protected since every security mechanism accessible by software could always be circumvent by software.

The idea of Trusted Computing is to provide a hardware layer that cares for
* storage of security related data like keys, certificates and checksums
* encryption and decryption
* validation of certificates
* (Remote) Platform Attestation (''meaning that somebody can check the state of your personal computer over the internet'')
* Sealing (''meaning binding data to a specific platform and application'')

Since this way the hardware can handle security management without any software being able to access the security data (like a Black Box). Moreover, the whole software layer can be 'monitored' by the hardware through the use of checksums. Hence the TCPA layer can recognise changes to the software layer and block the whole system from starting, this way keeping malicious software from running at all.

==A short history of TCPA, TCG, Palladium and NSCB:==
* 1999: The Trusted Computing Platform Alliance (TCPA) is founded by Intel, Microsoft, HP, Compaq and IBM.
* February 2002: The TCPA Main Specification Version 1.1b is being published.
* Early 2003: The name of Microsofts own TC-Projekt "Palladium" is changed to "next-generation secure computing base" (NGSCB).
* April 2003: The Trusted Computing Group (TCG) is founded by AMD, HP, IBM, Intel and Microsoft.
* Summer 2004: Microsoft seems to have stopped their "NGSCB"-effort.

==The TCPA==
Founded 1999 by Compaq, HP, IBM, Intel and Microsoft, the TCPA counts around 200 members by now, among them Adobe, AMD, Fujitsu-Siemens, Gateway, Motorola, Samsung, Toshiba and many others.

==The TCG==
As successor of the TCPA, the TCG was founded by AMD, HP, IBM, Intel and Microsoft in April 2004.

==TCG Hardware Architecture==
The Trusted Platform Module (TPM) (a.k.a. "Fritz"-Chip) is the central element of the TCG architecture. Imagine a hardwired smart card for a abstract picture of this architecture.

The integration of the whole functionality into the CPU is also discussed, which would increase resistance against tampering attacks (see also Intel "LaGrande").

Regarding the hardware security of the "Trusted Platform Modules (TPM)", there were two important critiques:
*The first one has been the insuficient security certification against hardware attacks. In TCG 1.2 this critique has been addressed by an improvement of the hardware requirements. It has to be seen how strong the resistance against sophisticated attacks at intensively daily usage will be.
*The second one addreses the 'black box'-characterisitcs and risk 'hidden channels' in the TCG-Hardware, which can be easily implemented and used to send secret information to third parties.

==TC - Treacherous Computing?==
Generally, there are good arguments that these features can be used to improve the security of computer systems. Trusted Computing offers a lot of features which can be used to protect the personal computer against malicious software and users.

But according to a lot of technical analysis, most researchers have fundamental critics on the main design considerations. The new infrastructure will offer '''only minor protection against worms and viruses''', although TCG is telling something completely different. Furthermore, some of these features can already be established by todays smart card supported systems, so where is the need for TCG 1.1?

''We recognize that hardware enhancements might be one way to improve computer security. But treating computer owners as adversaries is not progress in computer security. '''The interoperability, competition, owner control, and similar problems inherent in the TCG and NCSCB approach are serious enough that we recommend against adoption of these trusted computing technologies until these problems have been addressed. Fortunately, we believe these problems are not insurmountable''', and we look forward to working with the industry to resolve them."'' <br />
Source: [http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php Electronic Frontier Foundation], bold emphasis by [[User:Pitsche|Pitsche]]

There are a lot of drawbacks to this kind of security implementation:
*The concept prevents even the device owner from certain operations.
*Remote Attestation is a good feature to remotely detect tampering of the computer, as long as this 'somebody' is the owner of the platform. But if this Remote Attestation is used by third parties, serious privacy and market domination issues arise.
*There are certainly legitimate reasons for Sealing. But the main use case seems to be consumer-unfriendly new 'business cases' for content dealers which involve locking down content to a single platform, based on connecting content to a specific device without any migration options.

Additionally, the market domination of Microsoft, obscurities regarding the needed trust infrastructure and a heap of patents have lead to critical evaluations from cryptographers, privacy organizations and European institutions. <br />
Because of this pressure the Trusted Computing Group has modifed its proposal. The recent specification is "TCG 1.2".

=== DRM - Digital Rights Management ===
The philosophy behind Remote Platform Attestation and Sealing seems to be a protection of the computer system like a ThinkPad or electronic device like a MP3-Player ''against'' its user and owner.

What will do this to the use of digital media content on computers or other electronic devices? The answer of the IT- and the Entertainment-Industry is "Digital Rights Management" or just shortly "DRM".

''The DRM component takes control over the rest of the user's device which they rightfully own (e.g. MP3-Player'' '''or a ThinkPad)''' ''and restricts how it may act, regardless of the user's wishes (e.g. preventing the user from copying a song). All forms of DRM depend on the device imposing restrictions that cannot be legally disabled or modified by the user. In other words, the user has no choice.'' Bold emphasised by [[User:Pitsche]].

So a new 'name' for DRM came up: '''Digital Restrictions Management''' instead of Digital Rights Management.

Read more at [[Wikipedia:Digital rights management]].

=== Censorship and Avoiding Whistle Blowers ===
The Siamese twin of Digital Restriction Management is censorship. '''The same techniques which avoid copying music songs can be used to limit the access to all kinds of documents'''. The combination of DRM and observation hardware like TCG leads to very dangerous implications.

Giving a real world example, the Chinese government could easily block the use of all documents containing the words "Dalai Lama" on 'trusted' computer systems.

Another application is the fight against whistle blowers. E.g. government documents about the deportation of own citizens to countries with a doubtful law system or about supporting illegal wars could be made readable for government computers only and combined with a expiration date. This might make it very dificult for the society or following generations to disclose these breaches of humanity.

=== Summary ===
There are still a lot of critical questions, even though TCG 1.2 contains many steps into the right direction.

== Thinkpads with and without TCPA/TCG ==

If you want to know, which ThinkPads are equipped with TCPA Technology like IBM Embedded Security Subsystem or IBM Embedded Security Subsystem 2.0 and which of them are TCPA/TCG clean models, please [[Embedded Security Subsystem#Models featuring this Technology|see the complete list of models]] at the article about [[Embedded Security Subsystem]].

== OpenSource Software and TCG ==
The TrouSerS project aims at implementing each TSS (Trusted computing Software Stack) specification as it is released. TrouSerS is now part of the [http://packages.gentoo.org/packages/?category=app-crypt;name=trousers Gentoo] distribution.

There are many misconceptions surrounding open-source software and trusted computing. Please see the [http://trousers.sf.net/faq.html TrouSerS FAQ] for answers to some common questions.

== Related Links ==
*[http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html 'Trusted Computing' Frequently Asked Questions] - Anti-TC FAQ by Cambridge University security director and professor [[Ross Anderson]].
*[http://www.againsttcpa.com/ Against-TCPA]
*[http://invisiblog.com/1c801df4aee49232/article/0df117d5d9b32aea8bc23194ecc270ec Interesting Uses of Trusted Computing]
*[http://www.gnu.org/philosophy/can-you-trust.html Can you trust your computer?] essay by the FSF
*[http://www.protectprivacy.org/topic--lang-en.html The civil rights organisation Protect Privacy]
*[http://trousers.sourceforge.net/faq.html The TrouSerS FAQ.]

== Read more at Wikipedia, the free encyclopedia: ==
*[http://en.wikipedia.org/wiki/Trusted_computing Trusted Computing]
*[http://en.wikipedia.org/wiki/Trusted_Computing_Platform_Alliance Trusted Computing Group (formerly known as TCPA)]
*[http://en.wikipedia.org/wiki/Fritz-chip Fritz-Chip]
*[http://en.wikipedia.org/wiki/Palladium_operating_system Palladium]
*[http://en.wikipedia.org/wiki/Category:Cryptography Wikipedia-Category: Cryptography]
*[http://en.wikipedia.org/wiki/Category:Copyright_law Wikipedia-Category: Copyright Law]
*[http://en.wikipedia.org/wiki/Category:Digital_rights_management Wikipedia-Category: Digital Rights Management]


[[Category:Glossary]]

Talk:TCPA/TCG - Trusted or Treacherous

2005-07-14T16:15:53Z

Shpedoikal: /* Not sure where to begin... */

== Discussion about the article "Trusted or Treacherous" ==

Please add you comments here.

You can use the "Plus"(+)-Button next to the "edit"-button at the top of this page to add you comments at the right spot ;-)

--[[User:Pitsche|Pitsche]] 11:38, 4 Jul 2005 (CEST)

== Plagiarism? ==

Large parts of this article apparently consist of unattributed, near-verbatim excerpts from a SANE2004 paper by Weis, Lucks, and Bogk, [http://www.cryptolabs.org/CCC2004TCunendlich/WeisLucksBogkSane2004tcg12.pdf TCG 1.2 - fair play with the 'Fritz' chip?]. Regardless of whether one believes that general political/ethical concerns about Trusted Computing belong on a Thinkpad-specific site, wholesale copying of unidentified, and presumably copyrighted, material is not cool, and could get the whole project in trouble.

I would suggest that the non-original parts of this article be removed and replaced by an external link to the above-mentioned paper; any particularly crucial short excerpts (as permitted by "fair use") should be clearly identified as such. The specific information about how the TCG specifications are implemented on various Thinkpad models can stay, of course.

== The Source is under Creative Commons, isn't it? ==

Hello Andrzej,

yes, you are right, another version of this text on a website of the presentation of the annual chaos computer club is one of my sources, but I think, that one is under creative commons license by-nc-sa 2.0 de. And are the presentations of the chaos computer congress not also free unless the speakers don't want it??????

This license allows to copy, distribute, display, perform or modify the text as long as it is published under exactly the same creative commons license and licensees may not use the work for commercial purposes - unless they get the licensor's permission.

My problem was, I had a lot more sources in a different language than english and my first drafts were way to long!

It didn't worked to keep it that short but detailed, as Ruediger and Adreas wrote it.

But if you think, after my explanation the actual version is still problematic, I will delete it of course!

--[[User:Pitsche|Pitsche]] 21:12, 4 Jul 2005 (CEST)

----
If the original authors have explicitly published the text under a suitably permissive CC license, there should be no legal problem in using it in a ThinkWiki article. Even in that case, however, the source needs to be clearly identified, and there should be a link to the complete original article.

-- Andrzej

----
Okay Andrzej, I will work on that and tell all of you about it in the coming days, if I have enough time for it.

Unless that, feel free to take out the critical passages of the article or modify it, if you have the time and if you want to do it.

But there is a problem: I slightly changed the text, put two sentence together to one etc. How can I now cite the source?

--[[User:Pitsche|Pitsche]] 21:38, 4 Jul 2005 (CEST)

----
No problem; just say that your ThinkWiki article is ''based on'' the Weis et al. paper, and give a reference. The parts of their text that you include don't have to be verbatim copies; indeed, the whole point is that you are creating a ''derived work'' (e.g., by bringing in material from other sources), which they supposedly explicitly allow in the CC license. To be on the safe side, you should probably also include a link to a web page documenting that the original text is indeed freely licensed, or say that you have personally obtained permission from the authors.

-- Andrzej
----
Agreed. There should be a general statement in the article about the source the article is derived from, or rather sources - i seem to have used different sources of information for some of my edits. ;-) I'll add mine on next edit.

Wyrfel.

== Thanks for your work, i like it ==

Hello Wyrfel,

thank you very much for editing and restructering of that article.

I think, I know know what you and Andrzej want and I will try in he next days, to change the article in that way, okay?

P.S.: I don't know, why I loose my logged-in status from time to time, perhaps my connection. I am sorry, that there are IP-Adresses instead of my unsername "pitsche", I hope, no one gets confused, which edit is by me and which one by someone else :-o

Sorry.

--[[User:Pitsche|Pitsche]] 21:15, 4 Jul 2005 (CEST)
----
About your login status: ThinkWiki doesn't cache logins. This means everytime your connection breaks or your browser closes you will have to login again. But don't worry, we can figure out what's from you and if not - it's a Wiki. ;-) I'm doing a lot of edits without being logged in as well.

Wyrfel.
----
== No exact TCG specifications needed ==

Hello again!

I am against writing about the specific specifications, because it will make the article longer and everybody, who is '''really''' interested in the specifications has several possibilities to get it for free in the WWW or from Cryptolabs.org or from the CCC.

--[[User:Pitsche|Pitsche]] 21:22, 4 Jul 2005 (CEST)
----
I think the TCG specifications should appear there somewhere. At least at current state of my knowledge about the subject i'd think that having them there is helpful for the user to understand what ESS 1 and 2 are capable of. Of course we shouldn't post the whole specs, but some really compressed summary, similar to the 'feature-list' in "TC - Trusted Computing". Pitsche, if you could point me to them i could do it. Also, a link to the original TCPA specs would be good. The links themselves should be added to the Links section.

That's it so far...i like the way we work on this.

Wyrfel.
----
One more thing...

I think the TCPA implementation in current ThinkPads is pretty harmless. At least at it's current software state. You just don't use it (respectively don't install the supporting software layer) and it never gets active. One interesting aspect of finding out what the chip is capable of is if it could be forced to be used by later software upgrades or not.

Wyrfel.

----
Hello Wyrfel!

I also like the way we work on this article. I think, their will be a improvement in the end, that makes everybody happy and is interesting for the users of the ThinkWiki.

Now to your comments:

# I deleted the 'exact' TCG-Specifications, because there is a paragraph about ESS 1.0 and ESS 2.0, where I think the informations should be placed about how much TCG is in ESS, "what ESS 1 and 2 are capable of" and "if it could be forced to be used by later software upgrades or not" (qutoes from you). Correct me if I am wrong, but otherwiese it would be included two times in the article. Or am I making a mistake here?
# I agree with you: At least one hyperlink to the TCG-Specifications should be included in the "Related Links" (right now it is No. 9 in the Table Of Contents). Perhaps on wednesday or thursday I will do this...
# I don't know, if the TCPA implementation in current ThinkPads is pretty harmless. I understood Ruediger and Andreas in their presentation at the 21. Chaos Communication Congress very different to that, because the were referring almost only to IBM and Microsoft. <br />
:It might be a rhetorical technique to fascinate their audience and to keep them awake and following. But my impression of them both was, that they are very concerned scientist (or at least CCC-Activists), who really see the current TCG-Implementations that problematic. And I also felt that they don't need to panic the people just for getting more attention and that they would'nt be disappointed, if they could turn their attention to something else and did'nt have to fight against TCPA/TCG/Palladium :-)

P.S.: Effeff, well, how do I say this, hmmm, does anybody know, where I can find a list of 'common market prices' in USD or Euro for used ThinkPads?

Perhaps something like this [http://www.macnews.de/index.php?_mcnpage=6760 www.macnews.de/index.php?_mcnpage=6760] ???? "Jehova, Jehova, Jeh- outch!" ;-)

Background: I was offered a not so much used ThinkPad A30 with a SXGA+ - TFT-Display without any pixelerrors, but some problems at the drive slot at the right side. Specs of it are: CPU 1.0 Ghz, RAM 512 MB, HDD original IBM 60 GB with 5400 rpm and CD-RW/DVD-ROM-Combo drive...

I have much difficulty for naming a price, because I am not familiar with the cost of repairing that drive slot. At eBay I found some A30p around 600,- Euro and a A22p for 529,- Euro -- is the A30 between? :-o

Thanks!

--[[User:Pitsche|Pitsche]] 01:37, 5 Jul 2005 (CEST)

== a bit paranoid? ==

1) The [[Embedded Security Subsystem]] page already contains a list of ThinkPad's that <u>might</u> have the security chip, no need to start listing older machines that predate it.

2) And noticed how I said <u>might</u>, because some of the ThinkPads listed had the security chip as a feature that was not available on every model in the range. You can see this on the individual ThinkPad product pages, as it will say that it was available <i>on select models</i>. So for example it is perfectly possible to get a second-hand R40, T40 or X31 without the chip. If you want to know the exact type-model of machines with or without the securitychip, look at tawbook.pdf or trwbook.pdf

3) To my knowledge, the chip is disabled by default on every machine that has it, you need to manually enable it in the BIOS first. I have three ThinkPads currently, two have the security chip, and neither Windows or Linux is able to detect it in the disabled state.

4) Ironically Linux actually has better support for it then windows out-of-the-box. The latest Linux kernels have a driver for it, while MS is not shipping anything that supports it, and will not for some time.

----
Hello Mr. "67.87.7.65",

thanks for your comments, much appreciated.

TC can be a good thing, but what TCG (formerly TCPA) wants, can't be a good thing at all and that has nothing to do with paranoia. At least I hope I am not paranoid, just critical about every marketing phrase :-)

I am sorry, if you got the impression, that the ThinkPad models with E.S.S. 1.0 or 2.0 are treacherous. To be honest, I don't have a ThinkPad (not yet) and therefore I can't see for myself, how and what TCG-specs are implemented.

As stated before, Ruediger and Andreas were mostly talking about IBM and MS in their presentation at the 21. Chaos Communication Congress in December 2004 and they seem to talk about this topic for some years now, not only at the congress.

Other sources together with their presentation at 21C3 let me come to the conclusion, that you can't belive the statements of the TCG and their members concerning your (cyber) civil rights and your right of freedom of choice as user and owner of degitial devices such as laptops equipped with a 'Fritz'-chip.

I thought, the article about E.S.S. was a little bit too superficial and the dispute and the critics were not mentionend at all. The EMbedded Security Subsystem sounded like a fantastic thing, that every laptop building and selling company should implement. But why was IBM using that new name and not 'Fritz'-chip or TCG or TCPA? Guess why... :-)

On the other side, my article was / is very much about the dispute and the critics. Okay. Perhaps I can shorten this a litte bit more, add some stuff from the TCG in it (like Wyrfel asked for) etc.

And I have a suggestion to make:

'''How about putting the list of "TCPA/TCG clean models" into the E.S.S.-article and leaving "Trusted or Treacherous" to talk only about Trusted Computing, the TCG-sepcs and the dispute about that specs and giving the readers the hyperlinks so that they can make a judgement by their own???'''

ThinkWiki would be free of that 'conflict', the copied text paragraphs would be gone, the discussion could end, etc.

--[[User:Pitsche|Pitsche]] 12:16, 6 Jul 2005 (CEST)

----
Yepp, we could do that - leave the list of ESS featured ThinkPads on the ESS page. I think we don't even need the 'clean'-list, since it is just every ThinkPad that doesn't have it. ;-)

However, i agree to "67.87.7.65" ;-) in his impression. He's right about that even of the ESS featured models, some don't have the chip. He's also right about that with the current implementation in ThinkPads you are pretty free to choose using it or not using it. Hence it's a feature. As i see it trouble arises from different sides... the software and the law. These both could eventually force you using it. However, i think there's no need to by a A30 or whatever, just because it doesn't feature that chip. You can buy any other ThinkPad, never enable the chip and be happy. What this article is good for, however, is to make people concious about both, what it really can do, and what privacy and security risks are involved with it.

And BTW, i think that your assumtion of IBM using the ESS name instead of TCG/TCPA to confuse people is a little paranoid. ;-) Look at any IBM page about the ESS and you'll find the words "TCG compliant" within the first sentences, linking to the TCG page. Being suspicious is good, but don't give in to speculations too much.

Wyrfel.

----
Hello Wyrfel,

no, no, don't get me worng please. The new name by IBM is not to confuse people, but to have it copyrighted and stuff like that.

Gues why IBM is calling it UltraBay, Dell is calling it MediaBay and FixBay and the third Company I forgot the name of is calling it SelectBay?

Because they want to keep the rights of their names / marketing phrases and don't want to pay license fees to the competitors.

For example even the Nike Logo (called "swoosh") is protected due to heavy brand pirating in developing countires and china.

Sniff, I am *not* paranoid.

(-:

--[[User:Pitsche|Pitsche]] 21:26, 6 Jul 2005 (CEST)

----

Hi, ok, ok. That's just what i think, but when you originally posted it it sounded like a reference to the TCPA/TCG releated name changes. I'm glad that you're not paranoid. ;-) Wyrfel.
----

== Not sure where to begin... ==

Hi, I started to edit the Open-Source Software section, but then realized that I'd basically end up deleting it, and didn't want that w/o discussion.

There's no certification process for trusted computing applications at all, anywhere. Right now, you can write an app using trousers, the Trusted Computing Software Stack for Linux, and distribute it as widely as you'd like. Everyone with a TPM would be able to use it on Linux w/o restrictions, just like any other app.

In other sections of the doc, there is discussion on how difficult it is to separate Palladium and TC. This should not be difficult at all... Palladium is a massive set of technologies built on top of a TSS Stack for windows. Right now, very few apps have been written for Linux and its TSS.

ALso, how can I get my thinkwiki username to appear after my posts?
Thanks, shpedoikal
----
Hi, if you are logged in, you can use <nowiki>~~~~</nowiki> at the end of your posts. It will be replaced by your user name and a date stamp. Or you just write it manually.

Concerning the OpenSource-Section...i think this section being here offers us two things to fill it with: statements about OpenSource projects dealing with TC like TrouSerS and notes about the threat that technics like remote attestation would incline.

Wyrfel
----

Ok, I'll make some changes...

[[User:Shpedoikal|shpedoikal]] 18:15, 14 Jul 2005 (CEST)

Talk:TCPA/TCG - Trusted or Treacherous

2005-07-13T22:21:57Z

Shpedoikal: /* Not sure where to begin... */

Talk:TCPA/TCG - Trusted or Treacherous

2005-07-13T22:04:46Z

Shpedoikal: No sure where to begin...

== Discussion about the article "Trusted or Treacherous" ==

Please add you comments here.

You can use the "Plus"(+)-Button next to the "edit"-button at the top of this page to add you comments at the right spot ;-)

--[[User:Pitsche|Pitsche]] 11:38, 4 Jul 2005 (CEST)

== Plagiarism? ==

Large parts of this article apparently consist of unattributed, near-verbatim excerpts from a SANE2004 paper by Weis, Lucks, and Bogk, [http://www.cryptolabs.org/CCC2004TCunendlich/WeisLucksBogkSane2004tcg12.pdf TCG 1.2 - fair play with the 'Fritz' chip?]. Regardless of whether one believes that general political/ethical concerns about Trusted Computing belong on a Thinkpad-specific site, wholesale copying of unidentified, and presumably copyrighted, material is not cool, and could get the whole project in trouble.

I would suggest that the non-original parts of this article be removed and replaced by an external link to the above-mentioned paper; any particularly crucial short excerpts (as permitted by "fair use") should be clearly identified as such. The specific information about how the TCG specifications are implemented on various Thinkpad models can stay, of course.

== The Source is under Creative Commons, isn't it? ==

Hello Andrzej,

yes, you are right, another version of this text on a website of the presentation of the annual chaos computer club is one of my sources, but I think, that one is under creative commons license by-nc-sa 2.0 de. And are the presentations of the chaos computer congress not also free unless the speakers don't want it??????

This license allows to copy, distribute, display, perform or modify the text as long as it is published under exactly the same creative commons license and licensees may not use the work for commercial purposes - unless they get the licensor's permission.

My problem was, I had a lot more sources in a different language than english and my first drafts were way to long!

It didn't worked to keep it that short but detailed, as Ruediger and Adreas wrote it.

But if you think, after my explanation the actual version is still problematic, I will delete it of course!

--[[User:Pitsche|Pitsche]] 21:12, 4 Jul 2005 (CEST)

----
If the original authors have explicitly published the text under a suitably permissive CC license, there should be no legal problem in using it in a ThinkWiki article. Even in that case, however, the source needs to be clearly identified, and there should be a link to the complete original article.

-- Andrzej

----
Okay Andrzej, I will work on that and tell all of you about it in the coming days, if I have enough time for it.

Unless that, feel free to take out the critical passages of the article or modify it, if you have the time and if you want to do it.

But there is a problem: I slightly changed the text, put two sentence together to one etc. How can I now cite the source?

--[[User:Pitsche|Pitsche]] 21:38, 4 Jul 2005 (CEST)

----
No problem; just say that your ThinkWiki article is ''based on'' the Weis et al. paper, and give a reference. The parts of their text that you include don't have to be verbatim copies; indeed, the whole point is that you are creating a ''derived work'' (e.g., by bringing in material from other sources), which they supposedly explicitly allow in the CC license. To be on the safe side, you should probably also include a link to a web page documenting that the original text is indeed freely licensed, or say that you have personally obtained permission from the authors.

-- Andrzej
----
Agreed. There should be a general statement in the article about the source the article is derived from, or rather sources - i seem to have used different sources of information for some of my edits. ;-) I'll add mine on next edit.

Wyrfel.

== Thanks for your work, i like it ==

Hello Wyrfel,

thank you very much for editing and restructering of that article.

I think, I know know what you and Andrzej want and I will try in he next days, to change the article in that way, okay?

P.S.: I don't know, why I loose my logged-in status from time to time, perhaps my connection. I am sorry, that there are IP-Adresses instead of my unsername "pitsche", I hope, no one gets confused, which edit is by me and which one by someone else :-o

Sorry.

--[[User:Pitsche|Pitsche]] 21:15, 4 Jul 2005 (CEST)
----
About your login status: ThinkWiki doesn't cache logins. This means everytime your connection breaks or your browser closes you will have to login again. But don't worry, we can figure out what's from you and if not - it's a Wiki. ;-) I'm doing a lot of edits without being logged in as well.

Wyrfel.
----
== No exact TCG specifications needed ==

Hello again!

I am against writing about the specific specifications, because it will make the article longer and everybody, who is '''really''' interested in the specifications has several possibilities to get it for free in the WWW or from Cryptolabs.org or from the CCC.

--[[User:Pitsche|Pitsche]] 21:22, 4 Jul 2005 (CEST)
----
I think the TCG specifications should appear there somewhere. At least at current state of my knowledge about the subject i'd think that having them there is helpful for the user to understand what ESS 1 and 2 are capable of. Of course we shouldn't post the whole specs, but some really compressed summary, similar to the 'feature-list' in "TC - Trusted Computing". Pitsche, if you could point me to them i could do it. Also, a link to the original TCPA specs would be good. The links themselves should be added to the Links section.

That's it so far...i like the way we work on this.

Wyrfel.
----
One more thing...

I think the TCPA implementation in current ThinkPads is pretty harmless. At least at it's current software state. You just don't use it (respectively don't install the supporting software layer) and it never gets active. One interesting aspect of finding out what the chip is capable of is if it could be forced to be used by later software upgrades or not.

Wyrfel.

----
Hello Wyrfel!

I also like the way we work on this article. I think, their will be a improvement in the end, that makes everybody happy and is interesting for the users of the ThinkWiki.

Now to your comments:

# I deleted the 'exact' TCG-Specifications, because there is a paragraph about ESS 1.0 and ESS 2.0, where I think the informations should be placed about how much TCG is in ESS, "what ESS 1 and 2 are capable of" and "if it could be forced to be used by later software upgrades or not" (qutoes from you). Correct me if I am wrong, but otherwiese it would be included two times in the article. Or am I making a mistake here?
# I agree with you: At least one hyperlink to the TCG-Specifications should be included in the "Related Links" (right now it is No. 9 in the Table Of Contents). Perhaps on wednesday or thursday I will do this...
# I don't know, if the TCPA implementation in current ThinkPads is pretty harmless. I understood Ruediger and Andreas in their presentation at the 21. Chaos Communication Congress very different to that, because the were referring almost only to IBM and Microsoft. <br />
:It might be a rhetorical technique to fascinate their audience and to keep them awake and following. But my impression of them both was, that they are very concerned scientist (or at least CCC-Activists), who really see the current TCG-Implementations that problematic. And I also felt that they don't need to panic the people just for getting more attention and that they would'nt be disappointed, if they could turn their attention to something else and did'nt have to fight against TCPA/TCG/Palladium :-)

P.S.: Effeff, well, how do I say this, hmmm, does anybody know, where I can find a list of 'common market prices' in USD or Euro for used ThinkPads?

Perhaps something like this [http://www.macnews.de/index.php?_mcnpage=6760 www.macnews.de/index.php?_mcnpage=6760] ???? "Jehova, Jehova, Jeh- outch!" ;-)

Background: I was offered a not so much used ThinkPad A30 with a SXGA+ - TFT-Display without any pixelerrors, but some problems at the drive slot at the right side. Specs of it are: CPU 1.0 Ghz, RAM 512 MB, HDD original IBM 60 GB with 5400 rpm and CD-RW/DVD-ROM-Combo drive...

I have much difficulty for naming a price, because I am not familiar with the cost of repairing that drive slot. At eBay I found some A30p around 600,- Euro and a A22p for 529,- Euro -- is the A30 between? :-o

Thanks!

--[[User:Pitsche|Pitsche]] 01:37, 5 Jul 2005 (CEST)

== a bit paranoid? ==

1) The [[Embedded Security Subsystem]] page already contains a list of ThinkPad's that <u>might</u> have the security chip, no need to start listing older machines that predate it.

2) And noticed how I said <u>might</u>, because some of the ThinkPads listed had the security chip as a feature that was not available on every model in the range. You can see this on the individual ThinkPad product pages, as it will say that it was available <i>on select models</i>. So for example it is perfectly possible to get a second-hand R40, T40 or X31 without the chip. If you want to know the exact type-model of machines with or without the securitychip, look at tawbook.pdf or trwbook.pdf

3) To my knowledge, the chip is disabled by default on every machine that has it, you need to manually enable it in the BIOS first. I have three ThinkPads currently, two have the security chip, and neither Windows or Linux is able to detect it in the disabled state.

4) Ironically Linux actually has better support for it then windows out-of-the-box. The latest Linux kernels have a driver for it, while MS is not shipping anything that supports it, and will not for some time.

----
Hello Mr. "67.87.7.65",

thanks for your comments, much appreciated.

TC can be a good thing, but what TCG (formerly TCPA) wants, can't be a good thing at all and that has nothing to do with paranoia. At least I hope I am not paranoid, just critical about every marketing phrase :-)

I am sorry, if you got the impression, that the ThinkPad models with E.S.S. 1.0 or 2.0 are treacherous. To be honest, I don't have a ThinkPad (not yet) and therefore I can't see for myself, how and what TCG-specs are implemented.

As stated before, Ruediger and Andreas were mostly talking about IBM and MS in their presentation at the 21. Chaos Communication Congress in December 2004 and they seem to talk about this topic for some years now, not only at the congress.

Other sources together with their presentation at 21C3 let me come to the conclusion, that you can't belive the statements of the TCG and their members concerning your (cyber) civil rights and your right of freedom of choice as user and owner of degitial devices such as laptops equipped with a 'Fritz'-chip.

I thought, the article about E.S.S. was a little bit too superficial and the dispute and the critics were not mentionend at all. The EMbedded Security Subsystem sounded like a fantastic thing, that every laptop building and selling company should implement. But why was IBM using that new name and not 'Fritz'-chip or TCG or TCPA? Guess why... :-)

On the other side, my article was / is very much about the dispute and the critics. Okay. Perhaps I can shorten this a litte bit more, add some stuff from the TCG in it (like Wyrfel asked for) etc.

And I have a suggestion to make:

'''How about putting the list of "TCPA/TCG clean models" into the E.S.S.-article and leaving "Trusted or Treacherous" to talk only about Trusted Computing, the TCG-sepcs and the dispute about that specs and giving the readers the hyperlinks so that they can make a judgement by their own???'''

ThinkWiki would be free of that 'conflict', the copied text paragraphs would be gone, the discussion could end, etc.

--[[User:Pitsche|Pitsche]] 12:16, 6 Jul 2005 (CEST)

----
Yepp, we could do that - leave the list of ESS featured ThinkPads on the ESS page. I think we don't even need the 'clean'-list, since it is just every ThinkPad that doesn't have it. ;-)

However, i agree to "67.87.7.65" ;-) in his impression. He's right about that even of the ESS featured models, some don't have the chip. He's also right about that with the current implementation in ThinkPads you are pretty free to choose using it or not using it. Hence it's a feature. As i see it trouble arises from different sides... the software and the law. These both could eventually force you using it. However, i think there's no need to by a A30 or whatever, just because it doesn't feature that chip. You can buy any other ThinkPad, never enable the chip and be happy. What this article is good for, however, is to make people concious about both, what it really can do, and what privacy and security risks are involved with it.

And BTW, i think that your assumtion of IBM using the ESS name instead of TCG/TCPA to confuse people is a little paranoid. ;-) Look at any IBM page about the ESS and you'll find the words "TCG compliant" within the first sentences, linking to the TCG page. Being suspicious is good, but don't give in to speculations too much.

Wyrfel.

----
Hello Wyrfel,

no, no, don't get me worng please. The new name by IBM is not to confuse people, but to have it copyrighted and stuff like that.

Gues why IBM is calling it UltraBay, Dell is calling it MediaBay and FixBay and the third Company I forgot the name of is calling it SelectBay?

Because they want to keep the rights of their names / marketing phrases and don't want to pay license fees to the competitors.

For example even the Nike Logo (called "swoosh") is protected due to heavy brand pirating in developing countires and china.

Sniff, I am *not* paranoid.

(-:

--[[User:Pitsche|Pitsche]] 21:26, 6 Jul 2005 (CEST)

----

Hi, ok, ok. That's just what i think, but when you originally posted it it sounded like a reference to the TCPA/TCG releated name changes. I'm glad that you're not paranoid. ;-) Wyrfel.
----

== No sure where to begin... ==

Hi, I started to edit the Open-Source Software section, but then realized that I'd basically end up deleting it, and didn't want that w/o discussion.

There's no certification process for trusted computing applications at all, anywhere. Right now, you can write an app using trousers, the Trusted Computing Software Stack for Linux, and distribute it as widely as you'd like. Everyone with a TPM would be able to use it on Linux w/o restrictions, just like any other app.

In other sections of the doc, there is discussion on how difficult it is to separate Palladium and TC. This should not be difficult at all... Palladium is a massive set of technologies built on top of a TSS Stack for windows. Right now, very few apps have been written for Linux and its TSS.

ALso, how can I get my thinkwiki username to appear after my posts?
Thanks, shpedoikal

Embedded Security Subsystem

2005-07-13T21:52:12Z

Shpedoikal: /* Embedded Security Subsystem 2.0 */

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | [[Image:ESS.jpg|IBM Embedded Security Subsystem]] __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
=== The Embedded Security Subsystem ===
The Embedded Security Subsystem is nothing but a chip installed on the Thinkpads mainboard that can take care of certain security related tasks conforming to the TCPA standard. It was first introduced among the T23 models and is now under the name Embedded Security Subsystem 2.0 an integral part of most of the modern Thinkpads. The functions of the chip are bound to three main groups:
* public key functions
* trusted boot functions
* initialization and management functions

The purpose of the whole thing is to keep the users sensitive data out of range from software based attacks (like viruses, internet attacks etc.). One way the chip offers to achieve this is by providing storage for keys along with the neccessary functions to handle them within itself, so that a i.e. a private key never has to leave the chip (can't be seen by any piece of software). Besides this there are more complex topics covered by the functionality of the chip. If you want to find out more about it you can find good documents on the [http://www.research.ibm.com/gsal/tcpa/ IBM Research TCPA resources page].</div>
|}

==Trusted or Treacherous?==

TC - Trusted Computing - will be the biggest change of the information landscape since decades. Besides positive features like a more secure hardware storage for cryptographic keys, an analysis of the proposed TCG-standards shows some problematic properties. <br />
As Thinkpads of recent generations following the Thinkpad T23 ([[Embedded Security Subsystem#Models featuring this Technology|see the complete list of models]]) are equipped with this disputed TCG-/TCPA-Technology, it can be interesting, which promises of the TCG are fulfilled inside your ThinkPad and which parts of the TCG-specifications still seem to be a privacy issue for every user of digital devices like a MP3-player or a ThinkPad - so please read [[TCPA/TCG - Trusted or Treacherous|this article]] for more details.

==Linux Support==
Two linux drivers are available, a [[tpm|classical one]] and a [[tpmdd|newer one]].
Coverage of functionality of the first is unknown so far, the second is part of a bigger project aiming to provide a usable security framework.

David Stafford (one of the developers of the tpm code at IBM) on March 10, 2005 sent me the most recent version of the tpm-kml code. With his permission, I quote his email:

"I am attaching our latest driver and library.
This version is in the process of kernel mailing list review, and
will hopefully be accepted into the official kernel. It works
much better across various 2.6 kernels. Note that this builds
three modules tpm, tpm_atmel, and tpm_nsc. You modprobe the
tpm_atmel (for all current shipping atmel based systems), or
tpm_nsc (for the coming national based systems).

Also note that there is a conflict with the snd-intel8x0
kernel module (they each try to grab the LPC bus). You can
either: load the tpm modules first (such as in initrd or
rc.sysinit, before sound), or recompile the snd-intel8x0, turning
off the MIDI and JOYSTICK support. The latest 2.6.11 version
of snd-intel8x0 also reportedly fixes things."

Compiling this library was easy. Compiling the driver on my 2.6.8-686 (debian testing) laptop failed. But the library works with the driver I compiled from the tpm-2.0 package IBM made available on its pages (see the links below).

Gijs

The T43 requires a patch posted to the LKML by Kylene Jo Hall: [http://marc.theaimsgroup.com/?l=linux-kernel&m=111884603309146&w=2 LKML posting]. An updated patch for linux 2.6.12 is available [http://shamrock.dyndns.org/~ln/linux/tpm_2.6.12.diff here].

==Versions & Features==
=== Embedded Security Chip ===
IBM introduced it's TCPA/TCG features with some of the [[:Category:T23|T23]] models. The earlier of them didn't yet have the Embedded Security Subsystem, but a kind of pre 1.0 version called the Embedded Security Chip. This chip had the following capabilities:
*Data communications authentication and encryption
*Storage of encrypted passwords

=== Embedded Security Subsystem (1.0) ===
The original Embedded Security Subsystem (in IBM documents there is no use of the additive version-number 1.0) claims to be compliant with TCG specs, but apparently did not fully implement any specific TCG spec.

The Embedded Security Subsystem has the following features:
*hardware key storage
*multi-factor authentication
*local file encryption
*enhances VPN security

=== Embedded Security Subsystem 2.0 ===
The Embedded Security Subsystem 2.0 conforms to the TCG TPM 1.1b specification, with a TPM manufactured by either Atmel or National Semiconductor.

The Embedded Security Subsystem 2.0 has the following features:
*hardware key storage
*multi-factor authentication
*local file encryption
*enhances VPN security
*TCG compliant

==Models featuring this Technology==
===IBM Embedded Security Chip===
*ThinkPad {{T23}}
===IBM Embedded Security Subsystem===
*ThinkPad {{A30p}}
*ThinkPad {{R31}}
*ThinkPad {{T23}}, {{T30}}
*ThinkPad {{X22}}, {{X23}}, {{X24}}
===IBM Embedded Security Subsystem 2.0===
*ThinkPad {{R32}}, {{R40}}, {{R50}}, {{R50p}}, {{R51}}, {{R52}}
*ThinkPad {{T40}}, {{T40p}}, {{T41}}, {{T41p}}, {{T42}}, {{T42p}}, {{T43}}, {{T43p}}
*ThinkPad {{X30}}, {{X31}}, {{X32}}, {{X40}}, {{X41}}, {{X41T}}
[[Category:Glossary]]

==TCPA/TCG clean models==
*all models produced before 2000
*all i Series models
*ThinkPad [[:Category:240X|240X]]
*ThinkPad [[:Category:A20m|A20m]], [[:Category:A20p|A20p]], [[:Category:A21e|A21e]], [[:Category:A21m|A21m]], [[:Category:A21p|A21p]], [[:Category:A22e|A22e]], [[:Category:A22m|A22m]], [[:Category:A22p|A22p]], [[:Category:A30|A30]]
*ThinkPad [[:Category:T20|T20]], [[:Category:T21|T21]]
*ThinkPad [[:Category:X20|X20]], [[:Category:X21|X21]], [[:Category:X22|X22]]
*ThinkPad [[:Category:TransNote|TransNote]]

==External Sources==
*[http://www.pc.ibm.com/us/think/thinkvantagetech/security.html IBMs ThinkVantage<sup>TM</sup> Technologies Embedded Security Subsystem page]
*[http://www.pc.ibm.com/presentations/us/thinkvantage/56/index.html?shortcut=ess& IBMs ThinkVantage<sup>TM</sup> Technologies Flash presentation - Embedded Security Subsystem]
*[http://www.research.ibm.com/gsal/tcpa/ IBM Research TCPA resources page]
*[http://www.prosec.rub.de/trusted_grub.html Trusted Grub]

Embedded Security Subsystem

2005-07-13T21:51:52Z

Shpedoikal: /* Embedded Security System 2.0 */

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | [[Image:ESS.jpg|IBM Embedded Security Subsystem]] __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
=== The Embedded Security Subsystem ===
The Embedded Security Subsystem is nothing but a chip installed on the Thinkpads mainboard that can take care of certain security related tasks conforming to the TCPA standard. It was first introduced among the T23 models and is now under the name Embedded Security Subsystem 2.0 an integral part of most of the modern Thinkpads. The functions of the chip are bound to three main groups:
* public key functions
* trusted boot functions
* initialization and management functions

The purpose of the whole thing is to keep the users sensitive data out of range from software based attacks (like viruses, internet attacks etc.). One way the chip offers to achieve this is by providing storage for keys along with the neccessary functions to handle them within itself, so that a i.e. a private key never has to leave the chip (can't be seen by any piece of software). Besides this there are more complex topics covered by the functionality of the chip. If you want to find out more about it you can find good documents on the [http://www.research.ibm.com/gsal/tcpa/ IBM Research TCPA resources page].</div>
|}

==Trusted or Treacherous?==

TC - Trusted Computing - will be the biggest change of the information landscape since decades. Besides positive features like a more secure hardware storage for cryptographic keys, an analysis of the proposed TCG-standards shows some problematic properties. <br />
As Thinkpads of recent generations following the Thinkpad T23 ([[Embedded Security Subsystem#Models featuring this Technology|see the complete list of models]]) are equipped with this disputed TCG-/TCPA-Technology, it can be interesting, which promises of the TCG are fulfilled inside your ThinkPad and which parts of the TCG-specifications still seem to be a privacy issue for every user of digital devices like a MP3-player or a ThinkPad - so please read [[TCPA/TCG - Trusted or Treacherous|this article]] for more details.

==Linux Support==
Two linux drivers are available, a [[tpm|classical one]] and a [[tpmdd|newer one]].
Coverage of functionality of the first is unknown so far, the second is part of a bigger project aiming to provide a usable security framework.

David Stafford (one of the developers of the tpm code at IBM) on March 10, 2005 sent me the most recent version of the tpm-kml code. With his permission, I quote his email:

"I am attaching our latest driver and library.
This version is in the process of kernel mailing list review, and
will hopefully be accepted into the official kernel. It works
much better across various 2.6 kernels. Note that this builds
three modules tpm, tpm_atmel, and tpm_nsc. You modprobe the
tpm_atmel (for all current shipping atmel based systems), or
tpm_nsc (for the coming national based systems).

Also note that there is a conflict with the snd-intel8x0
kernel module (they each try to grab the LPC bus). You can
either: load the tpm modules first (such as in initrd or
rc.sysinit, before sound), or recompile the snd-intel8x0, turning
off the MIDI and JOYSTICK support. The latest 2.6.11 version
of snd-intel8x0 also reportedly fixes things."

Compiling this library was easy. Compiling the driver on my 2.6.8-686 (debian testing) laptop failed. But the library works with the driver I compiled from the tpm-2.0 package IBM made available on its pages (see the links below).

Gijs

The T43 requires a patch posted to the LKML by Kylene Jo Hall: [http://marc.theaimsgroup.com/?l=linux-kernel&m=111884603309146&w=2 LKML posting]. An updated patch for linux 2.6.12 is available [http://shamrock.dyndns.org/~ln/linux/tpm_2.6.12.diff here].

==Versions & Features==
=== Embedded Security Chip ===
IBM introduced it's TCPA/TCG features with some of the [[:Category:T23|T23]] models. The earlier of them didn't yet have the Embedded Security Subsystem, but a kind of pre 1.0 version called the Embedded Security Chip. This chip had the following capabilities:
*Data communications authentication and encryption
*Storage of encrypted passwords

=== Embedded Security Subsystem (1.0) ===
The original Embedded Security Subsystem (in IBM documents there is no use of the additive version-number 1.0) claims to be compliant with TCG specs, but apparently did not fully implement any specific TCG spec.

The Embedded Security Subsystem has the following features:
*hardware key storage
*multi-factor authentication
*local file encryption
*enhances VPN security

=== Embedded Security Subsystem 2.0 ===
The Embedded Security Subsystem 2.0 conforms to the TCG TPM 1.1b specification, with either a TPM manufactured by either Atmel or National Semiconductor.

The Embedded Security Subsystem 2.0 has the following features:
*hardware key storage
*multi-factor authentication
*local file encryption
*enhances VPN security
*TCG compliant

==Models featuring this Technology==
===IBM Embedded Security Chip===
*ThinkPad {{T23}}
===IBM Embedded Security Subsystem===
*ThinkPad {{A30p}}
*ThinkPad {{R31}}
*ThinkPad {{T23}}, {{T30}}
*ThinkPad {{X22}}, {{X23}}, {{X24}}
===IBM Embedded Security Subsystem 2.0===
*ThinkPad {{R32}}, {{R40}}, {{R50}}, {{R50p}}, {{R51}}, {{R52}}
*ThinkPad {{T40}}, {{T40p}}, {{T41}}, {{T41p}}, {{T42}}, {{T42p}}, {{T43}}, {{T43p}}
*ThinkPad {{X30}}, {{X31}}, {{X32}}, {{X40}}, {{X41}}, {{X41T}}
[[Category:Glossary]]

==TCPA/TCG clean models==
*all models produced before 2000
*all i Series models
*ThinkPad [[:Category:240X|240X]]
*ThinkPad [[:Category:A20m|A20m]], [[:Category:A20p|A20p]], [[:Category:A21e|A21e]], [[:Category:A21m|A21m]], [[:Category:A21p|A21p]], [[:Category:A22e|A22e]], [[:Category:A22m|A22m]], [[:Category:A22p|A22p]], [[:Category:A30|A30]]
*ThinkPad [[:Category:T20|T20]], [[:Category:T21|T21]]
*ThinkPad [[:Category:X20|X20]], [[:Category:X21|X21]], [[:Category:X22|X22]]
*ThinkPad [[:Category:TransNote|TransNote]]

==External Sources==
*[http://www.pc.ibm.com/us/think/thinkvantagetech/security.html IBMs ThinkVantage<sup>TM</sup> Technologies Embedded Security Subsystem page]
*[http://www.pc.ibm.com/presentations/us/thinkvantage/56/index.html?shortcut=ess& IBMs ThinkVantage<sup>TM</sup> Technologies Flash presentation - Embedded Security Subsystem]
*[http://www.research.ibm.com/gsal/tcpa/ IBM Research TCPA resources page]
*[http://www.prosec.rub.de/trusted_grub.html Trusted Grub]

Embedded Security Subsystem

2005-07-13T21:50:13Z

Shpedoikal: /* Embedded Security System (1.0) */

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | [[Image:ESS.jpg|IBM Embedded Security Subsystem]] __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
=== The Embedded Security Subsystem ===
The Embedded Security Subsystem is nothing but a chip installed on the Thinkpads mainboard that can take care of certain security related tasks conforming to the TCPA standard. It was first introduced among the T23 models and is now under the name Embedded Security Subsystem 2.0 an integral part of most of the modern Thinkpads. The functions of the chip are bound to three main groups:
* public key functions
* trusted boot functions
* initialization and management functions

The purpose of the whole thing is to keep the users sensitive data out of range from software based attacks (like viruses, internet attacks etc.). One way the chip offers to achieve this is by providing storage for keys along with the neccessary functions to handle them within itself, so that a i.e. a private key never has to leave the chip (can't be seen by any piece of software). Besides this there are more complex topics covered by the functionality of the chip. If you want to find out more about it you can find good documents on the [http://www.research.ibm.com/gsal/tcpa/ IBM Research TCPA resources page].</div>
|}

==Trusted or Treacherous?==

TC - Trusted Computing - will be the biggest change of the information landscape since decades. Besides positive features like a more secure hardware storage for cryptographic keys, an analysis of the proposed TCG-standards shows some problematic properties. <br />
As Thinkpads of recent generations following the Thinkpad T23 ([[Embedded Security Subsystem#Models featuring this Technology|see the complete list of models]]) are equipped with this disputed TCG-/TCPA-Technology, it can be interesting, which promises of the TCG are fulfilled inside your ThinkPad and which parts of the TCG-specifications still seem to be a privacy issue for every user of digital devices like a MP3-player or a ThinkPad - so please read [[TCPA/TCG - Trusted or Treacherous|this article]] for more details.

==Linux Support==
Two linux drivers are available, a [[tpm|classical one]] and a [[tpmdd|newer one]].
Coverage of functionality of the first is unknown so far, the second is part of a bigger project aiming to provide a usable security framework.

David Stafford (one of the developers of the tpm code at IBM) on March 10, 2005 sent me the most recent version of the tpm-kml code. With his permission, I quote his email:

"I am attaching our latest driver and library.
This version is in the process of kernel mailing list review, and
will hopefully be accepted into the official kernel. It works
much better across various 2.6 kernels. Note that this builds
three modules tpm, tpm_atmel, and tpm_nsc. You modprobe the
tpm_atmel (for all current shipping atmel based systems), or
tpm_nsc (for the coming national based systems).

Also note that there is a conflict with the snd-intel8x0
kernel module (they each try to grab the LPC bus). You can
either: load the tpm modules first (such as in initrd or
rc.sysinit, before sound), or recompile the snd-intel8x0, turning
off the MIDI and JOYSTICK support. The latest 2.6.11 version
of snd-intel8x0 also reportedly fixes things."

Compiling this library was easy. Compiling the driver on my 2.6.8-686 (debian testing) laptop failed. But the library works with the driver I compiled from the tpm-2.0 package IBM made available on its pages (see the links below).

Gijs

The T43 requires a patch posted to the LKML by Kylene Jo Hall: [http://marc.theaimsgroup.com/?l=linux-kernel&m=111884603309146&w=2 LKML posting]. An updated patch for linux 2.6.12 is available [http://shamrock.dyndns.org/~ln/linux/tpm_2.6.12.diff here].

==Versions & Features==
=== Embedded Security Chip ===
IBM introduced it's TCPA/TCG features with some of the [[:Category:T23|T23]] models. The earlier of them didn't yet have the Embedded Security Subsystem, but a kind of pre 1.0 version called the Embedded Security Chip. This chip had the following capabilities:
*Data communications authentication and encryption
*Storage of encrypted passwords

=== Embedded Security Subsystem (1.0) ===
The original Embedded Security Subsystem (in IBM documents there is no use of the additive version-number 1.0) claims to be compliant with TCG specs, but apparently did not fully implement any specific TCG spec.

The Embedded Security Subsystem has the following features:
*hardware key storage
*multi-factor authentication
*local file encryption
*enhances VPN security

=== Embedded Security System 2.0 ===
The recent TCG-specification is "TCG 1.2" and Embedded Security System 2.0 is supposed to use this newer specification.

The Embedded Security Subsystem 2.0 has the following features:
*hardware key storage
*multi-factor authentication
*local file encryption
*enhances VPN security
*TCG compliant

==Models featuring this Technology==
===IBM Embedded Security Chip===
*ThinkPad {{T23}}
===IBM Embedded Security Subsystem===
*ThinkPad {{A30p}}
*ThinkPad {{R31}}
*ThinkPad {{T23}}, {{T30}}
*ThinkPad {{X22}}, {{X23}}, {{X24}}
===IBM Embedded Security Subsystem 2.0===
*ThinkPad {{R32}}, {{R40}}, {{R50}}, {{R50p}}, {{R51}}, {{R52}}
*ThinkPad {{T40}}, {{T40p}}, {{T41}}, {{T41p}}, {{T42}}, {{T42p}}, {{T43}}, {{T43p}}
*ThinkPad {{X30}}, {{X31}}, {{X32}}, {{X40}}, {{X41}}, {{X41T}}
[[Category:Glossary]]

==TCPA/TCG clean models==
*all models produced before 2000
*all i Series models
*ThinkPad [[:Category:240X|240X]]
*ThinkPad [[:Category:A20m|A20m]], [[:Category:A20p|A20p]], [[:Category:A21e|A21e]], [[:Category:A21m|A21m]], [[:Category:A21p|A21p]], [[:Category:A22e|A22e]], [[:Category:A22m|A22m]], [[:Category:A22p|A22p]], [[:Category:A30|A30]]
*ThinkPad [[:Category:T20|T20]], [[:Category:T21|T21]]
*ThinkPad [[:Category:X20|X20]], [[:Category:X21|X21]], [[:Category:X22|X22]]
*ThinkPad [[:Category:TransNote|TransNote]]

==External Sources==
*[http://www.pc.ibm.com/us/think/thinkvantagetech/security.html IBMs ThinkVantage<sup>TM</sup> Technologies Embedded Security Subsystem page]
*[http://www.pc.ibm.com/presentations/us/thinkvantage/56/index.html?shortcut=ess& IBMs ThinkVantage<sup>TM</sup> Technologies Flash presentation - Embedded Security Subsystem]
*[http://www.research.ibm.com/gsal/tcpa/ IBM Research TCPA resources page]
*[http://www.prosec.rub.de/trusted_grub.html Trusted Grub]

Talk:Embedded Security Subsystem

2005-07-13T21:48:19Z

Shpedoikal: /* ESS page may have errors... */

Q: Good or Bad?

Someone said: This Security Chip is a hardware trojan. True or false?

== hmmm. depends. but the fear is big, that it is trojan... ==

Hello,

I would say it depends, how TCPA/'Fritz'-Chip is used. But the fear of the critics and (cyber) civil rights people are, that the industry wants to control the use of digital media like MP3, DVD, etc. to prevent copying - even if you own it.

There is also a fear, that there are hidden channels in this black box type of hardware, because hidden channels where found in so many black box type of hardware for years now. What is transmitted over these hidden channels?

The recent modifications by the TCG because of the critic and the resulting pressure are a good beginning. We, the consumers and users, have to go an with our demands, with our critic and we have to look carefully, what TCG and the others are doing here.

Why? Because it will affect all of us sooner or later in using our MP3- or DVD-Players or e.g. -Software on our computers etc. And you can think also about your mobile cellular phones, digital cameras and so on. Digital content, digital media is more and more widespread.

And this is where Digital Rights Management (DRM) comes into the game. DRM is feared to be a trade barrier for a free market, a barrier to future historians, etc.

Trusted Computing is not bad by meaning, but it is bad (or 'lousy'?), how the industry is implementing it. They could do better, right?

--[[User:Pitsche|Pitsche]] 12:19, 4 Jul 2005 (CEST)

== ESS page may have errors... ==

Hi, The ESS 1.0 section claims that its based on TCG 1.1 specs, but I cannot find anything to support that. The ESS 2.0 systems I have all have v1.1 TPMs in them, but I don't have an ESS 1.0 system. As far as I know, the ESS 1.0 does not implement any TCG specification.

Also, the ESS 2.0 does not provide a TCG 1.2 TPM. No currently shipping IBM platforms contain 1.2 TPMs. I thought I'd mention this stuff somewhere before just changing the wiki with no discussion.

Thanks
----
Thanks. You could have just changed it and leave a note with pointers to your sources. I also wondered about the fact that IBM says nothing about TCG in ESS 1.0, but i didn't find any more detailed information. Did you? And if so, where?

[[User:Wyrfel|Wyrfel]] 19:59, 12 Jul 2005 (CEST)
----
Yeah, I am seeing less and less on ESS 1.0 on www.ibm.com, which is my source for this stuff. If I come across anything concrete, I'll post it.

TCPA/TCG - Trusted or Treacherous

2005-07-12T17:59:13Z

Shpedoikal: /* Related Links */

{| width="100%"
|style="vertical-align:top;padding-right:20px;white-space:nowrap;" | __TOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">The Members of the Trusted Computing Group (TCG), formerly the Trusted Computing Platform Allience (TCPA), are working on a paradigm shift in information technology, which could become the biggest change of the information landscape since decades.

This article tries to gather information about the implications of the TCPA and TCG effords. To many users these implications seem rather treacherous than trustworthy. This article tries to give a short summarized overview over the facts from a rather netral point of view.

We will start with a quote:

''"It is clear that trusted computing hardware provides security benefits, if software is prepared to take advantage of it. But trusted computing has been received skeptically and remains controversial. Some of the controversy is based on misconceptions, but much of it is appropriate, since trusted computing systems fundamentally alter trust relationships. Legitimate concerns about trusted computing are not limited to one area, such as consumer privacy or copyright issues.'' <br />
''We have at least two serious concerns about trusted computing. First, existing designs are fundamentally flawed because they expose the public to new risks of anti-competitive and anti-consumer behavior. Second, manufacturers of particular "trusted" computers and components may secretly implement them incorrectly."'' <br />
''Source: [http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php Electronic Frontier Foundation]''</div>
|}

==TC - Trusted Computing==
Recently, the number of known security incidents has been dramatically increasing. Thus, security issues in computer industry have been pushed forward. So far, digital content on computers couldn't be efficiently protected since every security mechanism accessible by software could always be circumvent by software.

The idea of Trusted Computing is to provide a hardware layer that cares for
* storage of security related data like keys, certificates and checksums
* encryption and decryption
* validation of certificates
* (Remote) Platform Attestation (''meaning that somebody can check the state of your personal computer over the internet'')
* Sealing (''meaning binding data to a specific platform and application'')

Since this way the hardware can handle security management without any software being able to access the security data (like a Black Box). Moreover, the whole software layer can be 'monitored' by the hardware through the use of checksums. Hence the TCPA layer can recognise changes to the software layer and block the whole system from starting, this way keeping malicious software from running at all.

==A short history of TCPA, TCG, Palladium and NSCB:==
* 1999: The Trusted Computing Platform Alliance (TCPA) is founded by Intel, Microsoft, HP, Compaq and IBM.
* February 2002: The TCPA Main Specification Version 1.1b is being published.
* Early 2003: The name of Microsofts own TC-Projekt "Palladium" is changed to "next-generation secure computing base" (NGSCB).
* April 2003: The Trusted Computing Group (TCG) is founded by AMD, HP, IBM, Intel and Microsoft.
* Summer 2004: Microsoft seems to have stopped their "NGSCB"-effort.

==The TCPA==
Founded 1999 by Compaq, HP, IBM, Intel and Microsoft, the TCPA counts around 200 members by now, among them Adobe, AMD, Fujitsu-Siemens, Gateway, Motorola, Samsung, Toshiba and many others.

==The TCG==
As successor of the TCPA, the TCG was founded by AMD, HP, IBM, Intel and Microsoft in April 2004.

==TCG Hardware Architecture==
The Trusted Platform Module (TPM) (a.k.a. "Fritz"-Chip) is the central element of the TCG architecture. Imagine a hardwired smart card for a abstract picture of this architecture.

The integration of the whole functionality into the CPU is also discussed, which would increase resistance against tampering attacks (see also Intel "LaGrande").

Regarding the hardware security of the "Trusted Platform Modules (TPM)", there were two important critiques:
*The first one has been the insuficient security certification against hardware attacks. In TCG 1.2 this critique has been addressed by an improvement of the hardware requirements. It has to be seen how strong the resistance against sophisticated attacks at intensively daily usage will be.
*The second one addreses the 'black box'-characterisitcs and risk 'hidden channels' in the TCG-Hardware, which can be easily implemented and used to send secret information to third parties.

==TC - Treacherous Computing?==
Generally, there are good arguments that these features can be used to improve the security of computer systems. Trusted Computing offers a lot of features which can be used to protect the personal computer against malicious software and users.

But according to a lot of technical analysis, most researchers have fundamental critics on the main design considerations. The new infrastructure will offer '''only minor protection against worms and viruses''', although TCG is telling something completely different. Furthermore, some of these features can already be established by todays smart card supported systems, so where is the need for TCG 1.1?

''We recognize that hardware enhancements might be one way to improve computer security. But treating computer owners as adversaries is not progress in computer security. '''The interoperability, competition, owner control, and similar problems inherent in the TCG and NCSCB approach are serious enough that we recommend against adoption of these trusted computing technologies until these problems have been addressed. Fortunately, we believe these problems are not insurmountable''', and we look forward to working with the industry to resolve them."'' <br />
Source: [http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php Electronic Frontier Foundation], bold emphasis by [[User:Pitsche|Pitsche]]

There are a lot of drawbacks to this kind of security implementation:
*The concept prevents even the device owner from certain operations.
*Remote Attestation is a good feature to remotely detect tampering of the computer, as long as this 'somebody' is the owner of the platform. But if this Remote Attestation is used by third parties, serious privacy and market domination issues arise.
*There are certainly legitimate reasons for Sealing. But the main use case seems to be consumer-unfriendly new 'business cases' for content dealers which involve locking down content to a single platform, based on connecting content to a specific device without any migration options.

Additionally, the market domination of Microsoft, obscurities regarding the needed trust infrastructure and a heap of patents have lead to critical evaluations from cryptographers, privacy organizations and European institutions. <br />
Because of this pressure the Trusted Computing Group has modifed its proposal. The recent specification is "TCG 1.2".

=== DRM - Digital Rights Management ===
The philosophy behind Remote Platform Attestation and Sealing seems to be a protection of the computer system like a ThinkPad or electronic device like a MP3-Player ''against'' its user and owner.

What will do this to the use of digital media content on computers or other electronic devices? The answer of the IT- and the Entertainment-Industry is "Digital Rights Management" or just shortly "DRM".

''The DRM component takes control over the rest of the user's device which they rightfully own (e.g. MP3-Player'' '''or a ThinkPad)''' ''and restricts how it may act, regardless of the user's wishes (e.g. preventing the user from copying a song). All forms of DRM depend on the device imposing restrictions that cannot be legally disabled or modified by the user. In other words, the user has no choice.'' Bold emphasised by [[User:Pitsche]].

So a new 'name' for DRM came up: '''Digital Restrictions Management''' instead of Digital Rights Management.

Read more at [[Wikipedia:Digital rights management]].

=== Censorship and Avoiding Whistle Blowers ===
The Siamese twin of Digital Restriction Management is censorship. '''The same techniques which avoid copying music songs can be used to limit the access to all kinds of documents'''. The combination of DRM and observation hardware like TCG leads to very dangerous implications.

Giving a real world example, the Chinese government could easily block the use of all documents containing the words "Dalai Lama" on 'trusted' computer systems.

Another application is the fight against whistle blowers. E.g. government documents about the deportation of own citizens to countries with a doubtful law system or about supporting illegal wars could be made readable for government computers only and combined with a expiration date. This might make it very dificult for the society or following generations to disclose these breaches of humanity.

=== Summary ===
There are still a lot of critical questions, even though TCG 1.2 contains many steps into the right direction.

== Thinkpads with and without TCPA/TCG ==

If you want to know, which ThinkPads are equipped with TCPA Technology like IBM Embedded Security Subsystem or IBM Embedded Security Subsystem 2.0 and which of them are TCPA/TCG clean models, please [[Embedded Security Subsystem#Models featuring this Technology|see the complete list of models]] at the article about [[Embedded Security Subsystem]].

== OpenSource Software and TCG ==
TCG has huge implication for the development of free software. Following a possibly expensive evaluation there will be a signature for one program version. Even if the program is licensed under the GPL every change to the code will make the signature invalid. This seems to be a strong violation of the main philosophy of OpenSource software.

Since Microsoft controls an overwhelming part of the OS market, it seems to be rather difficult to evaluate the TCG proposal separated from the Palladium project.

TCG versus GPL: At least two companies are researching on "TCG-enhanced" versions of GNU/Linux. According most security researchers it seems to be necessary to evaluate programs which have access to the 'trusted part'.

== Related Links ==
*[http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html 'Trusted Computing' Frequently Asked Questions] - Anti-TC FAQ by Cambridge University security director and professor [[Ross Anderson]].
*[http://www.againsttcpa.com/ Against-TCPA]
*[http://invisiblog.com/1c801df4aee49232/article/0df117d5d9b32aea8bc23194ecc270ec Interesting Uses of Trusted Computing]
*[http://www.gnu.org/philosophy/can-you-trust.html Can you trust your computer?] essay by the FSF
*[http://www.protectprivacy.org/topic--lang-en.html The civil rights organisation Protect Privacy]
*[http://trousers.sourceforge.net/faq.html The TrouSerS FAQ.]

== Read more at Wikipedia, the free encyclopedia: ==
*[http://en.wikipedia.org/wiki/Trusted_computing Trusted Computing]
*[http://en.wikipedia.org/wiki/Trusted_Computing_Platform_Alliance Trusted Computing Group (formerly known as TCPA)]
*[http://en.wikipedia.org/wiki/Fritz-chip Fritz-Chip]
*[http://en.wikipedia.org/wiki/Palladium_operating_system Palladium]
*[http://en.wikipedia.org/wiki/Category:Cryptography Wikipedia-Category: Cryptography]
*[http://en.wikipedia.org/wiki/Category:Copyright_law Wikipedia-Category: Copyright Law]
*[http://en.wikipedia.org/wiki/Category:Digital_rights_management Wikipedia-Category: Digital Rights Management]


[[Category:Glossary]]

Talk:Embedded Security Subsystem

2005-07-12T17:55:02Z

Shpedoikal: ESS page may have errors...