Difference between revisions of "Talk:Embedded Security Subsystem"

From ThinkWiki
Jump to: navigation, search
(ESS page may have errors...)
 
(11 intermediate revisions by 8 users not shown)
Line 29: Line 29:
 
Thanks
 
Thanks
 
----
 
----
;-) Thanks. You could have just changed it and leave a note with pointers to your sources. I also wondered about the fact that IBM says nothing about TCG in ESS 1.0, but i didn't find any more detailed information. Did you? And if so, where?
+
Thanks. You could have just changed it and leave a note with pointers to your sources. I also wondered about the fact that IBM says nothing about TCG in ESS 1.0, but i didn't find any more detailed information. Did you? And if so, where?
  
 
[[User:Wyrfel|Wyrfel]] 19:59, 12 Jul 2005 (CEST)
 
[[User:Wyrfel|Wyrfel]] 19:59, 12 Jul 2005 (CEST)
 
----
 
----
 +
Yeah, I am seeing less and less on ESS 1.0 on www.ibm.com, which is my source for this stuff. If I come across anything concrete, I'll post it.
 +
 +
== X60, X60s and T60 with TCG 1.2-compliant Atmel chip ==
 +
 +
Lenovo's "Personal Systems Reference" on Thinkpad Notebooks version 301, January 2006 states that Thinkpads X60, X60 and T60 are equipped with a "Trusted Platform Module / Atmel chip / TCG 1.2-compliant".
 +
 +
Could this be the Atmel AT97SC3203?
 +
Can anyone confirm this?
 +
 +
What about linux support for this chip?
 +
 +
Update: In the same document I found "LPC bus (PC87382 Super I/O, Atmel® 97SC3203)" in the architecture section.
 +
----
 +
I believe that TCG 1.2 includes an API for software communication with the chips, so the drivers should be chip independent. Not sure, though.
 +
 +
[[User:Wyrfel|Wyrfel]] 12:34, 19 January 2006 (CET)
 +
----
 +
 +
== TPM removal??? ==
 +
 +
So, according to the photo in the article, the TPM chip is on a removable daughter card.  With the chip removed, will the PC still operate as a normal (non TPM-enabled) PC?
 +
 +
Answer: Yes, it is true the TPM chip is 97SC3203. But the TP won't work w/o it. It will give the security chip tamper error. Anyway, the chip internal ROM can be read in the same way as the PC8394T-VJG ROM.
 +
 +
----
 +
 +
The ROM you're reading from the PC8394T-VJG *is* the ROM of the TPM included inside the C8394T-VJG, AFAIK :-)
 +
 +
And if you have a PC8394T-VJG, you don't have a removable 97SC3203 or anything like that.
 +
 +
--[[User:Hmh|hmh]] 00:49, 6 March 2008 (CET)
 +
 +
== But what's its use ? ==
 +
 +
Despite all the info, it is still unclear what this system is good for.
 +
What is the typical scenario for using it? How does it compare to just plain encryption of you HD?
 +
 +
Thanks.
 +
there is quite a good audio segment about TPM on grc.com. you will have to find it for your self.
 +
 +
I am not an expert, but have some knowledge. as I understand it definite benefits include:
 +
 +
1) it has a TRUE random number generator. this is useful for the generation of encryption keys. e.g. online banking or buying thing with your credit card online (uses SSL technology).
 +
 +
2) when using SSL (eg, when shopping online) the encryption keys are store inside the TPM itself rather than on your hard drive. this makes them harder to extract either manually of by a trojan
 +
 +
== endless display of "checking status of the security system" message on startup ==
 +
 +
many thinksters will have seen this message more times than they care to remember.
 +
 +
I have yet to find a way to get around this problem other than a full system restore from backup.
 +
 +
in my experience it is usually caused by a incompatible software firewall (or update) and occasionally antivirus software.
 +
 +
sometimes you can wait for it to time out & ask for your logon password (20mins or so). but usually it just goes on endlessly.
 +
 +
 +
Can anyone offer an alternative to full system restore to get around this problem, or a have link that has a SOLUTION to this problem (however bizarre)?
 +
 +
 +
I am tempted to see how well the rubber coating makes my T42 bounce :-)

Latest revision as of 09:37, 30 October 2008

Q: Good or Bad?

Someone said: This Security Chip is a hardware trojan. True or false?

hmmm. depends. but the fear is big, that it is trojan...

Hello,

I would say it depends, how TCPA/'Fritz'-Chip is used. But the fear of the critics and (cyber) civil rights people are, that the industry wants to control the use of digital media like MP3, DVD, etc. to prevent copying - even if you own it.

There is also a fear, that there are hidden channels in this black box type of hardware, because hidden channels where found in so many black box type of hardware for years now. What is transmitted over these hidden channels?

The recent modifications by the TCG because of the critic and the resulting pressure are a good beginning. We, the consumers and users, have to go an with our demands, with our critic and we have to look carefully, what TCG and the others are doing here.

Why? Because it will affect all of us sooner or later in using our MP3- or DVD-Players or e.g. -Software on our computers etc. And you can think also about your mobile cellular phones, digital cameras and so on. Digital content, digital media is more and more widespread.

And this is where Digital Rights Management (DRM) comes into the game. DRM is feared to be a trade barrier for a free market, a barrier to future historians, etc.

Trusted Computing is not bad by meaning, but it is bad (or 'lousy'?), how the industry is implementing it. They could do better, right?

--Pitsche 12:19, 4 Jul 2005 (CEST)

ESS page may have errors...

Hi, The ESS 1.0 section claims that its based on TCG 1.1 specs, but I cannot find anything to support that. The ESS 2.0 systems I have all have v1.1 TPMs in them, but I don't have an ESS 1.0 system. As far as I know, the ESS 1.0 does not implement any TCG specification.

Also, the ESS 2.0 does not provide a TCG 1.2 TPM. No currently shipping IBM platforms contain 1.2 TPMs. I thought I'd mention this stuff somewhere before just changing the wiki with no discussion.

Thanks


Thanks. You could have just changed it and leave a note with pointers to your sources. I also wondered about the fact that IBM says nothing about TCG in ESS 1.0, but i didn't find any more detailed information. Did you? And if so, where?

Wyrfel 19:59, 12 Jul 2005 (CEST)


Yeah, I am seeing less and less on ESS 1.0 on www.ibm.com, which is my source for this stuff. If I come across anything concrete, I'll post it.

X60, X60s and T60 with TCG 1.2-compliant Atmel chip

Lenovo's "Personal Systems Reference" on Thinkpad Notebooks version 301, January 2006 states that Thinkpads X60, X60 and T60 are equipped with a "Trusted Platform Module / Atmel chip / TCG 1.2-compliant".

Could this be the Atmel AT97SC3203? Can anyone confirm this?

What about linux support for this chip?

Update: In the same document I found "LPC bus (PC87382 Super I/O, Atmel® 97SC3203)" in the architecture section.


I believe that TCG 1.2 includes an API for software communication with the chips, so the drivers should be chip independent. Not sure, though.

Wyrfel 12:34, 19 January 2006 (CET)


TPM removal???

So, according to the photo in the article, the TPM chip is on a removable daughter card. With the chip removed, will the PC still operate as a normal (non TPM-enabled) PC?

Answer: Yes, it is true the TPM chip is 97SC3203. But the TP won't work w/o it. It will give the security chip tamper error. Anyway, the chip internal ROM can be read in the same way as the PC8394T-VJG ROM.


The ROM you're reading from the PC8394T-VJG *is* the ROM of the TPM included inside the C8394T-VJG, AFAIK :-)

And if you have a PC8394T-VJG, you don't have a removable 97SC3203 or anything like that.

--hmh 00:49, 6 March 2008 (CET)

But what's its use ?

Despite all the info, it is still unclear what this system is good for. What is the typical scenario for using it? How does it compare to just plain encryption of you HD?

Thanks.

there is quite a good audio segment about TPM on grc.com. you will have to find it for your self.

I am not an expert, but have some knowledge. as I understand it definite benefits include:

1) it has a TRUE random number generator. this is useful for the generation of encryption keys. e.g. online banking or buying thing with your credit card online (uses SSL technology).

2) when using SSL (eg, when shopping online) the encryption keys are store inside the TPM itself rather than on your hard drive. this makes them harder to extract either manually of by a trojan

endless display of "checking status of the security system" message on startup

many thinksters will have seen this message more times than they care to remember.

I have yet to find a way to get around this problem other than a full system restore from backup.

in my experience it is usually caused by a incompatible software firewall (or update) and occasionally antivirus software.

sometimes you can wait for it to time out & ask for your logon password (20mins or so). but usually it just goes on endlessly.


Can anyone offer an alternative to full system restore to get around this problem, or a have link that has a SOLUTION to this problem (however bizarre)?


I am tempted to see how well the rubber coating makes my T42 bounce :-)