Jump to content

TPM is NOT gone


semthex
 Share

25 posts in this topic

Recommended Posts

I just posted some news on my blog, Amit Singh is wrong in his latest articles:

 

On 30th October, Amit Singh published an article about TPM on Mac would be gone with newer versions of Mac. As cmfy1s reported me all INTEL Core 2 Duo got a TPM chip included with the Cpu. This means all Mac, even newer models still got a TPM chip! So they have not moved away from TPM, they just use another chip implementation. [..]

 

read more about it: http://semthex.freeflux.net/blog/

 

Now feel free to debate it :hysterical:

Link to comment
Share on other sites

I am not really clear atm which CPU and why and however since INTEL used to change the name for TPM about 2 times (maybe to cover it?). A lot of sources say it's included some don't list it ... realyl strange things going on.

Link to comment
Share on other sites

Which is precisely why I will never buy a Core 2 Duo. Ever.

 

I can buy Core Duos, but I will not tolerate a TPM on my motherboard. If I can't find a modern and future-proof laptop without a TPM, I'll just buy a TPM model and destroy the chip.

 

TPMs in theory are supposed to be able to be turned off, but I can't imaging doing so outside of the BIOS setup. Sony has provided no documentation as to how I am supposed to enter the BIOS setup of my VAIO (they didn't even provide a manual; just a "Getting Started" guide!) and I don't want to open the laptop up to look for the chip because that would most likely void my warranty, and I plan on selling this cruddy thing.

Link to comment
Share on other sites

semthex: did you try email Amit Singh and see what he says? btw, the spelling mistakes in your blog article is not helping with your credibility...

 

English isn't his first language, as far as I know, so take it easy. Also, learn grammar yourself before criticizing someone else.

Link to comment
Share on other sites

I must say that I am confused by Amit Singh's statement on this TPM issue here:

 

Executive Summary

- Regardless of what the media has been harping on for a long time, and regardless of what system attackers have been saying about the "evil TPM protection" Apple uses, Apple is doing no TPM-related evil thing. In fact, Apple is doing no TPM-related cryptographic thing at all in Mac OS X. Yes, I know, there has been much talk of "TPM keys" and such, but there are no TPM keys that Apple is hiding somewhere.

- More specifically, Apple simply does not use the TPM hardware. In Apple computer models that do contain a TPM, the hardware is available for use by the machine's owner. Of course, to use it you need a device driver, which Apple indeed doesn't provide.

 

http://www.osxbook.com/book/bonus/chapter1...ECUTIVE_SUMMARY

 

Gee, that does not sound like the OS X, I know. WTF?

 

Furthermore, like Semthex (and DiaboliK) is suggesting, I am much more inclined to believe that the TPM chip has removed but that TPM functionality has been integrated into some other device (perhaps the firmware hub or chipset).

 

This is because it is well known the that TPM is integral part of Intel's La Grande DRM technology:

 

http://www.extremetech.com/article2/0,1697,1274153,00.asp

http://www.intel.com/technology/security/

Link to comment
Share on other sites

yeah but i dont see what people has against tpm, they think its evil, on my intel board i can turn it on or off. i personally think its great. encrypting your data on your hdd with your tpm key. TPM's arent little bots which send ino back to apple or microsoft, read the spec and you will see that.

Link to comment
Share on other sites

It's not so much the hardware itself as it is the potential for the hardware to be abused by the industry. I have very little faith in the industry's ability to ignore the temptations of the new technology for "evil" purposes. Search a couple of old CNET News.com articles on DRM or related matters and you'll find that secretive technological measures (from the point of view of the average user, anyway) have been used in the past.

 

At least, I think that's where I found those articles. It's been a while since I came across them. In any case, I do know that Wikipedia's Trusted Computing article also provides some terrible scenarios if the power were to be abused. Notice another possible implementation of Trusted Computing: "tackling" online game cheating. This rarely has anything to do with security and is just a nuisance at worst in most cases. In fact, what the chip may consider cheating may be considered a friendly mod testing by all those that are playing.

Link to comment
Share on other sites

English isn't his first language, as far as I know, so take it easy. Also, learn grammar yourself before criticizing someone else.

It isn't my first language neither, sorry if I came off like a jerk, no harm meant. I meant it as something constructive, you know that people will take you more seriously if your writing aren't riddled with spelling errors, and part of the reason people would take Singh's writing more seriously than a blog post.

Link to comment
Share on other sites

yeah, but ur grammer isnt great either (neither is mine when i write in forums) anyways. Im mixed up, a friend from apple says no tpm, then intel says yes, then amit says no, then others say yes. Like :S

Link to comment
Share on other sites

Any DRM in any kind of representation is evil. Now DRM intend for protection of media content, but sooner or later vendors will be solve instead of us, what kind software we can install (signed or unsigned) and so on. But we have a beautiful thing - virtualization. For example with AMD Pacifica we can intercept any hardware instruction, which has been called be SW (cpuid instruction too), I think it may helps with future kernel development.

Link to comment
Share on other sites

That and the content industry has been fearing the slightest drop in profits ever since the early days of the Internet, so much so that they are apparently willing to alienate their own customers just to secure the money going into the pokets of CEOs were it supposedly belongs.

Link to comment
Share on other sites

Sony has provided no documentation as to how I am supposed to enter the BIOS setup of my VAIO (they didn't even provide a manual; just a "Getting Started" guide!) and I don't want to open the laptop up to look for the chip because that would most likely void my warranty, and I plan on selling this cruddy thing.

 

 

On most Sony VAIO systems you need to hold down F2 and keep it held down while you press the power button to start the machine. Release F2 when the machine says "entering setup". The machine will boot into the BIOS screen, but Sony use a cut-down Phoenix BIOS without a lot of the options you're used to seeing on DIY motherboards.

Link to comment
Share on other sites

yeah but i dont see what people has against tpm, they think its evil, on my intel board i can turn it on or off. i personally think its great. encrypting your data on your hdd with your tpm key. TPM's arent little bots which send ino back to apple or microsoft, read the spec and you will see that.

Yeah, using the TPM to accelrate a cryptographic loopback was on my list of things to do, and if it turns out it is no longer there (probing for it showed it wasnt) then I will be a bit miffed.

 

It's not so much the hardware itself as it is the potential for the hardware to be abused by the industry. I have very little faith in the industry's ability to ignore the temptations of the new technology for "evil" purposes. Search a couple of old CNET News.com articles on DRM or related matters and you'll find that secretive technological measures (from the point of view of the average user, anyway) have been used in the past.

This is why it is always a wise investment to learn some skills that counter that :)

 

 

Any DRM in any kind of representation is evil. Now DRM intend for protection of media content, but sooner or later vendors will be solve instead of us, what kind software we can install (signed or unsigned) and so on. But we have a beautiful thing - virtualization. For example with AMD Pacifica we can intercept any hardware instruction, which has been called be SW (cpuid instruction too), I think it may helps with future kernel development.

Whoa. TPM != DRM.

Link to comment
Share on other sites

Ok I have a question...

 

Lets start with some assumptions:

 

1) TPM functionality for encrypted binaries requires a 'secret key' - apple's endorsement key

 

2) TPM functionality now resides within the processor of, for example, the Mac Pro.

 

So how come CNet and Ars Technica have been able to replace the dual core xeons in the Mac Pro with quad core chips? If the key was embedded within the TPM, (which was inside the processor), how can the machine know the secret key when it boots with the new processors?

 

Unless of course the TPM is now within the mobo chipset, not the CPU...

Link to comment
Share on other sites

Ok I have a question...

 

I think we all have a question, what exactly is going on with TPM

 

2) TPM functionality now resides within the processor..

 

 

So how come CNet and Ars Technica have been able to replace the dual core xeons in the Mac Pro with quad core chips? If the key was embedded within the TPM, (which was inside the processor), how can the machine know the secret key when it boots with the new processors?

 

Unless of course the TPM is now within the mobo chipset, not the CPU...

 

Ya, so here is yet another good reason why it is unlikely TPM has been moved to the processor. It would cause a serious problem for Intel to sell upgrade chips. It short this means there is "no way" TPM is on the CPU.

 

I think part of the confusion here is that new C2D chips have Trusted Execution Technology (TET), which is marketing name for "LaGrande", built-in: http://www.channelregister.co.uk/2006/10/1...re2duo_roadmap/

 

So people might be taking that to mean the TPM functionailty of LaGrande is on the CPU too. But even the The Register makes it clear that chipset support for LaGrande is required.

Link to comment
Share on other sites

 Share

×
×
  • Create New...