Army to Require Trusted Platform Module in PCs 337
Overtone writes "Federal Computer Week is reporting that the U.S. Army will require hardware-based security via the Trusted Platform Module standard in all new PCs. They are a large enough volume buyer that this might kick start an adoption loop."
call me cynical, but (Score:3, Insightful)
Re:call me cynical, but (Score:4, Informative)
Re:call me cynical, but (Score:2, Informative)
Re:call me cynical, but (Score:2)
Please do not feed the trolls :)
Re:call me cynical, but (Score:3, Funny)
Re:call me cynical, but (Score:2)
Touché.
Re:call me cynical, but (Score:3, Funny)
Re:call me cynical, but (Score:3, Funny)
~~ Touches?! [bash.org]
goddamn lameness filter.
Re:call me cynical, but (Score:2)
My apologies. It was just in jest.
Hooah, Army (Score:2, Funny)
Just recently the US Army website announc
Oooh great... (Score:5, Insightful)
The question still remains whether the user himself can trust the trusted computing platform.
If your government or seller or whatever doesn't trust you, doesn't even try in the least, how the hell are you supposed to trust him? The most logical path would be to fully distrust him. And therefore to distrust and refuse trusted computing platform.
Re:Oooh great... (Score:3, Funny)
Careful, we ARE talking about the Army here. I follow what you're saying, but this circular logic might cause someone in the Army to have an aneurysm from having more than a minimal amount of neurons firing!
(BTW, I have a lot of respect for the Army as
Re:Oooh great... (Score:3, Interesting)
The US army includes a load of good folks (and a much smaller number of bad ones). The soldiers are not the problem, their superiors are.
To be exact, the problem is that one of their superiors got bribed by a criminal company. If someone whose duty is to manage security doesn't recognize snake oil and backholes in TPM even w
Re:Oooh great... (Score:2)
That makes about as much sense as saying: "Mafia killers are fine, the mafia bosses that control them from above are not." In fact it's exactly the same, since US Army enforces the will of US government, just like Mafia killers enforce the will of Mafia leaders.
Ouch (Score:5, Insightful)
You're quite right of course. If the "resistance" in Iraq confined its attacks to America soldiers, they would be freedom fighters. In reality, attacks on American troops are rare. They mostly target other Iraqis who simply aren't the "right" type of Muslim. That barely even qualifies as terrorism; it's more along the lines of a slow, decentralized holocaust.
Imagine if the French resistance in WW2 had schismed into seperate Catholic and Protestant factions, and they'd spent all their time killing each other instead of collecting useful intelligence for the Allies. The people of Yugoslavia put aside enormous cultural difference, ceased all internal violence, and totally unified to form the largest and strongest resistance army that there has even been -- and ousted the Nazis themselves. Tito and company -- probably the best example of freedom fighters since the American war of independence. By way of contrast, consider China during WW2. If the Chinese had cooperated, Japan would have never been able to successfully invade let alone retain control once they were in. Chinese resistance failed because imperialists and Maoists were never able to put their own civil war on hold (although the Maoists apparently tried several times, which part of the reason that the people supported them after the war). It is just mind boggling how far the Iraqi extremists are from being anything other than a plague upon their homeland.
Re:Oooh great... (Score:3, Funny)
Re: (Score:3, Interesting)
Re:Oooh great... (Score:4, Insightful)
Just to keep you from getting confused; you do realize that the US removed the secular bunch from power and replaced them with the theocrats, right?
Re:Oooh great... (Score:2)
Re:Oooh great... (Score:2, Interesting)
Not saying that any of this SHOULD have happened. It just sounds like your reasoning is grounded solely in your dislike for Bush, and that makes a poor basis for a rational argument.
Trusted (Score:5, Insightful)
If I am hanging from a rope over a cliff, I Trust the rope. I "Entrust it with my security" whether or not I find it worthy of that trust.
Re:Trusted (Score:5, Insightful)
Re:Trusted (Score:3, Insightful)
Re:Trusted (Score:3, Interesting)
IIRC (and if army is not completely crazy) army does not plan to use TCP as a way to give RIAA and MPAA control of army PCs.
If that assumption is correct, army will be supplying encryption keys into TCP, not PC manufacturer, not RIAA, not MPAA, not Sony, etc.
It also means, that TCP, as deployed in army, will be able to be "owned" (meaning "0wn3d", controlled, etc.) by the owner of the PC (in this case army), not media cartels.
And that finaly means, that even I or you may be able to found such TCP usefull
Re:Trusted (Score:4, Insightful)
In itself TCP isn't inherently evil, the idea makes sense and appears to be reasonably well concieved. What is feared is a lock-in from proprietary software makers coercing the hardware vendors in not releasing the tools to anyone but them.
There might be a glimmer of hope if the trend continues with actions such as the EU vs. Microsoft anti monopoly suit. This kind of thing, focusing on interoperability could well be used so that FOSS (and through that possibly casual Windows and other commercial users) gets to access all the tools required to fully access the system (i.e. keys, etc.).
Re:Trusted (Score:2)
I don't have a problem with adoption so long as its use is not mandatory. I don't believe I've seen a single proposal which would make the use of this technology in a way that could undermine the end-user mandatory. Sure, it might be used to tighten up existing DRM systems. But I don't use DRM, and have no intention of doing so in the future. So why should this bother me?
Re:Trusted (Score:2)
If IT is in control, ok
If MS is in control, not ok
Same applies for end-user (or his friendly admin) in place of IT.
If some people decide to trust MS/Apple with their security, fine, but I wont.
Re:Trusted (Score:2)
Re:Trusted (Score:5, Informative)
No, that's a common fallacy; in fact, it's an intentionally constructed fallacy. Trusted in this context means that you have evidence to trust that the computer will behave in a specified way, particularly from the point of view of remote access. Normally when you connect to a computer remotely you have no way of knowing what it's doing. It could be essentially running any software at all. But if you connect to a Trusted Computer, it provides cryptographic evidence about its software configuration. Knowing what software it is running gives you grounds to know how it will behave; and to trust that behavior. That is the real meaning of Trusted Computing.
Re:Trusted (Score:3, Interesting)
Re:Trusted (Score:3, Informative)
Actually, Trusted in this context means "the people in control can trust my computer to be secure against me," where "the people in control" refers to those who hold the private key to the TPM. In the case of the general public, this is the Trusted Computing Group (which includes such bastions of personal freedom as Microsoft); in the case of the Army it should be the Army, but I fear it will still be the Trusted Computing Group.
See, that's what's so bad about Trusted Computing: if the owner of the PC had
Re:Trusted (Score:2)
My point was that users like me may someday be using one of these whether I'm happy about it or not. If it comes down to a choice between using a 10-year-old machine and a new one, I may end up using this Trusted stuff. I may not like it, but I'll take it because it's better than trying to get Enemy Territory 4: The Axis Finally Win MLB Tem
Re:Trusted (Score:3, Funny)
You thought it was a crappy old rope that would break instantly, but you realized it was actually a very new rope right after they slipped it around your neck and threw you over.
To bad you didn't get to think much after that...
Car Analogy! (Score:2)
My '85 Buick Elektra (I still miss him) was a Trusted Transportation Platform. It was what I had. I Trusted it to get me from home to college and around town and back. At 280,000 miles, some would think it unworthy of such trust. I Trusted it.
Now, the real fun begins: The pointing-out of the flaws in the analogy. Bring it on!
(Actually, I love car analogies for 2 reasons: they are fun to make up, and fun to shoot down(even when mine is getting sho
Re:Car Analogy! (Score:2)
Re:Car Analogy! (Score:4, Insightful)
Well, I think a correct car analogy for Trusted Computing would be not YOUR car but your DADDY's car. You would trust your daddy to issue you the keys when you needed and your daddy would trust you not to damage the vehicle. Of course, any time there would be any conflict between you two ("dad, I swear to God that this scratch was here before!"), daddy would have the ultimate saying ("swear to anyone you want, kid, but you're gronded").
And you could only trust your dad won't abuse his power. TPM is the same provided that you trust Microsoft, Apple et al love you like your parents.
government vendors (Score:3, Insightful)
If your government or seller or whatever doesn't trust you, doesn't even try in the least, how the hell are you supposed to trust him? The most logical path would be to fully distrust him.
Given how often and severely government suppliers and contractors like Halliburton, Bechtels-Parsons, etc engage in all manner of willful, obvious fraud- anyone in the government that trusts their supplier is most likely benefitting in some way from the fraud. I think the challenge wouldn't be to name all the suppliers
This does not lockout Linux (Score:5, Informative)
Is TCG creating specifications for just one operating system or type of platform?
No. Specifications are operating system agnostic. Several members have Linux-based software stacks available. In addition to our work on the PC platform, we have a specification for Trusted Servers and are working to finalize specifications for other computing devices, including peripherals, mobile devices, storage and infrastructure.
Re:This does not lockout Linux (Score:2, Interesting)
This doesn't answer the question at all.
It all depends on who controls the root certificates that are used by the trusted computing hardware to verify the signatures o
Re:This does not lockout Linux (Score:2)
If the FOSS fraternity are left out in the cold by the certificate authority, this will lead to some almighty class-action type litigation. It would be utterly anti-competitive to lock out a huge potential competitor, and Europe in particular would have a field day with Microsoft. Look at the trouble MS got into merely by locking people to their br
Re:This does not lockout Linux (Score:5, Informative)
I'm sorry, but you don't know how Trusted Computing works. Almost everything you have been told about it is a lie.
There are no root certificates used by TC hardware to verify the signatures of the BIOS and the boot image.
What happens is that the BIOS, OS loader and potentially the OS itself send information to the TPM chip about the hashes of the software that is loading. User software can then, if it chooses, query the TPM chip and get a cryptographically send message telling what these hashes are. The software can use this to report the software configuration that booted.
The root certificates get involved because the TPM crypto key never leaves the chip. The TPM manufacturer has a root certificate which it uses to sign each TPM key. This way people can tell that a message actually comes from a valid TPM and not a fake. It prevents virtualization of TPMs. This is what allows software to report its configuration in a trustable way. It is what gives the system its name, Trusted Computing.
Re:This does not lockout Linux (Score:2)
Unless the root certificate gets stolen.
Not that I would ever advocate such a thing, goodness, no ! It would mean that we, the computer owners, would have complete control over our property - and then Disney might lose potential future profits ! Clearly Disney's intellectual property rights trump our p
Re:This does not lockout Linux (Score:3, Informative)
Since only the windows hash will allow secured files to be open and secured apps to be run.
Microsoft will easily be able to convince the MPAA/RIAA that the only safe hash is the windows one and make the office formats "secured" to the windows hash. Some organisations like debian may not wish or be able to restrict peoples rights to their own machine so there will be no reason for anyone to value their
Might lockout GPL 3 though... (Score:2)
Much like the NVidia drivers though, these stacks might involve a GPL shim and a non-GPL binary that's checked and verified by the TPM. Probably why GPL3 is getting ready real quick.
You try customising the kernel and alter the stack, and your hardware (the TPM) refuses to run it. End of Linux as we know it.
Re:Might lockout GPL 3 though... (Score:2)
No, the main one is TrouSerS [sourceforge.net]. It's fully open source and GPL'd. Contrary to the many lies which have been circulated about it, TC is fully compatible with Linux. In fact, that's where most of the research and development work is at this time. Trusted Grub [sourceforge.net] is another good example. It hashes the Linux kernel and some of the config files into the TPM chip before booting it. This way Linux systems can prove what ker
Re:Might lockout GPL 3 though... (Score:2)
Of course it's not still trusted. It's different. You can't change your password and have it still verify to the same hash either, can you? The hash proves what kernel you loaded, if you load a different kernel, it'll be a different hash. What you can do, if you are in the position to trust or distrust binaries, is just mark the new kernel as trusted. No problem.
Re:Might lockout GPL 3 though... (Score:3, Interesting)
No, there is a problem. In fact, it's a huge problem. The problem is, the users are NOT in the position to trust or distrust binaries!
Because Microsoft et. al. designed the system to be secure against the user, they made it a point to withold the private key so that all signing is done by them, not the user. Considering that the entire point of the GPL is to have the user in contr
Re:Might lockout GPL 3 though... (Score:3, Interesting)
Why isn't the user in the position to trust binaries? In a TPM-supporting Linux stack, the only people in control of the trust or distrust are the administrators of the system. The hardware doesn't block software, the software uses the hardware to authenticate it. The software can then block it based on the rules set up by the administrator.
Re:Might lockout GPL 3 though... (Score:2)
Platform identity can be hidden (Score:3, Interesting)
In principle then, FOSS operating systems should be able to use TPM to enhance the trust that their owners have in them, in contrast to the way in which MS systems will
Re:Platform identity can be hidden (Score:2)
I personally think of this as FUD to some degree, simply because if one does not buy DRMed media, it doesn't affect MS users in any way. People seem to confuse a system supporting something with its mandatory use, which hasn't even been proposed.
Re:Platform identity can be hidden (Score:2)
That's my point. A lot of people seem to be implying that mandatory use is a given, when I'm really not certain that it will ever come around. It doesn't look like a smart business decision for anyone, to me.
Aside: Does "OP" stand for "Old Parent"?
Re:This does not lockout Linux (Score:2)
Re:Correct, but it DOES lock out Free Software! I (Score:3, Interesting)
Yes it's true. After you make changes to the sourcecode of software and re-compile it, it's no longer 'Trusted'.
Whenever I think of Trusted Computing... (Score:3, Funny)
Macs only? (Score:3, Interesting)
Re:Macs only? (Score:5, Informative)
My R51 has one.
Re:Macs only? (Score:2)
Re:Macs only? (Score:2)
My friend's Gateway laptop (17" with Intel Core Duo 1.83GHz) has a TPM chip, but he says that it is nonfunctional.
Re:Macs only? (Score:3, Interesting)
Intel Motherboards (Score:2, Interesting)
Re:Macs only? (Score:2)
TonyMcFadden.net [tonymcfadden.net] has a reasonably up to date list of systems that have TPMs in them, as well as manufacturers of the chips themselves, software suppliers, etc.
As Pitr would say (Score:2, Insightful)
Trusted Computing Great for Corporate/Government (Score:5, Insightful)
Of course, this could also make users feel like they are not trusted, and could even lead to overconfidence in the security of the system. Still I see it as a major plus, at least unless I get saddled with it at home.
Let's make electronic warfare easier.. (Score:2)
In addition, for a sovereign nation it is, of course, a perfectly sensible idea to hand the on/off switch of your entire infrastructure to another nation, potentially giving rise to a whole
Does this pave the way for Apple hardware? (Score:5, Interesting)
Does this decision pave the way for Apple to become a preferred supplier as shortly their entire model lineup will feature TPM modules with a relatively secure operating system?
Re:Does this pave the way for Apple hardware? (Score:2)
What's bad about it? (Score:2)
Re:What's bad about it? (Score:2, Informative)
Other comments from Richard Stallman's Can you trust your computer [gnu.org] and the EFF's [eff.org] paper Trusted Computing: Promise and Risk
Another good summary is this Benjamin Stephen and Lutz Vogel's video Misconceptions [youtube.com]
From Anderson's FAQ:
Re:What's bad about it? (Score:5, Insightful)
That's a total lie. Almost everything in that piece of propaganda masquerading as a FAQ is a lie.
If you want the truth about TC, try Seth Schoen of the EFF. He has a good summary in his recent blog entry [loyalty.org]:
Feature interaction (Score:2)
Anybody care to consider what happens when we get the following:
(1) "Trusted" Computing
(2) "Trusted" Network Connections
(3) A non "net neutral" Internet?
You could well end up with a choice of only two sources of information: the media conglomerate that owns your cable company, local news paper and local network affiliate television station, or the other conglomerate that owns your DSL service, most of the radio sta
Slightly different but... (Score:5, Insightful)
This is a worrying scenario. Apart from the minor issue that external users will not want to pay for the dongles and that the internal customer is seeing his IT bill spiral, Trusted Computing seems to be heading to a Mexican standoff situation as follows:
Device 1: Permit me to inspect your system by downloading and running this program.
Device 2: Only after YOU have allowed me to verify your credentials by uploading and running this program.
Device 1: No, it is I who am deciding whether you are to be trusted!
Device 2: No, it is I who am deciding that!
Device 1: Anyway, my content is digitally signed by Microsoft, and you must trust it.
Device 2: Microsoft? Not a hope in Hell. I require all downloads to be digitally signed by Steve Jobs in person with a DNA signature.
And so on. Quis custodiet ipsos custodes? And how long before an army unit gets wiped out because of a defective dongle?
Re:Slightly different but... (Score:2)
I love the irony. Use a technology probably responsible for more zombiefied machines than any other
Somewhere
Re:Slightly different but... (Score:2, Insightful)
Of course, then this opens up the whole issue of a service getting 0wned and then securely propagating trusted malware.
Re:Dr Who spoiler warning (Score:2)
Dalek: The Daleks do not identify themselves!
Cybermam: You have identified yourselves as the Daleks...
You can almost hear the Dalek thinking "Oh, bugger".
Flawed Logic in summary (Flamebait as usual) (Score:2)
Let's say the US Army buys a million night-vision goggles. Would that mean bird-watchers would throw away their good old binoculars and go in for this one?
The TPM is actually a very sound functional and business requirement in the Army... it provides for centralised surveillance and
What about GPLv3? (Score:2)
It makes sense, but is more danger than good (Score:4, Insightful)
TCP requires you to trust the person/group that made the security for you. You put yourself completely into the hands of the corporation(s) that create your TCP platform, and you are fully dependent on their ability to come up with a good protection scheme. Not to mention that you have to trust them, implicitly, that they do not want to spy on you and that they are better than their adversaries.
With TCP you hand over the responsibility for security. But you also hand over control. And it has the potential to lure you in a false sense of security which invariably leads to slacking. More than once I've seen a behaviour of neglect in a high security area (I've had my share of time in that field), with people relying so heavily on the technical implementations that they forgo the most basic security measures called for by common sense, because "Hell, what DO we have that security concept for, if I can't trust it fully?"
better one innit (Score:4, Insightful)
Re:better one innit (Score:2)
Like this [nsa.gov]?
Against Trusted Computing (Score:2)
Film [lafkon.net]
Advocacy [againsttcpa.com]
About decryption keys (Score:2, Interesting)
it's a great idea (Score:2, Insightful)
Reminds me of the decision made to run modern US warships on Windoze.
Military procurement and ripoff were probably synonymous as of when Sargon the Great's people were buying spears and grain to feed troops. The tradition has continued.
The only question I've got here is how many members of the US Armed Forces are going to get killed by this set of m
just in case... (Score:5, Informative)
What is trusted platform? (Score:3, Insightful)
"Sir, what is a trusted system?"
"A system where we can't trust each other."
A brief silence...
"Then what would it be like in an untrusted system?"
"That we can trsut each other."
A long death silence...
Great idea (Score:3, Funny)
Next Generation Security (Score:3, Informative)
TCG/TCPM stuff, though not completely finished (the DAA mechanism that was introduced in v1.2 is a good example of how the TCG adapted to outside criticisms, and they're starting to work on v1.3) and surely not understood (the word "trust" is a huge factor in that), is having the same effect as PKI a few years back. Except that nowadays times of ignorance and fear (in particular of the big companies behing the TCG) multiply this effect by thousands. "Trust" is more and more acting like the point of concentration of the security problems, its complexity being coupled with new emerging (and very innovative) threats.
First think of the TPM as a chip that provides standard cryptographic functions (RAS SHA-1, HMAC, AES), so instead of doing it in software anyone will be able to use hardware implementations. Furthermore there are facilities for key creation and management. With the special focus on this "security chip" (such chips already existed in various forms), the designers hope to improve drastically the level of security of modern computer science (95% of emails are spam, botnets of millions of computers, hackers make huge money out of their job, ransomware, etc. etc.).
Obviously this TECHNOLOGY (and please always keep this in mind: it's a tool, it is to be used by other applications, most importantly OSs, to improve security; apart from secure boot, that is not compulsory at the moment, there's no obligation to use the TPM even if it's here) is not perfect, it will evolve. It will have to CONVINCE, to get TRUST. As I'm saying to most of my Trusted Computing colleagues, I think that challenges set by the opponents of TCG are actually a means to improve the security of this technology (but beware of popularity-seeking criticisms, not all the criticisms are well-founded).
Read tha FAQ:
https://www.trustedcomputinggroup.org/faq/TPMFAQ/ [trustedcom...ggroup.org]
Not quite as bad, if you know what to do (Score:2)
AFAIK in revision 1.2 it is possible to replace the master-key in the TPM module. This was a major point of criticism of previous revisions. Of course you then lose the "benefits" of the trust-web.
maybe not... (Score:3, Insightful)
Where is Ada now?
eric
Trusted Computing (Score:2)
Who will decide for them what is trustworthy and what is not? Are they going to have a backdoor? I suppose the BSA http://www.bsa.org/ [bsa.org] just got a new enforcer!
Microsoft has already won (Score:5, Insightful)
Here is the thing: TPM's adoption was waiting not on an adoption cycle exactly, but an apathy cycle. TPM was never something that the consumer was supposed to approve of, want, or even really know was there. The adoption of TPM was mostly counting on the consumer not having any idea what they were buying, counting on the blinking 12:00 effect, counting on the idea that most consumers would not even know TPM was in their computer until the first time that they try to do something and the computer says "no".
TPM isn't there for the consumer. It's there to protect the computer from the consumers. It's there to allow software and content vendors to trust your computer, to trust your computer to ensure it will act in their interests and not yours. These vendors are the ones that TPM is being done for the benefit of, not the consumer. This means that in order for TPM to win, it isn't necessary for the consumer to "adopt" it. All that has to happen is for the consumer to fail to actively reject it when it is quietly dropped into the hardware they were going to buy anyway.
And that's already happening. So although the military would legitmately represent an adoption cycle-- the military, of course, has a legitimate and logical need to create networks within which the machinery is trusted and the user is absolutely not-- it doesn't really matter. The military isn't the kind of adoption TPM needs to reach enough critical mass that vendors can begin requiring it in new applications, I don't think-- it's not like military hardware is going to be used to run lots of games and DRMed consumer media, as far as I know. The worrying thing is TPM's level adoption in the consumer segment, since that's where it has potential to do actual harm. And that's already begun, and so far nothing is happening to stop it...
Scenario For TMP Use (Score:2, Insightful)
vital messages back and forth with another unit directing fire around your position. Your laptop doesn't have any
software or files on it that are personal to you. Not your music. Not your games, etc. What is has is a trusted and
fool-proof means of getting and receiving messages that you can trust with your life and the lives of your unit.
Therefore, you trust the info on your Army issued laptop.
Only NSA approved hardware please. (Score:3, Funny)
Sheesh
"The Army" is far from monolithic (Score:3, Insightful)
Re:Two sides (Score:2)
BZZZT wrong... with a Linux based software stack, you should be able to sign your own code and thus ensure only code you've signed and code signed by others YOU trust can be run...
Re:Two sides (Score:5, Informative)
Signing your own code is not what he's talking about. Signed, and encrypted, code downloaded to run on your machine from elsewhere and how it is used is totally at the mercy of what vendors stipulate can be done with it. If they want an effective way of timebombing software because you haven't paid up then they have the framework to do that. If they want to break data protection laws and start communicating usage statistics and other sordid details, encrypted and safe from prying eyes, then they now have a means for doing that. It also means that it is almost certainly going to be nigh on impossible to switch to a competing vendor's products.
Some people seemingly have no idea what the trust in Trusted Computing actually means. What it means is that external people and organisations, particularly software vendors, content companies etc. have a way for them to trust my computer or equipment. Whether I can trust the computer or electronic equipment I own, and what software run on there actually does, is an entirely different matter. It's a fundamental shift in the idea of how computers work that will probably end in anarchy and chaos.
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html [cam.ac.uk]
Re:How can the Army trust the module? (Score:2)
As much as I dislike many Microsoft products, I can't let this go by. The federal procurement system is too complicated for some random purchasing agent to have much influence over major procurement decisions. The reason that the federal government, including the military, buys Microsoft Office, is that they are trying to save money by purcha
Re:How can the Army trust the module? (Score:3, Insightful)
WTF are you smoking? Between the legendary insecurity of Microsoft software and formats, and the fact that the formats are proprietary (meaning they will be expensive to archive and maintain), MS Office is the worst possible thing for the military to use!
Re:How can the Army trust the module? (Score:2)
Think of the Army as an ISP. Whenever a computer tries to connect to their network, they can query the TPM module to verify that the configuration of the machine matches what they allow - Not only that they have allowed it (not sure how their network looks, but think "on the domain" here), but also that someone hasn't snuck in, sat at an authorized-and-logg
Thats a nasty video (Score:2)