Should We Be Afraid of TPM Chips?

AcidArrow asks: "I was looking to buy a new laptop and since I wanted to be on the bleeding edge, I thought one with the new core duo chips would be just what I need. Among the features on the laptops I was looking was 'Trusted Platform Module chip for the safety of your data'. Now, I don't know of any real uses for a TPM chip yet, but is this something that should worry me, or keep me from buying a laptop with said 'feature'? I don't intend to use it and I would like to disable it, if possible, but I don't want to make it easier for anyone to track down what I'm doing on my laptop."

People are so afraid....

[hubs99 (318852)]

It seems slashdotters are so afraid of these chips they won't even comment on them.

Re:People are so afraid....

[MarkGriz (520778)]

"It seems slashdotters are so afraid of these chips they won't even comment on them."

Maybe they tried but the TPM chips in their computer blocked them.
I'm glad I don't hav#&DFGsj3lwkj.s9)
NO CARRIER

Stallman's not afraid to speak out

[DrJimbo (594231)]

Take a look at this transcript of a recent speech he made. [fsfeurope.org]

Stallman: Digital Restrictions Management, and Treacherous Computing. Don't use the enemy's propaganda terms, every time you use those terms you are supporting the enemy.

[...]

Stallman: I think Treacherous Computing should be illegal. But I don't know how we're going to convince governments to actually do that because governments mostly are not very democratic anymore. They mostly are the pro-consuls of the mega corporations, their job is to

Uses

[TheRealMindChild (743925)]

TPM in itself isn't bad. It is when it is grossly abused is the concern.

I would imagine if you want to use future version of windows (and/or media player), this chip will be necessary. I can only speculate that it aids in the decryption of copywrited content

Re:Uses

[Anonymous Coward]

How is it NOT bad when your personal computer, to which you entrust essentially all your documents, can hide software and data from you?

It is Big Brother Inside. Invisible, omnipresent, and with an enhanced ability to hide backdoors that will even grab your encrypted communications when they go in the clear inside your PCs.

But, hey, you are probably a law-abiding person and should have nothing to hide.

Re:Uses

[Trelane (16124)]

How is it NOT bad when your personal computer, to which you entrust essentially all your documents, can hide software and data from you?

The chip does nothing of this. The chip itself only encrypts and decrypts. The rest of the nightmare scenario requires a Treacherous Computing operating system and/or application software to do this.

Notably, a TPM has a great many advantages (provided you trust the vendor anyway)--but only when implemented on a trustable OS and application. For instance, you can use it to trusted bootstrap (using a previously signed Linux kernel (basically saying you or someone you trust created the kernel)) to avoid boot-time rootkits, and then once you've loaded a trusted kernel, it will help the kernel to check for trusted (signed) modules. It can also check that the ps you're running isn't trojaned (i.e. installed by someone who didn't have the key).

In short, go TPM, but boot Linux (or BSD, or whatever you can trust). The critical difference between Big Brother and Best Friend is whether you or someone else is doing (or able to do) the signing.

Re:Uses

[Anonymous Coward]

The chip does nothing of this. The chip itself only encrypts and decrypts. The rest of the nightmare scenario requires a Treacherous Computing operating system and/or application software to do this.

Oh bullshit. The Werner Von Braun defence. "I only make the rockets go up. Others decide where they land." As things stand at the moment, Trusted Computing hardware has only one use: to remove the control of the computer from its owner. The EFF [eff.org] has a proposal to mitigate the risks and keep the benefits... an

Re:Uses

[Trelane (16124)]

The Werner Von Braun defence. "I only make the rockets go up. Others decide where they land."

Uhhm, no. It's actually the " Hey! There's a baby in that bathwater! " "defence".

As things stand at the moment, Trusted Computing hardware has only one use: to remove the control of the computer from its owner.

That may well be its intended use. That does not however, mean that there are not other uses for it. Indeed, I have outlined some. Additionally, the simple fact that you have a TPM doesn't immedia

Re:Uses

[Trelane (16124)]

but also the very real (and currently being implemented by Microsoft) threat of massive privacy abuse, survellence and near-total control it allows, instead of just spouting meaningless "It's not evil. It's just hardware" platitudes then, perhaps things will improve.

That's basically what I said, save for the gross misrepresentation, namely "just spouting meaningless 'It's not evil. It's just hardware' platitudes"

Your (apparently) blind hatred for all things TPM seems to have skipped the "currently being

Re:Uses

[Sique (173459)]

There are issues with TPM vs. free software you didn't address. What if the kernel you want to boot doesn't have a signature the TPM module recognizes? If you or some friend or colleague of you modify a kernel, then its signature changes (that's the whole point of signed binaries). So what if you TPM module just refuses to boot from a signature it doesn't know?

What if the device is something like a digital video recorder or a wireless router, which in theory runs under Linux or other GPLed software, and you

Re:Uses

[TheRealMindChild (743925)]

Um... you know... why would you buy a TPM platform if you are going to fight it the whole way? In your case, you would buy a NON-TPM platform.

Re:Uses

[mrchaotica (681592)]

Better buy it quick, then, because very, very soon you won't have a choice.

Re:Uses

[Trelane (16124)]

Much better. Thank you.

There are issues with TPM vs. free software you didn't address.

As you will see, I have addressed them. Let's go:

What if the kernel you want to boot doesn't have a signature the TPM module recognizes?

Then you sign it with your key. If you don't have the key, as I said, don't buy the TPM/laptop.

If you or some friend or colleague of you modify a kernel, then its signature changes (that's the whole point of signed binaries). So what if you TPM module just refuses to boot fro

Re:Uses

[mrchaotica (681592)]

You are back to square 1, this time not fiddling with copyright, but with the TPM module, and no clever licensing gets you out of the trouble.

The GPL v3 would to some extent, by punishing the vendor of the closed hardware by not allowing him to use GPL v3 software at all.

It's just a shame Linus doesn't understand this.

Punching people in the face isn't bad? You sure?

[dusik (239139)]

>> "Saying "TPM in itself isn't bad" is like saying "punching random people in the face isn't, in itself, bad." Sure, there may be some isolated situations where that's true, like when your fist is covered with a fluffy foam glove that gently dispenses cash to whomever it hits. However, in most actual, relevant interpretations of the behavior, it is in itself bad."

Obviously, you need to be introduced to this [alphabetofmanliness.com]. ;)

Customize?

[DarkNemesis618 (908703)]

Is it possible to get a model of said laptop without a TPM chip? It should be. If you go to Dell and buy a laptop, you're for the most part, able to customize nearly everything to suit your needs. Would the TPM chip be any different. I read about them and see no reason for most people to have any use of them. Nothing like shoving new or unwanted technology down everyone's throats.

Re:Customize?

[DaedalusLogic (449896)]

If you go to Dell and buy a laptop, you're for the most part, able to customize nearly everything to suit your needs.


Excellent! I'm off to order an Inspiron with the highly requested "Meat Thermometer" option.

I think that this will eventually end up being a lot like the Pentium III serial number fiasco. There will be some way to shut it off... People do eventually get frustrated and tired of technology that gets in their way. If this stuff is going to keep people from watching their movies at full resoluti

Re:Customize?

[rincebrain (776480)]

Pry it off the board, see if the system boots. :)

Re:Customize?

[Verteiron (224042)]

Maybe someone with some EE knowledge could answer a more serious version of the same question... if the chip is really "disabled", could one install a short from input to output to bypass the chip entirely? Would this work? Would this do something horrible to the board?

Be afraid only if you can't use it ..

[torpor (458)]

.. yourself, personally, for your own uses. If the TPM 'feature' is only something that a mfr, or software vendor, can exploit to protect data, then its something that you definitely don't want to use.

But if there were uses for TPM which directly translated into a user feature - like being able to save .DOC files to your USB stick, encrypted to your own TPM serial, for example - then I would say yeah, its something that can be used.

But frankly, TPM isn't there for you. Its there for software vendors and 'media suppliers' to use in branding content to your machine. Whether thats good or not, is entirely up to whether or not the end user wants less control over where the data can travel .. so far, the only use for it appears to be in keeping MP3 and other Media files, which you did not author, local to your own machine.

I'd be interested to hear cases where TPM-stamps can be used to actually protect user-author'ed data, though. Would be handy for studio-type people .. like, if I could get my Cubase/Protools session files stamped specifically to my machine, and they can't be used anywhere else, under certain circumstances that could be very handy ..

But that sort of protection is just as easily provided by tools like GPG and such, and still would depend on the software vendor exploiting that feature, so .. yeah .. it just goes round and round.

Re:Be afraid only if you can't use it ..

[HaloZero (610207)]

But if there were uses for TPM which directly translated into a user feature - like being able to save .DOC files to your USB stick, encrypted to your own TPM serial, for example - then I would say yeah, its something that can be used.

I can safely say that I do not want this. I use my jumpdrive to keep a backup of three directories; a script automagically copies fresh versions of a particular tree into a branch on my jumpdrive. This is done for portability and backup purposes. If, for example, my .doc and .mpp and *.* files were encrypted with my ThinkPad's TPM serial, then recovery from another machine (lets say that my laptop is stolen, or otherwise destroyed [with fire]) is pointless - there's no way to replicate that serial.

Long story short: TPM serialization == bad for backups.

Re:Be afraid only if you can't use it ..

[fm6 (162816)]

Long story short: TPM serialization == bad for backups.

So basically, you have to decide whether it's more important for you to have your data or for others not to have it.

Laptop thefts have been in news in Silicon Valley lately, because people using them to transport data valuable to identity thieves. That caused the Mercury News to go to the local copies for the details of that crime wave. Laptop thieves mostly troll the main drag [wikipedia.org], looking for rental cars parked near fancy restaurants and hotels. So th

Re:Be afraid only if you can't use it ..

[HaloZero (610207)]

The key portion of my retort which you failed to acknowledge was the qualifying use of the word 'if'. 'If' is a conditional statement which is invoked when a particular requirement is met. The option (my emphasis, your word) is disregarded if the requirement is NOT met (read: TPM is not used in such a manner). The requirement in this case would be - obviously - implementation of such a TPM scheme. The fact that I used the term 'if' indicates that I may or may not have implemented such a scheme, even though

Re:Be afraid only if you can't use it ..

[mrchaotica (681592)]

But that sort of protection is just as easily provided by tools like GPG and such, and still would depend on the software vendor exploiting that feature, so .. yeah .. it just goes round and round.

And that's the bottom line: the only thing that a TPM can do that stuff like GPG can't, is to keep your information secure against you.

Nothing to fear

[dotslash (12419)]

Firstly you can disable the chip from BIOS or driver software

Secondly there are some good uses for it: I use it to store web site passwords, keys and certificates. On my laptop (Thinkpad T43) it is connected to the fingerprint scanner so I can enforce two-factor auth. (finger swipe AND passphrase). I also store the keys for encrypted disk volumes in the TPM (also part of the software IBM/Lenovo offers for the TPM).

No software can access the TPM without my consent, because it requires finger and password.

Re:Nothing to fear

[Jherek Carnelian (831679)]

You might want to do a little research on the efficacy of finger-print identification systems - in short it is pretty much nil. The cheap ones can usually be fooled by simply retrying a bunch of times with the finger at different angles, the more expensive ones can be easily fooled with the equivalent of a jello mold of the valid fingerprint - which can often be lifted directly off the scanner itself via the skin-oil left by the most recent user. So your 2-factor authentication is really more of a 1.1-factor authentication.

Re:Nothing to fear

[Zebra_X (13249)]

I too own a think pad t43. I haven't tried the jello trick, but the swipe is very good at only recognizing my finger print. Unlike other finger printer readers, the think pad version requires a swipe preventing thieves from "lifting" prints from the sensor. The sensor also responds only to live tissue from what i have tried and have read from the manual. The manual also recommends interning mutliple fingers so that in the event of limb loss, there is a backup.

I suspect that IBM's engineering on this front i

Re:Nothing to fear

[Jherek Carnelian (831679)]

They do afer all specialize in some pretty high end hardware such as tamperproof encryption modules. If it were any other manufacturer I'm not sure I'd "buy it".

Heh. I know the guys who do the IBM 4758 and PCIXCC cards [ibm.com] and they aren't involved with the fingerprint scanner on the notebooks.
IBM is a big company.

Although not IBM specific, here's a few links about the falibility of fingerprint scanners, the last one is tragically funny.

http://www.schneier.com/crypto-gram-0205.html#5 [schneier.com]
http://catless.ncl.ac.uk/Ris [ncl.ac.uk]

Re:Nothing to fear

[Zebra_X (13249)]

Sure I know what you are saying, there certainly are bunk systems out there.

However, as far as i know, none of the links that you provided states an attack vector that is possible with the IBM fingerprint sensor.

The t43 fingerprint sensor requires the user to slide their finger over the sensor. An intelligent move by IBM as this elimitates the possibilty of retrieving the figerprint of the last user. Most of the commercial fingerprint scanners don't require the user to move the finger, and all of the sensor

Ms. Turner, meet Mr. Hurt

[fm6 (162816)]

Second, dead fingers don't work. So stealing appendages won't work either as in the case of the fellow driving the nice car in malaysia.

And how does the hardware know a finger is "alive"? Body heat would be my guess. Not that hard to heat something up.

Two questions

[mcc (14761)]

Firstly you can disable the chip from BIOS or driver software

1. Is this even the case with the new Intel macs?

2. If you disable the chip from bios, can the OS re-enable it without your consent?

Re:Two questions

[Richard_at_work (517087)]

90% of OSX Intel relies on having the TPM chip present and active, if you disable it you are going to have a very inoperative OS very quickly - unless you use one of the hacked versions. Personally, my problem is the abuse, not the technology - TPM has some great potential uses, but only the ones certain people have a problem with seem to get column inches on slashdot.

Re:Two questions

[mcc (14761)]

90% of OSX Intel relies on having the TPM chip present and active, if you disable it you are going to have a very inoperative OS very quickly - unless you use one of the hacked versions.

I was thinking along the exact lines of running a hacked version, yes. However, if the OS can override the BIOS settings without user input (say, perhaps there's something the people writing the hacked version missed) and turn the disabled TPM back on, there wouldn't be much benefit from this.

TPM has some great potential use

Re:Two questions

[Richard_at_work (517087)]

TPM has some great potential uses I disagree entirely.

Then I guess you also dont see any good uses for passwords, permission levels, memory management and various such security measures operative in most OS's these days. TPM would be a fantastic hardware assistance in securing your environment further, and would be a boon in this manner in the corporate environment (imagine a server only allowed to run one single service under one userid and nothing else, you wouldnt ever have to worry about overflow

Re:Two questions

[bersl2 (689221)]

But it's precisely the idea that this technology can be so readily abused, and was born seemingly for the very purpose of being so abused, that makes me believe that it must come to a halt now, so that the implications can be further and more widely understood. But that's the very thing most pushing for its adoption seem to want to hide.

If it were under better circumstances, I might agree with you that it's OK for them to procede, and that the advantages outweigh the disadvantages; but that is not the case.

Re:Two questions

[mcc (14761)]

TPM would be a fantastic hardware assistance in securing your environment further

No. TPM doesn't provide any advantages in security over traditional (and now-mature) encryption and operating system permissions technologies. All TPM does is create the opportunity to take all of your security needs and place them behind a single point of failure.

TPM exists to take control of what happens on your computer out of your hands and put it into the hands of hardware and software vendors. Anything else that is claime

Re:Two questions

[Richard_at_work (517087)]

So you dont think a hardware MMU gave any benefits to computing today, because the same function can be done in software? Oh, and theres no way to circumvent software security, right? Get real. TPM is another tool in the box that can be used, sure it isnt the ultimate and it shouldnt be used alone, but dont think we shouldnt use it if its available.

Your assertion that TPM exists solely to remove control from us is also marketing, but from a different quarter. Dont think its any different, its one vie

Re:Two questions

[mcc (14761)]

So you dont think a hardware MMU gave any benefits to computing today

We are not talking about hardware MMUs.

Just about every new laptop

[linguae (763922)]

...seems to have a TPM chip. Thinkpads, MacBook Pros, some Gateway machines, just about every major new laptop manufacturer that I know of has already installed TPM chips in their laptops.

The important thing to remember, though, is that a TPM chip means nothing if you don't use an OS or software that utilizes the chip for nefarious purposes. If you stick to Windows XP, current versions of OS X (they only use the TPM chip to see if it is a genuine Macintosh), or a free OS (like Linux or BSD), then they won't utilize the TPM chip to restrict your moves. However, you might want to check out any upgrades to the proprietary OSes or proprietary software before you upgrade. You might also want to avoid DRM'd media as well and find alternatives before it is too late.

Now, if you really don't want a TPM chip in your machine, just buy the last model of the machine that you want that doesn't have a TPM chip. Apple, for example, still sells their G4 line of PowerBooks and iBooks. You'll have to weigh the advantages/disadvantages; do you want to sacrifice performance over a trusted computing chip that has little control depending on your software choices?

Re:Just about every new laptop

[MarkGriz (520778)]

"Now, if you really don't want a TPM chip in your machine"

Just put your laptop in the microwave, along with your RFID tags.

Re:Just about every new laptop

[slavemowgli (585321)]

Linux at least *does* have support for a number of TPM chips (these reside in drivers/char/tpm [kernel.org] . You don't have to enable the relevant drivers, of course, but chances are your mainstream distribution has done so.

Whether that actually *means* anything is another matter entirely, of course, and as long as you stick to free software, you shouldn't have to worry about anything really (one should hope). But it's not true that Linux doesn't support these things.

No Thanks.

[saden1 (581102)]

No one knows right now? Till, I don't buy things with lots of secrets and a cloud of uncertainty surrounding it.

Afraid? Not really.

[smooth wombat (796938)]

But those damn TPS reports, that's something to be afraid of!

Re:Afraid? Not really.

[rubycodez (864176)]

you're only supposed to be afraid of the cover sheet. didn't you get the memo?

Re:Afraid? Not really.

[smooth wombat (796938)]

Yes, I got the memo. It's right here. I just forgot. It won't happen again.

educate yourself?

[Anonymous Coward]

TPMs are neither good nor evil per default and there is
nothing magic in them, just some well known crypto cast into hardware.

If you want to know what they do or can do,
grab the specs from the TCG homepage and read em,
no one to stop you.

If you want to try them yourself, grab the TPM kernel emulator module,
or use a real chip, Linux ships drivers with every new kernel.
Use the freely available software lib from IBM (called Trousers),
hell, lately even first Java bindings appeared for those who
don't want to get m

be afraid...be very afraid

[Tumbleweed (3706)]

Keep in mind that TPM also stands for "The Phantom Menace," and that is NOT a good thing. (Okay, except for the light sabre battle at the end, which was the best thing in all three prequels.)

TCPA claims rebuttal, from IBM research

[Fry-kun (619632)]

Just found this article, it's an interesting read:
http://www.research.ibm.com/gsal/tcpa/tcpa_rebutta l.pdf [ibm.com]

In short it says, chip does nothing more than encrypt/decrypt data. It can't execute any code and is not made to be resistant to owner attack (e.g. timing cryptanalysis will work on it!). The only key(s) it controls are generated on-chip and never leave the chip [unencrypted]; there's no external "trusted authority" which manages the keys - so remote revokation is out of the question.
Ergo, you have nothing to be afraid of if you're running current version of WindeXP or any version of *nix

Redundant? WTF?

[objekt (232270)]

Stupid, perhaps. Off-topic, sure. But redundant? No way!

Re:I'd stay away from it...

[eclectro (227083)]

for now, my fiance wants Windows so it might be Windows in the future...not sure

Nope, it's not worth it. Stay with Linux, dump the girl.