DRM Tinkering with Intel's PXA270?

putko asks: "Intel has a new line of chips with DRM built in. This appears to be the very first DRM-enabled chip to hit the streets. This microprocessor is unlike others available, because the user doesn't have complete control over the thing, and your computer can (theoretically) betray you. For a while now, there have been computers (IBM ThinkPad) that won't boot unless you give the password, but you could always rip out the hard drive and read it, right? With this chip, the keys and RAM are on the chip, and the flash is encrypted, so this really looks locked up tight. Has anyone worked with this chip, and is possible to build your own device that uses the Intel Trusted Wireless Platform to protect your secrets (like your software, perhaps)?"

"I'm reminded of this due to Slashdot's recent story on the iPAQ, which uses the chip (and has some neat security features too). Somewhat surprisingly, nobody brought up the Doomsday scenarios, there. It should also be mentioned that there are companies selling incredibly tiny boards for it. Maybe you can run Linux on them?

Wouldn't it suck if the chip had the capabilities and you couldn't use them in your own projects -- e.g. if that was just reserved to big companies like Microsoft? On the other hand, if you can use the features, you might see some neat applications. Assuming you can program the DRM stuff, how do you avoid locking yourself out of the chip while developing? What extra pitfalls may developers run into using it?"

If you don't approve...

[Anonymous Coward]

...don't buy it. If you feel your personal liberties being threatened vote with your wallet and just stop bitching about it.

Re:Welcome to hell boys!

[Beltendu]

Thing is, it's already showing up. I've seen the PXA270 as the processor in a number of PDAs already, including ones I was showing some interest in. And yet there's NO mention of any special DRM functionality in the processor in the advertising or even during the process of purchasing one (examples include Dell's new x50 and x30 series, and a number of HP's iPAQs). I haven't seen mention of DRM functionality in any reviews yet either, which makes this the first I've heard of it.

Good to know, though. Time to go look into it a little closer and see if anyone plans on putting out a PDA with a VGA screen and a different processor. Today, AFAIK, the only VGA capable models all use the PXA270.

From Intel's White Paper

[acvh]

Trusted Boot ROM - will ensure that the OS being booted is the one that the manufacturer installed. No more installing NetBSD on your pocketsized wireless gizmo.

Media DRM - files can be created to work only with the OS, ROM and disk in the unit, and only for a specifed length of time.

The features seem to be directed at wireless carriers and content providers, to prevent unauthorized use of their networks and content. So, if you don't like it, use other vendors.

Re:Welcome to hell boys!

[el_gordo101]

Do you really tink IBM will let the PowerPC chips fail because of Intel phoenix and Microsoft working together? Do you think AMD will roll over and die?.

IBM and AMD are also part of the whole Trusted Computing "initiative". From TFA: http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html [cam.ac.uk]

Re:Welcome to hell boys!

[Anonymous Coward]

Zaurus. Or Toshiba e805. Discontinued, but still available on ebay an such.

You couldn't rip out the hd and read it!

[Anonymous Coward]

You can activate hardware encryption of the hd's in the bios of a Thinkpad.
You can rip out the hd, yes, and you can read data, yes, but I don't think you will find the data very usefull since everything is encrypted.

Re:Disagreement

[Wesley Felter]

Akimbo already sells this, although it's not as cheap as you'd like. (Can you serve ~1GB of data for 24 cents? What about transaction costs?)

Just another instruction set feature

[ALecs]

The company I work for has been working on a PXA270 board for a while now. I seriously doubt this chip will flop, since it's a MUCH NEEDED speed boost to Intel's ARM CPU line for embedded/handheld devices.

Besides that, it's a great chip! 600+ MHz, low power like their previous PXA CPUs and plenty of features.

This DRM feature is just another optional feature for designers to use. Right now, I don't see any real reason most designers would use such a feature set. They have no incentive to just lock-down a system willy-nilly. It won't generate any new sales.

And yes, we are running Linux on this chip. :)

Re:How to cook a toad - WRONG!!!

[The Pi-Guy]

I'm a developer for these chips, and I have to say, this is much ado about nothing.

This has been said before - the primary goal is to get the board part count down.

The primary goal is to get the board part count down.

Let me reiterate once more: The primary goal is to get the board part count down.

With this chip, the only thing that it means is that you don't need o include a flash chip on the board.

The system will still be reflashable through a JTAG interface - just as any other device with flash connected to a CPU would be. In that respect, this machine is no more holding us "hostage" than any other previously released iPAQ or Zaurus.

I thereby declare you, sir, to be talking out of your ass.

Re:Welcome to hell boys!

[networkBoy]

Yes they are. Also a point to note, the blurb says:
For a while now, there have been computers (IBM ThinkPad) that won't boot unless you give the password, but you could always rip out the hard drive and read it, right?
It is quite wrong.
The drive stores the password on a protected portion of the platters, so ripping out the drive will not allow you to read it. You will, however, be able to boot the notebook again.
-nB

Re:Two words....

[Alsee]

Never fear, either too many objections will be raised to make it viable in the marketplace, or some smart person will figure out how it tics

The surest way to lose a battle is to underestimate the enemy and not fight until it's already too late.

I *pray* the mainstream news will pick up on this story and that there will be a massive public backlash against Trusted Computing, because if there isn't then we've already lost. Their scheme is incredibly insidious, and they actualy harness natural market forces to drive universal adoption of the system.

It's Microsoft's old Embrace and Extend (and Exterminate) tactic. And we've already seen how deadly-effective the tactic is.

(1) Embrace. They ensured that there is absolutely no reason not to get a Trusted computer. The Trusted computer can do everything your old computer can do, can run absolutely any software your old computer can run.
(2) Extend. The Trusted computer has a new "handcuff" mode. The new software and new media files and new websites will only work in handcuff mode. They will not work at all on an old computer.

If you have an old computer the old stuff works, but the new stuff doesn't work at all.

If you get a new Trusted computer, ALL THE OLD STUFF STILL WORKS. But you also gain the ability to use the new stuff. Yes, you're stuck wearing a pair of handcuffs while you use the new stuff, but at least it works.

You'll go to McDonalds and get a McHappy Meal for your kids, and it will come with a free Titteny Spears music CD, or it will come with a free Spongehead Squarepants videogame, and it will only work on a Trusted Enhanced computer. And the kids will whine we need a new compyooooter! It works over at Johnny's house on his compyooooter! How come we get stuck with this old peice of junk? We need a new compyooooter! And people will run out and buy a new Trusted Enhanced computer just to get the bloody free McHappy Meal CD to work.

And then the fun part comes when your family, your friends, or better yet even you boss sends you a Trusted Secure Email. Yes, Microsoft has already announced their intent to make Trusted Secure Email. And if you don't have a Trusted Enhanced machine, then you can't read the Email at all. And what are you going to do, explain to your mother... or your boss... that the problem is that they sent you a Trusted encrypted file and it's their fault you can't read it? No, THEY are going to blame YOU. It will be YOUR FAULT for having an old obsolete machine. YOU are the one who will have to go buy a new compatible (Trusted) machine to fix the problem.

Microsoft's Embrace and Extend tactic is evil and insidious that way - they wind up hijacking the innocent and oblivious people around you into making your life miserable if you don't "upgrade" to a "compatible system". It's the people who do not submit who are made to suffer. For those who do submit, things simply work, no problems.

-

IBM Thinkpad harddrive password

[Anonymous Coward]

Correction for the lead here -- If you enable the IBM thinkpad's hard disk password (not the BIOS, or supervisor passwords), the disk cannot be accessed by simply placing it in another machine.