DRM Tinkering with Intel's PXA270?

putko asks: "Intel has a new line of chips with DRM built in. This appears to be the very first DRM-enabled chip to hit the streets. This microprocessor is unlike others available, because the user doesn't have complete control over the thing, and your computer can (theoretically) betray you. For a while now, there have been computers (IBM ThinkPad) that won't boot unless you give the password, but you could always rip out the hard drive and read it, right? With this chip, the keys and RAM are on the chip, and the flash is encrypted, so this really looks locked up tight. Has anyone worked with this chip, and is possible to build your own device that uses the Intel Trusted Wireless Platform to protect your secrets (like your software, perhaps)?"

"I'm reminded of this due to Slashdot's recent story on the iPAQ, which uses the chip (and has some neat security features too). Somewhat surprisingly, nobody brought up the Doomsday scenarios, there. It should also be mentioned that there are companies selling incredibly tiny boards for it. Maybe you can run Linux on them?

Wouldn't it suck if the chip had the capabilities and you couldn't use them in your own projects -- e.g. if that was just reserved to big companies like Microsoft? On the other hand, if you can use the features, you might see some neat applications. Assuming you can program the DRM stuff, how do you avoid locking yourself out of the chip while developing? What extra pitfalls may developers run into using it?"

What happened to.....

[Cycline3]

Whatever happened to being able to do whatever you wanted to with the computer you bought? If it's locked up for the media companies - the media companies need to provide them for free - cause I WILL NEVER buy something like this.

Re:Bad Intel... Bad... Bad...

[zalbag]

I'm sure AMD isn't going to be too far behind with this.

Re:Welcome to hell boys!

[peragrin]

Do you really tink IBM will let the PowerPC chips fail because of Intel phoenix and Microsoft working together?

Do you think AMD will roll over and die?.

Sorry but this stuff will only be for corporate users. Home users will complain that things don't work correctly. Becuase MSFT has never made a large profit on a project that wasn't OS or Office.

It's the only reason why I am not overly scared. That and if you can't load other OS's without paying Large fees. the antitrust trials will come back and quickly. We might even get a real judge too.

The customer is always right?

[yorkpaddy]

Intel just doesn't get it. Someone at intel must have heavily invested in AMD.

Re:What happened to.....

[iminplaya]

Unfortunately, one billion other people WILL buy something like this. Put the right spin on it, and they'll demand that you buy one too. Let's hope the hardware hackers and hobbyists(?) are working on alternatives and uh..workarounds.

Re:Bad Intel... Bad... Bad...

[__aaclcg7560]

If that the case, I'll find another "free" CPU to use or leave the country.

Seriously, it's bad enough when Windows XP locks you out for adding a memory module and you have to re-install the entire computer. I don't want my CPU locking me out if my roommate checks his email on the web browser and plays a bootleg MP3 file that someone sent him. If you own the hardware, it should be yours entirely.

Re:Bad Intel... Bad... Bad...

[astrokid]

I'm not so sure about that as they are part of the group that is fighting for TC.

source [cam.ac.uk]
1. What is TC - this `trusted computing' business? The Trusted Computing Group (TCG) is an alliance of Microsoft, Intel, IBM, HP and AMD which promotes a standard for a `more secure' PC.

How to cook a toad

[Sanity]

You throw the toad straight into the pot of boiling water and it will jump straight out, but put it in a pot of cold water and slowly increase the heat, and the toad will be boiled to death.

We should be wary of *any* move towards turning computers from our servants into our prison guards.

When pigs win the X Prize

[mikebelrose]

I wouldn't get too worked up, it's just another exercise in futility from the DRM people. You think they'd have learned by now that any programmable computer is inherently hackable. Any DRM can be removed or forged, the system would have no way to tell the difference between my home movies and a pirated copy of Pirates of Silicon Valley. Just as an example, what is to stop me from running an emulator or virtual machine, and then playing my DRM free media on such a system? How would it know it was running untrusted code if all it saw was javaw.exe?

cell phones too

[Billly Gates]

How many reading this want to make a bet that their phone is drm crippled? If its a really nice one my guess is 90% that everything is encrypted and locked.

After all why should the cell phone companies give up their monopoly as being the gatekeeper to all software including pim's and games?

Re:How date you?!

[Anonymous Coward]

Being a capitalist isn't a licence to do anything you want.

Capitalism will die eventually, as it gives to much power to the corporation, who are destroying the very systems that keep them and us alive.

My prediction

[mrjatsun]

Microsoft requires all PC sold with Windows XYZ to use a Trusted Boot ROM. The Trusted Boot ROM verifies the Windows license is valid before booting. Whoops, you mean your PC won't boot Linux because it doesn't have a valid Windows license. What a unforseen side effect!

Disagreement

[dsginter]

I disagree with the assessment that "all DRM is bad". While it can and most certainly cause a lot of hell for many people, it can be used for A Good Thing.

Here is my vision (discussed previously [slashdot.org]):

Someone takes a chip like this and builds a set top box. This box plugs into a broadband connection. It contains unbreakable DRM. The box is provided to consumers at no cost and does not cost them anything if they do not use it. The box checks for content on the internet. It finds popular content and downloads it. This content is available to the end user for a nominal fee (say, $0.12 per hour).

Since Big Media does not want to relinquish their stranglehold, they do not participate at first. But the little, independent producers from all over the world come up with very creative content and many end users purchase it. The popularity of the little guys starts displacing Big Media. So Big Media starts participating. Because people no longer need a cable or satellite provider, they discontinue service.

Because Big Media is now competing with potentially millions of other talented independent studios, the cream rises to the top. Big Media is no longer as big. The little guys are no longer as small. The Evil Cable and Satellite Monopolies are no more.

It sounds like a good story to me.

Doesn't DRM by definition

[teamhasnoi]

mean YOU can't program it? That wouldn't make sense to those who want hackers to keep their grubby hands off the low level hardware. Or the software makers who'd like to move to a subscription service. Or the **IAs who would like to charge you every time you watch a movie, or listen to a song. (Not to mention all these companies wanting to prevent you from recording, writing, coding, releasing and distributing your own 'content'. Most Important.)

DRM - big brother's kid sister.

DRM: Digital RESTRICTIONS Management

[MCRocker]

I was amused to see that in a recent interview with Richard M. Stallman [kerneltrap.org] he referred to DRM as Digital RESTRICTIONS Management.

Although I'm not a big fan of spin, the current political climate makes renaming things with misleading names a necessity. When you say "Digital RESTRICTIONS Management", it makes it fairly clear that it's a technology aimed at limiting personal liberties.

P.S. Yes, I know this is a repost, but...

Re:Welcome to hell boys!

[ArgumentBoy]

I notice that the original ./ paragraph refers to this as "DRM-enabled." We have no chance to win the argument if the press and public accept this phrase. We need better terminology. "DRM lockout"? "Industry Access Control"? "Manufacturer Data Censor"? Something that makes our point.

From the "Ten Immutable Laws of Security"

[Jeremiah Cornelius]

Scott Culp, from the Microsoft Security Response Center wrote them in October 2000... The first three really jump out in the context of La Grande and NGSCB:

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore

Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore

Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore

You see, "bad guy" is a value judgement - there is no moral lodestone that classifies intentions here.

More to the point - These statements are JUST AS TRUE if you substitute the words "good guy".

Or "Microsoft", or "Sun Microsystems", or "The Department of the Interior", or "your mommy"...

This technology is an enabler for an elite who see themselves as the "good guy", and are doing all of this for what is believed to be our protection.

You can't win this - in the long run, anymore than you will be able vote on paper in the U.S. Say goodbye to your clever toys.

Re:Welcome to hell boys!

[M. Baranczak]

Home users might find that this will be the first "computer" that does work correctly out of the box.

No, we've had those for a number of years now. [apple.com]

Re:Welcome to hell boys!

[Anonymous Coward]

So.

Do you think IBM, after having spent all their time and money picking up Linux, will just dump it for trusted computing?

If anything, they'll make sure Linux is trusted just as much as Microsoft software.

Re:Welcome to hell boys!

[Alsee]

we just need to take a TC and set it up as a router and connect our real computer to it

However with Trusted computing:
(1) you cannot connect to the ISP at all unless you are running the mandated and unaltered software. That would include a firewall that restricts what data you can send. If they like that software can prevent your computer from accepting any local network connection, except from another Trusted computer. Any data sent to the ISP and out to the internet must go through that firewall and must be encrypted.

(2) Even if you do manage to pass the data through, your non-Trusted computer will be entirely locked out of an increasing number of ordinary websites. One of the biggest drivers of this will be the advertizing motivation - my encrypting the website and only being viewable on a Trusted machine and with an approved Trusted webbrowser, it becomes impossible to run any sort of pop-up blockers or ad blockers. Any attempt to block the advertizements renders the website unviewable. They can also make it impossible to copy images or text or anything else from the site. They can block "deep linking". They can prevent other sites from "leeching" their images and other files. They can enforce any sorts of terms of service they like.

the idea that it will only run programs allowed to be run ... It will once again fail.

That's a myth/misunderstanding, and it is absolutely not a reason for it to fail.

Their plan is quite insidious. Their number one priority is that there is absolutely no reason not to have a Trusted computer. A Trusted computer can do absolutely anything a non-Trusted computer can do. A Trusted computer can run absolutely any software a non-Trusted computer can run.

Software does not need to be "approved" for it to run.

A computer with a Trust chip is like a coputer with speakers. You can simply pretend the speakers / Trust chip aren't there, and it's exactly the same as a speakerless / non-Trusted machine.

So long as you don't activate the speakers / Trust chip, you have a plain old computer. However the moment you activate the Trust chip you go into a special "handcuff-mode" and you no longer own your computer.

So why would you ever go into "handcuff-mode"? Because the new Trusted software and Trusted media files and Trusted websites (and eventually Trusted ISPs) will only work in handcuff-mode. They will not work at all on a normal computer. So you have three choices. (1) Stick with an old computer, and none of the new stuff works and you eventually get locked out of the internet completely. (2) Get a new Trusted computer, but refuse to activate the Trust chip, and none of the new stuff works and you eventually get locked out of the internet completely. (2) Get a new Trusted computer, activate the Trust chip and "volountarily" wear the handcuffs and lose ownership of your computer, and all of the new stuff works (in handcuff mode).

-

Re:From the "Ten Immutable Laws of Security"

[Wesley Felter]

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore

This is not correct if your OS supports confinement. It's a bad sign when the first item in the list is wrong.

Re:Welcome to hell boys!

[LnxAddct]

So essentially your saying death to the indie programmer. The Mac is successful mainly because of the huge number of dedicated and skillful indie programmers for it. As long as the mac doesn't go this way I'll be fine. I've never owned a Mac in my life but if Intel and Microsoft start telling me what to run... well did we ever need them in the first place?
Regards,
Steve

Re:Fourth choice

[Kent Recal]

But I don't see consumers deciding that this is necessary in the reasonable term.

The consumers are not deciding anything on that matter. TC is being implemented in hardware right now and if that goes on at the current pace you will, in a few years. have a hard time buying a new PC without builtin TC chip.

The consumers will be conditioned to use it by the usual FUD strategies.
"Secure" onlineshopping/onlinebanking will suddenly no longer mean "SSL required" but "TC crypto required". Internet Explorer will threaten the user with appropiate warning messages ("Oh, this website is only using SSL, you really should look for a more secure shopping site") and, just as today, it will all seem normal to the uneducated user. The masses will follow because they don't know any better.

We can all only hope that these efforts fail miserably or I foresee a big stinkin' mess 10yrs down the road...

Hopefully enough people and the mainstream media realize in time what they are attempting to do but I fear Microsoft's money will silence too many otherwise critical journalists.