DRM Tinkering with Intel's PXA270?

putko asks: "Intel has a new line of chips with DRM built in. This appears to be the very first DRM-enabled chip to hit the streets. This microprocessor is unlike others available, because the user doesn't have complete control over the thing, and your computer can (theoretically) betray you. For a while now, there have been computers (IBM ThinkPad) that won't boot unless you give the password, but you could always rip out the hard drive and read it, right? With this chip, the keys and RAM are on the chip, and the flash is encrypted, so this really looks locked up tight. Has anyone worked with this chip, and is possible to build your own device that uses the Intel Trusted Wireless Platform to protect your secrets (like your software, perhaps)?"

"I'm reminded of this due to Slashdot's recent story on the iPAQ, which uses the chip (and has some neat security features too). Somewhat surprisingly, nobody brought up the Doomsday scenarios, there. It should also be mentioned that there are companies selling incredibly tiny boards for it. Maybe you can run Linux on them?

Wouldn't it suck if the chip had the capabilities and you couldn't use them in your own projects -- e.g. if that was just reserved to big companies like Microsoft? On the other hand, if you can use the features, you might see some neat applications. Assuming you can program the DRM stuff, how do you avoid locking yourself out of the chip while developing? What extra pitfalls may developers run into using it?"

Welcome to hell boys!

[garcia]

I have been writing/ranting on this topic for quite sometime on Slashdot (see here [slashdot.org], here [slashdot.org], and here [slashdot.org]). My worst predictions are coming true. In order for DRM to work it needs to be embedded in the OS, the BIOS, and various pieces of hardware.

Yeah, there is a possibility that non-DRM'd pieces of hardware (including LinuxBIOS) will have a market but the vast majority of people want stuff to work and work w/o problems. Microsoft, Intel, Phoenix, etc, will all tell everyone that they will end viruses, worms, trojans, spyware, etc if they just use their hardware solutions.

Yeah, well, that's great and all but you won't be doing anything on the net unless you are running trusted hardware. People's arguments that an "alternative" network will show up to solve that is bullshit. Just wait till your online banking, your taxes, and your foo are all on the "secure" Internet.

Nevermind that, but it may become illegal (through creative lobby) to own and operate an unlicensed/unprotected piece of hardware. Enjoy finding an ISP that will let you connect.

While this particular CPU might only find a niche market and may very well flop completely, I have a feeling that we will start seeing more and more of this sort of product coming out of the hardware giants. Who knows, maybe my paranoia will be justified?

Take a deep breath and relax...

[wowbagger]

... because this is nothing new.

First of all, this is an *EMBEDDED* processor, not an x86-class CPU. It may be used in PDAs and the like, but it is not going to be running your desktop anytime soon.

Secondly, embedded devices with encrypted onboard flash are nothing new - they've been around for years.

Two words....

[Lodragandraoidh]

Can anyone say 'Clipper Chip'?

Remember what happened to that brilliant idea? This is it in a new guise, this time reborn to lock-in traditional media.

Never fear, either too many objections will be raised to make it viable in the marketplace, or some smart person will figure out how it tics...

Re:Welcome to hell boys!

[iminplaya]

Home users will complain that things don't work correctly.

Home users might find that this will be the first "computer" that does work correctly out of the box. This will be the computer appliance that they're looking for. The "hood will be welded shut", and that will be just fine with most users. Real computers will become the hobbyist's toy, just like short wave radio. Just as we have less people that know morse code, we will have less people that can work a keyboard. It will look like a McDonalds cash register with lots of pretty buttons(or more likely a touch screen), and will probably only connect to shopping sites.

Inaccurate statement about the Thinkpad

[xplosiv]

"For a while now, there have been computers (IBM ThinkPad) that won't boot unless you give the password, but you could always rip out the hard drive and read it, right?"

If the password for the hard drive is set, you won't be able to move the drive to another system or it will look like the drive is dead. If you do know the master password and try it in another system, I believe it will wipe out the drive, it's pretty secure, and the main reason I use ThinkPads.

Boycott Intel - enjoy the performance of AMD!

[Anonymous Coward]

With this there is another big reason to boycott Intel. Other reasons are:

- Most AMD processors give you quite a bit more performance than Intel CPUs

- Intel continues to pollute the environment with chemicals from chip production while AMD has invested alot to reclaim and/or properly dispose chemicals, not just at their Dresden fab, and is focusing on energy efficient processes as well as buildings.

- Intel is in bed with Microsoft whereas AMD is much more neutral and supports open-source projects e.g. development of gcc.

It happens that I am supposed to get quotes and purchase PCs and workstations for several labs at a well known Massachusetts research institution, over 380 machines total. So far AMD looks much better in almost all aspects and Intel's involvement in dubious DRM technologies now helps me to make the final decision. AMD simply rules!

Re:From Intel's White Paper

[Billly Gates]

There are really no other vendors in the cell phone area.

Think about it?

If you were the CEO of some cellular company you could make a fortune if you had money from every single app written for your phone. Worse you could charge your users fees if they ever want to install software and you can make even more money!

Why do you think the Xbox is drm locked and encrypted? Its so Microsoft can make more money at the expense of the market.

RMS may be a little off the wall with proprietary software taking away freedoms but proprietary hardware is the real threat.

We should put our efforts to fight this.

Just the other day here on slashdot there was a story on DRM being added to dvd standards. Why? Broadcast flags are now requried for the FCC by June. Its insane and our whole openess and ingeuinity of the internet itself is in danger.

We have to do something in orde to protect ourselves. Perhaps a NRA for computer hobbiests might be in order. We have no lobbiests on our side.

Re:Your own trusted platform wtf??

[Anonymous Coward]

Actually, I was wondering the same thing. For now, let's totally forget whether it is legal to reverse engineer this product or not (DMCA, future acts of Congress, blah blah blah). Theoretically, what equipment and expertise would be necessary to do so? What attacks is this susceptible to (software, hardware, or physical)?

Are the encrypted contents unique to each chip or line or pretty much the same? iow, beat one, beat them all; or beat one, you're screwed since you just destroyed the one chip the contents pertained to reverse engineering it?

Would an AFM (atomic force microscope) or similar technique (shearing variant of AFM), several chips, and very carefully lapping or some sort of careful acid eroding (to get to that layer) do? I perused the pdf article (now a book I think) by "Bunny" Huang re his reverse engineering the Xbox. Would like to know what would seriously be possible.

Like this DRM less AMD chip!

[Red Herring]

AMD Alchemy(TM) Au1200(TM) Processor
http://www.amd.com/us-en/ConnectivitySolutions/Pro ductInformation/0,,50_2330_6625_12409%5E12410,00.h tml?redir=PCAU04 [amd.com]

Oh, wait...
Built-in decryption hardware for digital rights management (DRM)

Does that mean you won't buy AMD chips either???

Re:How to cook a toad

[Angst Badger]

You throw the toad straight into the pot of boiling water and it will jump straight out, but put it in a pot of cold water and slowly increase the heat, and the toad will be boiled to death.

This is off-topic nitpicking, but real toads will jump out of the pot as soon as they get too warm. This is pretty much true of all amphibians and reptiles. Lacking the ability to thermoregulate internally, cold-blooded animals instinctually move toward and away from heat sources as necessary. When, for example, a lizard is too cold, it will move into the sun to bask. When it starts to get too warm, it will move back into the shadows.

It's warm-blooded animals that are susceptible to this trick because they lack the necessary instincts. If you want to cook a human for example, you put him into a hot tub and slowly crank up the temperature. Long before you reach the boiling point or even any discomfort, he will pass from heat exhaustion to hyperthermia, and finally into unconsciousness, seizures, and organ failure. Read the warnings in a hot tub owner's manual sometime, or ask your friendly neighborhood paramedic how often failure to RTFM requires them to fish dead guys out of their hot tubs.

So really, all this "how to boil a frog" nonsense really out to be "how to boil an end user". ;)

Some Clarifications

[ewhac]

First, this is not an x86 processor they're talking about (though it's quite natural to assume that, given we're talking about Intel). This is one of Intel's X-Scale embedded processors, which is an ARM variant.

Second, the "security" features on the chip were not specified by Intel, they were specified by the ARM consortium. ARM merely establishes the uniform copy protection standard. A vendor may include it in their ARM offerings at their option.

These processors are targeted for use in "smart" phones. The copy protection features were demanded by the cell phone carriers, which in turn were demanded by their "content" partners who are looking to sell -- or worse, rent -- you copy-protected ringtones, UI skins, music clips, and movie previews for usurious sums.

Personally, I'd stick with the "stupid" phones for the time being and avoid all this childish rubbish.

Schwab

Re:How to cook a toad - WRONG!!!

[asdfghjklqwertyuiop]

This has been said before - the primary goal is to get the board part count down.

How about leaving out the DRM circutry? That sounds like a pretty effective and easy way to get the part count down.

What you need...

[Nom du Keyboard]

What you need is an open environment that looks just like this chip to the software, but has hooks into it you can use to pry open that hood again. I have to believe that the only way to stop this emulation would be through legislation, or Intel filing defensive patents against the way Macrovision does to try and protect they video protection garbage<- <- <- <- <- <- <- <- systems.

RTFA perhaps?

[Tragek]

It actually says on the product page; supported OSes: Windows and Linux 2.6.7