Linux-Libre and Trechearous Computing

Ted Smith teddks at gmail.com
Mon Feb 15 23:55:23 UTC 2010 

On Tue, 2010-02-16 at 00:19 +0100, davide89v wrote:
> "It can't limit what you do [...]. It needs non-free software to do
> that." 
> This is not true
>     http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
>     http://www.eema.org/downloads/security_articles/trusted_computing.pdf
>     http://www.schneier.com/blog/archives/2005/08/trusted_computi.html
>     http://www.schneier.com/crypto-gram-0208.html#1

I didn't open the PDF, but the crypto-gram article and Scheier.com blog
post are talking about a Microsoft system, and the FAQ doesn't mention
anything but non-free software.
>     
> TC can control everything.

>    http://www.trustedcomputinggroup.org/trusted_computing
> 

Do you have any evidence? That link is just a marketing chart - the axes
are "trusted systems" and "solution value". I find it very hard to
believe that a chip on a motherboard that does not have knowledge of
what I am executing could somehow change or alter what I am executing.

> This is not theory but reality 
> 
>     http://www.wired.com/gadgets/mac/commentary/cultofmac/2005/08/68501
>     http://news.cnet.com/2100-1016_3-5819211.html

This article refers to Apple using a TPM to stop OS X from working on
non-Apple machines. This is a red herring: the TPM doesn't "control
everything"; it's queried by the kernel to verify that the machine is
Apple-made. Assuming the firmware/BIOS doesn't use the TPM to verify the
bootloader and kernel (which I doubt, because Apple makes it possible to
compile and install your own Darwin kernel), you could remove OS X from
the Apple machine with a TPM, and... nothing would happen.

>     http://cyberlaw.stanford.edu/blogs/bechtold/archives003235.shtml
> 
This is a much shorter blog post about the same (Apple+TPM) event.

> Also this "[...] TPMs that we know we control." is false because when
> will be available only trusted system? 

Is that meant to say "this ... is false because when TPMS are available,
they will only be available on fully trusted systems."? Because that is
false - there are TPM's everywhere now, and they aren't even pre-loaded
with an unremovable key.
> 
> http://www.trustedcomputinggroup.org/solutions/network_security
> 

This page is about how you can use TPMs in software systems for
authenticating computers on a network. This is a red herring as well,
because the TPM alone isn't doing all of this in binary blog firmware -
software running in user and kernel space on the operating system is
doing it. If you don't run that non-free software, it can't do anything.

The TPM is just like any other peripheral. It can only do what client
code tells it to do.

> It is naive to use the TC for good benefits, because they are born for 
> to violate our security and slowly in silence the hardware and software
> vendors are filling the world of trusted systems
> 
This isn't a good thing, because most people use non-free software that
can abuse the TPM. But with free software, there's nothing to worry
about. 

> [6] http://www.msnbc.msn.com/ID/10441443
>     http://www.chillingeffects.org/weather.cgi?WeatherID=534
These are articles about the same event (the second references the
first): most manufacturers installing TPMs. This was in 2006, and the
world has not ended, nor has GNU/Linux been outlawed.

The bottom line is, a TPM cannot control what the CPU executes. The CPU
can ask it to verify a signature, and it can say "this is a valid
signature" or "this is an invalid signature", but what the CPU does from
there is up to the CPU. If the CPU is running non-free software written
by an unethical person, it could tell the user "sorry, but you can't
install your own OS/copy that floppy/do that dave". If the CPU is
running free software, it can do anything the user tells it to.

Treacherous computing is worth opposing, because non-free software
purveyors can do things like making it impossible (or at least
difficult) to install GNU/Linux and other free software systems in place
of proprietary ones, and it will cause harm to the many millions of
people who do not use free software. But it is not worth removing from
linux-libre, because with free software, we can use the TPM for our own
purposes, because we control the software running on the CPU.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part
Url : http://www.fsfla.org/pipermail/linux-libre/attachments/20100215/34498926/attachment.pgp

More information about the linux-libre mailing list