LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

OLS: Linux and trusted computing

OLS: Linux and trusted computing

Posted Aug 17, 2005 18:33 UTC (Wed) by dmag (subscriber, #17775)
In reply to: OLS: Linux and trusted computing by anonymous21
Parent article: OLS: Linux and trusted computing

> You can still get all of the same benefits from an essentially identical system where you DO know your master key that controls the security on your computer.

No. Any ordinary system must have the keys to decrypt the data on disk. Popping out the hard drive will let you decrypt all the data. TPM allows the data to be encrypted/decrypted without storing the key on disk.

> The Trust chip is [..] designed to be secure against the owner.

Yes and no. See http://trousers.sourceforge.net/faq.html#3.4

> Under Trusted Computing source code often becomes entirely useless.

No. You don't understand how the TPM works. In "Trusted computing", all software (bootloader, OS, etc) must constantly talk to the TPM. The TPM contains *no* code. The TPM makes no decisions, only reports checksums and the like.

All "trusted computing" platforms will boot existing software just fine. You can decide not to run TPM software. You can always take GPL software and re-compile it for your own computer.

> it will also begin to strangle Linux development if there is a move to Trusted Linux.

No. Remember, if you have a "trusted computer", you can still pop in your favorite Linux distro and start hacking. Worst case, you have to pop out the hard drive to reformat. Trusted computing is not designed to prevent that. (If it was, nobody could boot Windows!)

> any attempt to modify and recompile causes most of your system to break

If someone sells a complete "Trusted Linux Kiosk certified by the maker", you won't be able to 'simply' modify it. On the other hand, you will be able to wipe the hard drive and make a Trusted Linux Kiosk certified by you.

> Under such a Trust system much software will only run on a certified and unmodified Trusted Linux,

An application vendor who wishes their software to only run on a TPM machiene will have to weigh the pros and cons of the market. They may find that very few Linux users will want to run in TPM mode, using only certified (read expensive) software.

> varius files will only be readable on a certified and unmodified Trusted Linux,

Again, this requires application support. Don't buy applications that use TPM if you don't want to. And those GPL programs that do use TPM, you can just comment out a few lines and recompile for your system.

> various websites and other network protocals will not work if you do not have a certified and unmodified Trusted Linux.

Here's how that would work: Microsoft releases Windows Trusted 1.0. The website requests a (signed) checksum of all running software on the machiene. The website has a list of all valid checksums (program x running, program y running, program x + program y running). If your checksum isn't on the list, they complain and don't let you in.

But then Microsoft releases Windows Trusted 1.1 and 1.1a hotfix and 2.0 and 3.11 and 6.9... Every website will have to keep up with *all* the valid checksums for all possible combinations of software, or risk ire from their users. Suddenly, it's a full-time job because the list of good checksums will explode combinatorially. And anytime a flaw is discovered, the checksum has to be taken off the list.

Banks would love to use this, but they will find it unworkable. It certifies the computer software, but not the user. And a 'certified' executable with a remote buffer exploit is still a 'certified' program until it's taken off the list. Oops.

Corporations will use this to prevent bad stuff running on their corporate laptops, and to certify that everything is still ok when they dial-in.

Linux will support TPM as an additional (optional) security module. It's about as dangerous as SELinux.

(Log in to post comments)

OLS: Linux and trusted computing

Posted Nov 21, 2007 21:16 UTC (Wed) by toad (guest, #49198) [Link] 

So what you're saying is Trusted Network Connect is harmless because it's impractical. And
then you're saying that corporations will be able to make it work anyway. Contradiction!
Clearly Microsoft will maintain the list of allowed hashes, or get an impartial industry body
to do it for them. If TNC doesn't work then MS has spent many many years on this for no
purpose: they will make it work. How? By only certifying core parts of the system, which
include the anti-malware system, which does the rest. The list of allowed hashes won't be that
big anyway, because they'll require you install the latest security patch within a short
period of its being released - immediately if it's not too intrusive. And then we'll be one
big happy family, with your user-modified linux PC not able to connect to your bank, your
hardware retailers of choice, your webmail provider, and eventually the internet itself. And
of course, China will love it: total control of cyberspace, once and for all! It might even
bring them back to Microsoft, but more likely they'll grow their own.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds