OLS: Linux and trusted computing
Posted Aug 17, 2005 18:33 UTC (Wed) by dmag
In reply to: OLS: Linux and trusted computing
Parent article: OLS: Linux and trusted computing
> You can still get all of the same benefits from an essentially identical system where you DO know your master key that controls the security on your computer.
No. Any ordinary system must have the keys to decrypt the data on disk. Popping out the hard drive will let you decrypt all the data. TPM allows the data to be encrypted/decrypted without storing the key on disk.
> The Trust chip is [..] designed to be secure against the owner.
Yes and no. See http://trousers.sourceforge.net/faq.html#3.4
> Under Trusted Computing source code often becomes entirely useless.
No. You don't understand how the TPM works. In "Trusted computing", all software (bootloader, OS, etc) must constantly talk to the TPM. The TPM contains *no* code. The TPM makes no decisions, only reports checksums and the like.
All "trusted computing" platforms will boot existing software just fine. You can decide not to run TPM software. You can always take GPL software and re-compile it for your own computer.
> it will also begin to strangle Linux development if there is a move to Trusted Linux.
No. Remember, if you have a "trusted computer", you can still pop in your favorite Linux distro and start hacking. Worst case, you have to pop out the hard drive to reformat. Trusted computing is not designed to prevent that. (If it was, nobody could boot Windows!)
> any attempt to modify and recompile causes most of your system to break
If someone sells a complete "Trusted Linux Kiosk certified by the maker", you won't be able to 'simply' modify it. On the other hand, you will be able to wipe the hard drive and make a Trusted Linux Kiosk certified by you.
> Under such a Trust system much software will only run on a certified and unmodified Trusted Linux,
An application vendor who wishes their software to only run on a TPM machiene will have to weigh the pros and cons of the market. They may find that very few Linux users will want to run in TPM mode, using only certified (read expensive) software.
> varius files will only be readable on a certified and unmodified Trusted Linux,
Again, this requires application support. Don't buy applications that use TPM if you don't want to. And those GPL programs that do use TPM, you can just comment out a few lines and recompile for your system.
> various websites and other network protocals will not work if you do not have a certified and unmodified Trusted Linux.
Here's how that would work: Microsoft releases Windows Trusted 1.0. The website requests a (signed) checksum of all running software on the machiene. The website has a list of all valid checksums (program x running, program y running, program x + program y running). If your checksum isn't on the list, they complain and don't let you in.
But then Microsoft releases Windows Trusted 1.1 and 1.1a hotfix and 2.0 and 3.11 and 6.9... Every website will have to keep up with *all* the valid checksums for all possible combinations of software, or risk ire from their users. Suddenly, it's a full-time job because the list of good checksums will explode combinatorially. And anytime a flaw is discovered, the checksum has to be taken off the list.
Banks would love to use this, but they will find it unworkable. It certifies the computer software, but not the user. And a 'certified' executable with a remote buffer exploit is still a 'certified' program until it's taken off the list. Oops.
Corporations will use this to prevent bad stuff running on their corporate laptops, and to certify that everything is still ok when they dial-in.
Linux will support TPM as an additional (optional) security module. It's about as dangerous as SELinux.
to post comments)