Dartmouth Project Combines Linux With TCPA

SiliconEntity writes "A new project from Dartmouth College demonstrates significant advances in combining Linux with TCPA. The software turns a Linux PC into a 'virtual secure coprocessor', which is able to check that none of its software is compromised and even (in a future version) prove its integrity to a remote system. Full GPL source code is available for the 2.4 kernel. This work is separate from the earlier IBM research which also combined Linux with TCPA, with the new project apparently more complete and with a road map towards a very functional Linux based trusted computing system. This could be an important technology for Linux to challenge Microsoft as it pushes forward with NGSCB (aka Palladium)."

The source code

>Full GPL source code is available for the 2.4 kernel

Please make sure that all the efforts are undertaken to remove any references to the construct 'main()' as it will infringe on SCO copyrights

Re:The source code

main() as it will infringe on SCO copyrights

Luckily no important part of Linux uses that construct. It is mentioned a few times in the documentation and comments, but we can remove that without breaking anything. (Hint: Linux is a kernel, not a program.)

Re:The source code

Does it takes lots of efforts to be that stupid?

$ find linux-2.6.0-test5 -name '*.c' | xargs grep '^int main('
linux-2.6.0-test5/drivers/scsi/aic7xxx/aic asm/aica sm.c:int main(int argc, char *argv[]);
linux-2.6.0-test5/drivers/atm/fore200e_ mkfirm.c:in t main(int argc, char** argv)
linux-2.6.0-test5/arch/i386/boot98/tools/bu ild.c:i nt main(int argc, char ** argv)
linux-2.6.0-test5/arch/i386/boot/tools/buil d.c:int main(int argc, char ** argv)
linux-2.6.0-test5/arch/sparc/boot/piggyback .c:int main(int argc,char **argv)
linux-2.6.0-test5/arch/sparc/boot/btfixup prep.c:in t main(int argc,char **argv)
linux-2.6.0-test5/arch/sparc64/boot/piggy back.c:in t main(int argc,char **argv)
linux-2.6.0-test5/arch/um/kernel/skas/uti l/mk_ptre gs.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/sys-i386/util/m k_thread_ kern.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/sys-i386/util/m k_sc.c:in t main(int argc, char **argv)
linux-2.6.0-test5/arch/um/util/mk_constan ts_kern.c :int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/util/mk_task_ke rn.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/um/main.c:int main(int argc, char **argv, char **envp)
linux-2.6.0-test5/arch/mips/boot/elf2ecof f.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/cris/arch-v10/ker nel/asm-of fsets.c:int main(void)
linux-2.6.0-test5/arch/cris/arch-v10/b oot/tools/bu ild.c:int main(int argc, char ** argv)
linux-2.6.0-test5/arch/m68knommu/kernel/asm -offset s.c:int main(void)
linux-2.6.0-test5/arch/arm26/boot/comp ressed/misc. c:int main()
linux-2.6.0-test5/arch/arm26/kernel/asm-of fsets.c: int main(void)
linux-2.6.0-test5/arch/m68k/kernel/m68 k_defs.c:int main(void)
linux-2.6.0-test5/arch/m68k/tools/amig a/dmesg.c:in t main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/prep/dum my.c:int main(void)
linux-2.6.0-test5/arch/ppc/boot/openfi rmware/dummy .c:int main(void)
linux-2.6.0-test5/arch/ppc/boot/simple /dummy.c:int main(void)
linux-2.6.0-test5/arch/ppc/boot/utils/ addSystemMap .c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc/boot/utils/add RamDisk.c :int main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc/boot/utils/mkb ugboot.c: int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/utils/mk prep.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/utils/mk tree.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc/boot/utils/ad dnote.c:in t main(int ac, char **av)
linux-2.6.0-test5/arch/ppc/boot/utils/mknot e.c:int main(void)
linux-2.6.0-test5/arch/ppc/kernel/find _name.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc64/kernel/asm-o ffsets.c: int main(void)
linux-2.6.0-test5/arch/ppc64/boot/pigg yback.c:int main(int argc, char *argv[])
linux-2.6.0-test5/arch/ppc64/boot/addSys temMap.c:i nt main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc64/boot/addRamD isk.c:int main(int argc, char **argv)
linux-2.6.0-test5/arch/ppc64/boot/mknote. c:int main(void)
linux-2.6.0-test5/arch/arm/kernel/asm- offsets.c:in t main(void)
linux-2.6.0-test5/arch/arm/boot/compre ssed/misc.c: int main()
linux-2.6.0-test5/arch/parisc/kernel/asm-o ffsets.c

Not compatible with eachother ?

From the PDF :
The exact relation between TCPA and the former Palladium is not clear; one suspects that at some point in the TCPA design process, Microsoft decided to withdraw and build their own variant.
This probably means the two technologies will not be compatible with eachother, files created under one will not be able to be opened under the other.

Don't like pdfs? Here's the TCPA paper in HTML

http://216.239.33.104/search?q=cache:nZrXhIU65ocJ: www.cs.dartmouth.edu/~sws/papers/msmw03.pdf:&hl=en &ie=UTF-8 [216.239.33.104]

Oooh! Verifiable integrity and an encrypted FS.

Sounds like just the thing I need. That hacked together script that I currently use to md5sum all my important system binaries + files and verify them against the Known Goods database every 2 minutes is going out the window along with chkrootkit just as soon as I can go over every LOC with an STM and run this fine piece of software. Thanks be to you my fellow linux-users, I have finally found people who wear more layers of foil on their heads than I.

Difference between Palladium and TCPA

The difference between Palladium and TCPA (Trusted Computing Platform Architecture) may be not obvious at the technological level but it is very simple - TCPA aims at integrity of kernel and system components - to assure you that your system can be trusted. It is easy to achieve with open software, because the system must defend itself from attacs from outside. Palladium, on the other hand, uses similar technology to make sure that the user does not do anything else than what is allowed by content owners. In that case software openness is impossible - otherwise you could do some harm to their system - attacking from inside...

So similar architecture from technical point of view - but different aims yield different results.

Re:Difference between Palladium and TCPA

Not true at all. DRM and other user control systems only need to be closed when they are software based, because otherwise people can change the programs to remove the user hostile code.

The difference between Palladium and TCPA is really that while Palladium is a whole system for a building user hostile computers, TCPA is just an enabler.

What TCPA does is sign a hash of the OS that is loaded with an "endorsement key", embedded in the TCPA by the vendor and unaccessible to the user. Thus the TCPA chip is a able to do two things: it can verify to an outside source (that trusts the vendor) that the machine is a running a specific operating system (ie one that supports DRM and thus can be "trusted"), and it can encrypt data from one operating system so that another operating system cannot decrypt it.

TCPA provides everything that is needed at the hardware level to write any user hostile system on top of it, because the successive verification of signatures prevents any tampering with the code (even if the OS is open sourced). Palladium could be implemented with TCPA as it's only hardware aspect.

Thus, the argument that is sometimes seen here that TCPA would prevent the computer from booting Linux or any other operating system is false (incorrect scare tactics against these systems are unfortunate, they do more harm then good). What TCPA will do, is enable sites on the Internet to not allow you to read the data they give out, unless you are running an operating system that is user hostile and DRM friendly (and not in the "this site doesn't support mozilla" fashion, which can always be hacked around, but in a cryptologically safe fashion).

Re:Difference between Palladium and TCPA

Like many things, TCPA is a neutral technology. If the TCPA just sits on the board unused, you'd never know it's there at all. With Palladium, your system will be actively user hostile and RIAA/MPAA/MS friendly.

TCPA in itself won't prevent booting Linux. The fear is that a BIOS could then be written that won't load an OS that isn't signed by Bill Gates. TCPA merely enables that non-functionality. In addition, it is entirely possible to have a CPU come up in crippled mode until it validates the BIOS against the TCPA so that an unsigned BIOS won't run either. That is the fear, a total lock-down.

On the other hand, if the user has the signing key (I say user, since in reality, whoever has the signing key is the owner), TCPA permits (but does not assure) user friendly, outsider hostile strong system security.

The problem is that we are all aware that certain corporations in the U.S. would happily torture all of their customers to death if it was shown that after all of the lawsuits are settled, they make an extra $0.10 over the next 5 years than they would otherwise. They will be more than happy to build a user hostile system and lease it to their customers if they can find a way to kill off the competition.

Even if the lease is called a sale, I maintain that it's in reality a lifetime lease since, as I said, whoever has the signing key is the real owner of the system.

One possible roadblock to that would be to get the above paragraph enshrined in law. Not only would that force vendors to be more honest in their sales of Palladium enabled systems, it would place a nice large tax burden on a corporate holder of the signing key since they would be forced to acknowledge that they actually own all that hardware out there. More likely, it would kill the whole thing since under that law, hardware vendors would have to treat the transaction as a gift to MS and themselves as a lease broker for MS.

Re:Difference between Palladium and TCPA

True .. but tell me:
1) Of what use is a Linux system, if no content can be decrypted on it?

Not much.

2) Will content-providers make content available to versions of Linux which can't be "trusted"?

Undoubtably not. But what format they release the data in is their concern.

It is important to remember that the only political issue here is fighting laws against compulsary DRM and laws against circumventing it where it exists. We should not fall into the whiner trap of trying to claim that we are somehow entitled to "content" in open formats. We are not.

The manner in which we should fight DRM is to explain to be people why they should not accept it. (And we need to start here on Slashdot - look at how many Slashdotters laud iTunes).

3) If you make a "trusted" version of Linux, will it then be modifiable by the user (say, a new kernel-patch)?

It will be modifiable of course, but then you are back to 1).

4) Of what use are Open Source advantages, if you cannot use them?

Not much.

5) Is this a threat to the Open Source development model?

Definitely.

Not the right idea...

We want to fight Palladium by fighting acceptance of the idea that the computer should control the user and how he can access the data on his own machine, NOT by developing something functionally equivalent that happens to run under Linux.

Building a DRM system of our own, even if it is open and standards based, just strengthens the paradigm that will leed to an Internet where no data can be accessed as plaintext, applications that are allowed read data have to be accepted and certified by the media industry, and computers exist no longer to enable, but to control, their users.

Please protest against Palladium, TCPA, and all the other DRM proposals by refusing to have anything to do with them: not by strengthening their hand.

(And before somebody replies that TCPA isn't about DRM: Bullshit! Look up what an "endorsement key" is in the TCPA vocabulary.)

Re:Not the right idea...

Unfortunately, this kind of thing is valuable in some specialised areas. For high security systems, you want to know that only certain approved code can run.

What we care about is the preservation of general-purpose computers controlled by the user. If we aim to ensure that all computers are controlled only by the user, we will fail, and fail badly, because having, say, a firewall that cannot run introduced code is something so useful that we will not be able to prevent it.

I have hope: firstly, the overhead of trying to deploy this over a large office PC system (the main buyer of general-purpose PCs), will be too high for the benefits.

Secondly, the value of a general-purpose computer that will easily run new software is so high even for the ordinary home user that they will not be entirely replaced by DRM-enabled home entertainment consoles.

It is possible (but unlikely) that this infrastructure will eventually reach the **AA goal of preventing copying of their products. I can live with that provided that our ability to write software for our own computers isn't collateral damage.

Re:Not the right idea...

The specialized areas thing just doesn't hold up. I have yet to see a single example of this that couldn't be solved by current hardware. A lot of people talk about company employees: but few employees have root on their computers anyways, so what is the point with the TCPA chip?

I'm at work right now, and since my local workstation is a Sun Ray I don't even have physical access data in ways that the operating system and application will not allow me (since they all run on a server somewhere). Why would TCPA be necessary to control what I did with my employers documents, instead of just software?

Even IBM admits that TCPA chips can be circumvented by hardware hacks (expect modchips to start appearing), so it can not be used to secure valuable information. The only logical purpose for this technology is to use it on home users, where access to mod chips is limited by laws like the DMCA.

It is possible (but unlikely) that this infrastructure will eventually reach the **AA goal of preventing copying of their products. I can live with that provided that our ability to write software for our own computers isn't collateral damage.

It is not the ability to write our own software that we will be sacrificing, it is the ability to use that software to communicate with the world. Once the TCPA infrastructure is there, the temptation to use it will be to strong to resist:

- eBay will be able to lock out all but some verified list of applications from accessing auction data, so that application to raise bids at the last minute can't be used.

- Microsoft recently kicked off other application from their IM system for "security reasons". As it stands now, this can be hacked around, do you think they'll hestitate to use TCPA to make that impossible? You think AOL are any different.

- Websites will be able to lock out browsers that can block pop-up ads, or that allow cookies to be cleared, or that lie about themselves in the User-Agent string.

- Games will be able to lock out modified versions.

- Given the common confusion that TCPA is about "security", how long do think it will be until your bank starts requiring it?

I could go on and on. The acceptance of TCPA spells the end of the open Internet, and the beginning of a closed network, where all but a few applications are locked out.

I know what I'll do. Whatever it comes to, I will not have a part of this, and I will simply refuse to accept having a computer that is hostile toward me. The reason I argue this so vehemently is because I hope it won't be lonely out here...

Re:Not the right idea...

The specialized areas thing just doesn't hold up. I have yet to see a single example of this that couldn't be solved by current hardware. A lot of people talk about company employees: but few employees have root on their computers anyways, so what is the point with the TCPA chip?

I don't have root on my win2k PC right now, but I've got a tomsrtbt floppy in my jacket pocket which works just fine.

Now, if the company was prepared to make the large investment in setting up a full TCPA-style architecture to stop me doing that, it would be prepared to make the much smaller investment in ripping the floppy drive out of my PC. As I say, I don't think the ordinary office desktop is a useful area for this.

I think real uses for this are very rare, just as PCs which are configured by their adminstrators to really lock down what the users can do are currently very rare. But they exist.

I know what I'll do. Whatever it comes to, I will not have a part of this, and I will simply refuse to accept having a computer that is hostile toward me.

Me too. But I think most of the world will be with us, not because they agree with our principles, but because the immediate, practical benefits of being able to run any piece of software on their PC without it being approved by any third party are far too great to sacrifice for the miniscule benefits (in normal circumstances) of "Trusted Computing".

Re:Not the right idea...

a firewall that cannot run introduced code is something so useful that we will not be able to prevent it

This is true but you don't need TPCA to do this. Putting this functionality at the firmware level is sufficient to achieve what you suggest. In fact I would be suprized if it wasn't done already by specialized vendors. There is a difference between not trusting the computer user and the owner. An organisation can have firewalls with secure firmware such that no one can load any old software on to them without the right codes or keys (without pulling the battery on the CMOS, which is good enough, especially if you have a lock on the case). Putting the functionality in hardware is only useful for stopping the owner of the computer from using it anyway they want.

There is no valid security reason for TPCA. All security problems to do with stopping users from doing stuff the owner of the computer doesn't want done can be handled at the firmware and OS level. This sort of hardware solution is only necessary for DRM where even the owner of the computer isn't trusted. TPCA/Palladium is likely enough to spread through the installed base, leveraged by Microsoft's market share, without any help from the free software community. If it succeeds then free software is dead in the long term, so any cooperation with it is akin to attempted suicide.

Re:Not the right idea...

Question: Do you currently protest GPG signatures and encryption algorithms? Where do you draw the line between what *you* want to encrypt/control and what *you* want *others* to encrypt/control? Or do you want to pull an RMS and have no passwords to protect your systems, no security to lock your documents that you created and no rights to control stuff that you created? Shouldn't we let people have the right to handle guns and the right to handle encryption/document rights/system verification in anyway shape or form they please? Whether that be individuals, groups, churches, cults, governments, corporations, criminals, gangs, ACLU, EPA, Green Peace or whoever else!

Everything has an avenue of abuse, but that does not mean scrapping the whole thing because it's got a hole for possible misuse. I mean, look at another case in point: P2P networks. Do we sue the thing out of existence? Or do we fix the violators? What are the definitions of violators?

It's all nice and rosy to flat out and protest something that's "unknown", but the fact is the technology is here and big players are pushing for its existence. Unbelievers in the technology will always be a small ragtag of protestors holding up placards in front of large corporation buildings towering the skies of Redmond, WA.

Don't get me wrong, I hate Windows and I'm a Linux zealot, but I just cannot take your protest position at this time. Sorry.

Since this is Slashdot...

*inserts obligatory SCO commment about 'compromised software'*

Great business plan!

Who will be the first to start selling mod chips for pc computers?

This works out great for the suits

as part of their plan to seize the internet and digital stuff in general, they get to hitch Linux up like a draft horse to do it.

Something that was supposed to set computers free is being used to help lock them down.

Trustworthy computing

I love this bit from the microsoft ngscb pagen [microsoft.com] "Data can be protected with a secure pathway from the keyboard through the computer to the monitor screen, preventing it from being secretly intercepted or spied on" Yeah like this is a major security problem with current day computing. I've always wondered if my information is secure between my keyboard and the monitor :)

Start Song..

Its the end of the world as we know it...

(I could have typed more, but then I would probably owe RIAA 150.000$ per slashdot user who read this)
(all 5 of them since I have a bad karma)

The future is

I cant wait for this to blow up in everyone who supports its face.

They will say now that "its about security" and due to all the recent hype around virii sobig.f,y and u.name.it they will have a lot of cluesless users all around the world - and executives (who are just as clueless - but with "power" and money)) backing them.

One day humanity will look back at the 90s/00s with regret.

The owner of the PC does NOT own the master keys

The long term problem with IBM's model of the TCPA is exactly the same with that of clipper chip encryption [epic.org], the owner of the PC does NOT control the attestation master keys. This leads to the same escrow agent model which is far to open to exploitation by The New American Corporate Soviet [slashdot.org].

Name "BEAR" already taken in crypto

See

http://citeseer.nj.nec.com/anderson96two.html

Get a new name people :-)

I suggest

"BRUNO THE CIRCUS BEAR" which is suitable for the frenzy that surrounds "secure" TCPA style computing...

Tom

I'm sorry but totally avoid TCPA

You cannot copy the keys inside TCPA hardware. I'll explain what this means (if you don't like reading about technicalities, just skip to the final paragraph)

Every time you buy a new PC with TCPA you will not be able to copy the old TCPA keys on your old PC to your new PC. This means you will completely lose access to your videos and your music which you legally purchased and used on your old PC. Effectively you have to buy another set of keys to regain access to your videos and your music collections.

TCPA and other DRM technologies are being pushed by the publishing industry and hardware manufacturers like IBM who want to sell more of their hardware equipped with DRM to make it attractive to commercial content locked-down publications.

TCPA means LOCK-down, LOCK-out, LOCK-up enabler. Avoid getting anything with TCPA.

What about an emulator?

Couldn't this be defeated by running a Pentium-with-palladium emulator. It would implment all the normal instructions (like add, jmp, etc) properly, it would handle the authentication instructions by always saying yes, and it would handle encryption and decryption opcods with noops. For the icing on the cake, it could log all keys sent to it to /var/www/html/keys.txt.

You would start with a freshly formatted harddrive (prefferably non-DRM crippled, but as long as it can run Linux and your emulator, it's fine) and install Linux on it. Then you would install your Pentium emulator with fake DRM support (a bit like Wine). Then you would install your Windows-with-DRM through the emulator. All the DRM software wouldn't know the difference.

Assuming that a DRM system will allow unsigned code to run (and just stop you from modifying/copying signed data), this will allow crackers and rippers to make perfectly functional non-DRM programs and media files that will run on normal (DRM-crippled) systems, and if not, then there will be a HUGE incentive to get uncrippled machines, much like mod chips for game consoles.

How long...

before the signed version fo Sobig appears?

Prove integrity?

...able to check that none of its software is compromised and even (in a future version) prove its integrity to a remote system.

How do you do that? I mean, how do you prove that the system is secure and not just pretending to be secure by doing *almost* all of the things that would be needed to be secure?

I could understand how a system could (eg) verify a signature on a kernel in order to boot it up, but this is a Linux system, therefore:

1. Its open source. You must (by requirements of the GPL) be given everything you need to compile a derivitive work of this. If the kernel is signed, that means the keys must be supplied with the source code, otherwise part of the build environment which isn't normally shipped with the compiler or major components of the operating system isn't included.

2. Has the kernel module loading facility been disabled? If it has, its crippled and worthless. If it hasn't, then you can load a module that pretends to be part of the kernel, accesses the DRM hardware and pretends to the outside world to be a secure environment when, in fact, it isn't.

Ironic? naaah

Anyone else notice the irony of having a Microsoft sponsored advertisement under a article detailing linux & TCPA.

I did before I wrote this, but it was'nt that fun anyway. I think.

TCPA does have good uses

The TPM is a hardware component that implements the security model. It so happens that this exists on a bunch of modern IBM laptops. It is disabled by default.

Background: The TPM contains a number of PCRs. These are (roughly) hashes of bits of code -- the BIOS, the bootloader, the kernel, etc. The TPM also contains a private/public key pair which is generated when you reinitialize the TPM (i.e. the private key is not known to anybody).

The TPM can be used to encrypt a blob of data using the private key. It can also mark the encrypted blob such that it will only decrypt it if (some set of) the PCRs have the *same* value.

What is this good for?

This means that you can tell if your kernel has been modified in a very secure way. If your application is stored encrypted on disk, then you can ask the TPM to decrypt it (probably you just ask it for the key). It will only perform this operation *if* the boot process was the same as when the application was setup.

It means that someone with a boot floppy cannot get to your data (different boot process). You could also arrange to have the data protected from single-user mode.

However, there is a downside -- upgrading the OS becomes really tricky!

Screw this!

So what now?? You have M$ approved Linux??
Under no circumstances will I have anything to do with this Orwellian crap that they are forcing on us.

It's like jumping in a cold lake, at first you're shocked, but after being in it a little while you say, "See, it's not so bad after you get used to it..."

All of this TCPA and DRM and Palladium crap is not about security, it's about KONTROL.
You won't be able to do ANYTHING without permission from someone else.
You'll have to ask for permission to use your computer..

THEY KONTROL YOU

There's a lot of talk

about how TCPA will kill open source. This outcome is very probable. But they can also work fine together. There is a solution, and open source people would do good by pursuing it instead of blindly fighting the inevitable.

TCPA needs an agreed-upon, standard microkernel around which different OSes could be built. A whole bunch of new open source OSes and, yes, new Microsoft OSes. This microkernel would be developed by an independent body and signed by DRM-loving vendors. Because it would be very small, and change very rarely, there should be little problem with it. Yes, end-users won't be able to modify it; that's the price one pays. They won't want to do it very much because the microkernel provides very little functionality.

Hardware vendors would release drivers for their wares that would work with this microkernel. These drivers would be otherwise OS-independent and would include decryptors and decoders needed for playing content. The vendors would get their drivers signed, too. (And open-source OSes will get closed-source drivers for free: a nice bonus!)

The rest of the OS and the entire universe of user apps would need not be trusted at all. They would run in user space and be totally unprivileged.

So I think open-source people should approach TCPA and offer to work together along these lines. There's nothing to lose, and much to gain, so why not at least try it?

And this is desireable, how?

This calls into question the wording of the GPL. Perhaps it needs to explicitly forbid using GPL software to create certain kinds of restrictions.

Monopolies are inherrently evil. This is a step towards creating a new kind of monopoly, and thus should be disabled before it starts.

One needs to question the ethics of anyone who would work on such a project. And one definitely needs to be dubious of any company that would sponsor it. And any purportedly educational system that would foster such research. That something can be done is not sufficient reason to do it. This thing is so wide open to abuse by already powerful and abusive groups that no decent person would have anything to do with it. Except, perhaps, to sabotage it.

All legitimate proposals that I have heard for uses that it could properly serve can be dealt with by other means which are less open to abuse.

Confusing

Wasn't TCPA evil last month ? GPL'ed software that use TCPA. Where is the world going to ?

TCPA

As businesses stake their very existence on the Internet, PCs, PDAs, and other key computing platforms, the trustworthiness of these platforms has become a vital concern.

Why is that? Should I just take their word for it? Is my car being trusted by the interstate when I take it for a spin? Why must we add this layer?

More Information [66.199.135.127]

Re:Sweet

This is innovation. Microsoft, from what I understand is planning a pay-for-it system where trusted means, that someone bought a liscence. IT will be interesting to see how well ms-trusted-apps stand up to a similar test.

Re:Sweet

I think you'll find Linux will have it well before MSFT does... and it'll work... and it won't require special hardware either. And you'll be able to double check the source code instead of having to take it on trust...

Re:Sweet

and it won't require special hardware either

correction... just managed to get into the site... it will require a "Trusted Computing Module" on the motherboard.

Re:Sweet

The TCPA is a comitee and is not something that belongs to Microsoft, although they are part of this comitee. IBM are also working on a TCPA technology. Palladium, or whatever it is called now, is perhaps the most "famous", but definately not the only one.

Re:actual secure coprocessor

That's 'virtually secure coprocessor'.

A coprocessor that's 'actually secure' is something we'd all want but never would get.

OK

As per your request, please bend over and wait for further instructions.

Thank you.

Re:The Amiga connection

[ Disclaimer, I'm one of the primary developers. ]

We were not aware of that project, thanks for the info.