TPM

From OSx86
(Difference between revisions)
Jump to: navigation, search
(Trusted Platform Module 101)
 
(25 intermediate revisions by 16 users not shown)
Line 5: Line 5:
 
'''What is the TPM?'''
 
'''What is the TPM?'''
  
The Trusted Computing Group (TCG) is an alliance of Microsoft, Intel, IBM, HP and AMD which promotes a standard for a ‘more secure’ (i.e. under their control) PC. Their definition of security is controversial; machines built according to their specification will be more trustworthy from the point of view of software vendors and the content industry, but will be less trustworthy from the point of view of their owners. In effect, the TCG specification will transfer the ultimate control of your PC from you to whoever wrote the software it happens to be running. (Yes, even more so than at present.) For another opinion, read IBM's [http://www.research.ibm.com/gsal/tcpa/tcpa_rebuttal.pdf TCPA Misinformation Rebuttal].
+
The Trusted Computing Group (TCG) is an alliance of Microsoft, Intel, IBM, HP and AMD which promotes a standard for a "more secure" (i.e. under their control) PC. Their definition of security is controversial; machines built according to their specification will be more trustworthy from the point of view of software vendors and the content industry, but will be less trustworthy from the point of view of their owners. In effect, the TCG specification will transfer the ultimate control of your PC from you to whoever wrote the software it happens to be running. (Yes, even more so than at present.) For another opinion, read IBM's [http://www.research.ibm.com/gsal/tcpa/tcpa_rebuttal.pdf TCPA Misinformation Rebuttal].
  
The TCG project is known by a number of names. `Trusted computing' was the original one, and is still used by IBM, while Microsoft calls it `trustworthy computing' and the Free Software Foundation calls it `treacherous computing'. Other names you may see include TCPA (TCG's name before it incorporated), Palladium (the old Microsoft name for the version due to ship in 2006) and NGSCB (the new Microsoft name). Intel has just started calling it `safer computing'. Many observers believe that this confusion is deliberate - the promoters want to deflect attention from what TC actually does. '''Discuss TPM in our [http://www.osx86project.org/forum/index.php?showforum=2 Forum]'''
+
The TCG project is known by a number of names. `Trusted computing' was the original one, and is still used by IBM, while Microsoft calls it `trustworthy computing' and the Free Software Foundation calls it `treacherous computing'. Other names you may see include TCPA (TCG's name before it incorporated), Palladium (the old Microsoft name for the version due to ship in 2006) and NGSCB (the new Microsoft name). Intel has just started calling it `safer computing'. Many observers believe that this confusion is deliberate - the promoters want to deflect attention from what TC actually does. '''Discuss TPM in our [http://www.osx86project.org/forum/index.php?showforum=2 Forum]'''       <DEAD LINK
  
 
While most users do not do their own programming, for many hackers who built the industry and old time programmers, this is the latest wave of &quot;bite the hand that fed you&quot; restrictions on programming one's own machine.  For this group, the logical endpoint of being pushed off their own machines, which can only be centrally programmed,  is problematic.
 
While most users do not do their own programming, for many hackers who built the industry and old time programmers, this is the latest wave of &quot;bite the hand that fed you&quot; restrictions on programming one's own machine.  For this group, the logical endpoint of being pushed off their own machines, which can only be centrally programmed,  is problematic.
 +
 +
'''A More Technical Summary of TPM'''
 +
 +
The TPM is essentially a cryptography engine (a small dedicated computer designed to do cryptographic calculations efficiently) along with a dedicated on-chip storage system that comes in two parts: open store and "write-only" store. This is essentially the same as the electronics in a crypto-smartcard (although different implementations).
 +
 +
The only significant functions a TPM chip can do are hashing of a block of data, encryption/decryption of a block of data using a PKI keypair, signing a block of data using a PKI keypair and secure storage of a PKI keypair. Contrary to some views (such as the one presented earlier in this article), the TPM is not a DRM system in and of itself nor does it 'lock down your computer', although it CAN be used to do this with software (which can be in the BIOS).
 +
 +
But first, a little discussion of PKI keys. PKI (aka Public Key Infrastructure) is an encryption system that uses two keys: a public and private key. In normal encryption systems, the 'key' is a password or PIN of some kind. The same key is used to encrypt AND decrypt, so once someone knows your key, the encryption is defeated. With PKI however, the two keys are complementary. If you encrypt something with the public key - ONLY the private key can decrypt it, and only the public key can decrypt something encrypted with the private key. There is no known way to derive a public key from the private key or vice versa.
 +
 +
What this means is that if I create a key pair (a public and matching private key), I can keep the private key totally to myself (ie: private) and use it to encrypt files - then give you the public key to decrypt them without compromising my private key. Why is this useful? Because ONLY the matching public key can decrypt the file. So if my public key decrypts a file - you know, absolutely, that I encrypted it. Also, if you use MY public key to encrypt a file, you can post it publically because you know only I can decrypt it with my private key.
 +
 +
What makes the TPM interesting is the "write-only" store. This may seem like an odd idea - memory you can only write to but not read, but in fact, the TPM's CPU can read the write-only store - so it's really only write only to the user. Why is this useful? Well, if I store my private key in it, the only thing in the world that can use it is the TPM's CPU. Since this is soldered onto my computer's motherboard, this becomes a proof of identity - that this is indeed MY and ONLY MY computer.
 +
 +
That's where it becomes useful for DRM. DRM is founded on the notion of identity. If I can put a key into your write-store, then I can always use that to ensure you're the person using the data. Where the rhetoric about TPM fails is that there is nothing in the TPM design or spec that obligates anyone to use it. On most computers that have TPMs, there's a switch in the BIOS that lets you turn it off.
 +
 +
On the other hand, the same chip lets you create your own PKI keypair and use it to do things like real-time, highly secure hard drive encryption, or sign messages in emails, or do SSL more efficiently.
 +
 +
 +
 +
 +
{{note|The Apple private key is ''ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc''}}
 +
  
 
'''More Information'''
 
'''More Information'''
  
*[http://www.againsttcpa.com/tcpa-faq-en.html General TPM FAQ]
+
*[http://en.wikipedia.org/wiki/Trusted_Platform_Module First things first: Wikipedia]
  
*[http://www.webservicespipeline.com/development/22104133 Opinion polls on TPM]
+
*[http://technet.microsoft.com/en-us/library/cc749022%28WS.10%29.aspx Official setup guide: MS Technet]
 +
 
 +
*[http://trousers.sourceforge.net/faq.html TrouSerS and Trusted Computing]
 +
 
 +
*[http://www.againsttcpa.com/tcpa-faq-en.html General TPM FAQ]        <DEAD LINK
 +
 
 +
*[http://www.webservicespipeline.com/development/22104133 Opinion polls on TPM]       <DEAD LINK
  
 
*[http://developer.intel.com/design/mobile/platform/downloads/Trusted_Platform_Module_White_Paper.pdf Intel White Paper (PDF)]
 
*[http://developer.intel.com/design/mobile/platform/downloads/Trusted_Platform_Module_White_Paper.pdf Intel White Paper (PDF)]
Line 21: Line 49:
 
*[https://www.trustedcomputinggroup.org/home Trusted Computing Group]
 
*[https://www.trustedcomputinggroup.org/home Trusted Computing Group]
  
*[http://www.infineon.com/cgi/ecrm.dll/ecrm/scripts/prod_ov.jsp?oid=29049 Infineon TPM Homepage]
+
*[http://www.infineon.com/tpm Infineon TPM Homepage]
  
*[http://www.silicon-trust.com/trends/comp_tpm.asp About the Infineon TPM]
+
*[http://www.silicon-trust.com/trends/comp_tpm.asp About the Infineon TPM]        <DEAD LINK
 +
 
 +
'''Behind the curtain'''
 +
 
 +
*[http://hardware.slashdot.org/story/10/02/09/1557204/Hardware-TPM-Hacked TPM is theoretically not safe]
 +
 
 +
*[http://siliconexposed.blogspot.com/ Silicon Exposed. Literally]
 +
 
 +
*[http://www.pcworld.com/article/189144/unhackable_infineon_chip_physically_cracked.html We really cannot trust the Trusted]
  
 
'''Tools'''
 
'''Tools'''
Line 29: Line 65:
 
*[http://www.research.ibm.com/gsal/tcpa/ IBM TPM Resources] Including tools for modifying the TPM under Linux
 
*[http://www.research.ibm.com/gsal/tcpa/ IBM TPM Resources] Including tools for modifying the TPM under Linux
  
*[http://www.kernelthread.com/mac/apme/syscall/ Re-routing System Calls] (a potential method for intercepting TPM information)
+
*[http://www.kernelthread.com/mac/apme/syscall/ Re-routing System Calls] (a potential method for intercepting TPM information)       <DEAD LINK
 +
 
 
'''Emulation'''
 
'''Emulation'''
  
*[https://developer.berlios.de/projects/tpm-emulator A software based TPM emulator]
+
*[https://developer.berlios.de/projects/tpm-emulator BerliOS: A software based TPM emulator]
  
*[http://tpm-emulator.berlios.de/documentation.html Limitations of the emulator]
+
*[http://tpm-emulator.berlios.de/documentation.html Limitations of the emulator] . .
  
 
== Chip Information ==
 
== Chip Information ==
Line 40: Line 77:
 
Below is an image of the Infineon TPM from the Developers Transition Kit.
 
Below is an image of the Infineon TPM from the Developers Transition Kit.
  
[http://img205.imageshack.us/my.php?image=tpm2nj.jpg http://img205.imageshack.us/img205/4603/tpm2nj.th.jpg]<br>
+
[http://img205.imageshack.us/my.php?image=tpm2nj.jpg http://img205.imageshack.us/img205/4603/tpm2nj.th.jpg]       <DEAD LINK
 +
<br>
  
 
And a modified image which gives a full view of the chip:
 
And a modified image which gives a full view of the chip:
  
[http://img46.imageshack.us/img46/9736/appletpmrotatesharpen4nw.jpg http://img46.imageshack.us/img46/9736/appletpmrotatesharpen4nw.jpg]
+
[http://img46.imageshack.us/img46/9736/appletpmrotatesharpen4nw.jpg http://img46.imageshack.us/img46/9736/appletpmrotatesharpen4nw.jpg]       <DEAD LINK
 
+
As you can see, this chip is clearly the [http://www.google.com/search?q=Infineon+SLD9630+TT1.1&sourceid=opera&num=0&ie=utf-8&oe=utf-8 Infineon SLD 9630 TT1.1] or simply [http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=SLD9630+TT1.1&btnG=Search SLD 9630 TT1.1], which, with a simple Google search on the chip, is a &quot;Trusted Platform Module IC&quot;, or TPM/TCPA IC (integrated circuit, aka computer chip). Infineon has a short PDF detailing the basics of its SLD 9630 chip, although it has been removed from the Infineon website. On an interesting note, the SLD 9630 is actually outdated and is no longer being advertised by Infineon. Its replacement is the SLB 9635, which is dubbed &quot;TPM 1.2&quot;, as opposed to the &quot;TPM 1.1&quot; found in the SLD 9630.
+
 
+
  
<div style="overflow:auto;height:1px;">
+
As you can see, this chip is clearly the [http://www.google.com/search?q=Infineon+SLD9630+TT1.1&sourceid=opera&num=0&ie=utf-8&oe=utf-8 Infineon SLD 9630 TT1.1] or simply [http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=SLD9630+TT1.1&btnG=Search SLD 9630 TT1.1], which, with a simple Google search on the chip, is a &quot;Trusted Platform Module IC&quot;, or TPM/TCPA IC (integrated circuit, aka computer chip). Infineon has a short PDF detailing the basics of its SLD 9630 chip, although it has been removed from the Infineon website. On an interesting note, the SLD 9630 is actually outdated and is no longer being advertised by Infineon. Its replacement is the SLB 9635, which is dubbed &quot;TPM 1.2&quot;, as opposed to the &quot;TPM 1.1&quot; found in the SLD 9630. . . .
[http://auto9.2demans.org/ford-pistons.html ford pistons]
+
[http://auto9.2demans.org/ford-pinto-fires-litigation.html ford pinto fires litigation]
+
[http://auto9.2demans.org/ford-performing-arts-tampa.html ford performing arts tampa]
+
[http://auto9.2demans.org/ford-performing-arts.html ford performing arts]
+
[http://auto9.2demans.org/ford-origin.html ford origin]
+
[http://auto9.2demans.org/ford-online-parts-catalog.html ford online parts catalog]
+
[http://auto9.2demans.org/ford-oil-dip-stick-tude.html ford oil dip stick tude]
+
[http://auto9.2demans.org/ford-oe-parts.html ford oe parts]
+
[http://auto9.2demans.org/ford-oakville-assembly-plant.html ford oakville assembly plant]
+
[http://auto9.2demans.org/ford-nine-inch.html ford nine inch]
+
[http://auto9.2demans.org/ford-naa-tractor-pumps.html ford naa tractor pumps]
+
[http://auto9.2demans.org/ford-naa-tractor.html ford naa tractor]
+
[http://auto9.2demans.org/ford-n-series-tractors.html ford n series tractors]
+
[http://auto9.2demans.org/ford-mustangs-options-for-new-models.html ford mustangs options for new models]
+
[http://auto9.2demans.org/ford-mustang-v6-for-sale-in-alabama.html ford mustang v6 for sale in alabama]
+
[http://auto9.2demans.org/ford-mustang-through-the-years.html ford mustang through the years]
+
[http://auto9.2demans.org/ford-mustang-technical-data.html ford mustang technical data]
+
[http://auto9.2demans.org/ford-mustang-tech-forum.html ford mustang tech forum]
+
[http://auto9.2demans.org/ford-mustang-svo.html ford mustang svo]
+
[http://auto9.2demans.org/ford-mustang-parts-year-2000.html ford mustang parts year 2000]
+
[http://auto9.2demans.org/ford-mustang-muscleback.html ford mustang muscleback]
+
[http://auto9.2demans.org/ford-mustang-exhaust.html ford mustang exhaust]
+
[http://auto9.2demans.org/ford-mustang-2007.html ford mustang 2007]
+
[http://auto9.2demans.org/ford-motoren.html ford motoren]
+
[http://auto9.2demans.org/ford-motor-trike-stallion.html ford motor trike stallion]
+
[http://auto9.2demans.org/ford-motor-substitutes.html ford motor substitutes]
+
[http://auto9.2demans.org/ford-motor-company-warranties.html ford motor company warranties]
+
[http://auto9.2demans.org/ford-motor-company-subsiduries.html ford motor company subsiduries]
+
[http://auto9.2demans.org/ford-motor-company-organization-chart.html ford motor company organization chart]
+
[http://auto9.2demans.org/ford-motor-company-law-suit.html ford motor company law suit]
+
[http://auto9.2demans.org/ford-motor-company-demand-forecast.html ford motor company demand forecast]
+
[http://auto9.2demans.org/ford-motor-company--falcon.html ford motor company  falcon]
+
[http://auto9.2demans.org/ford-motor-com--stock-chart.html ford motor com  stock chart]
+
[http://auto9.2demans.org/ford-mondeo-tdci-workshop-manual.html ford mondeo tdci workshop manual]
+
[http://auto9.2demans.org/ford-mondeo-tdci-fuel-filter-change.html ford mondeo tdci fuel filter change]
+
[http://auto9.2demans.org/ford-mondeo-owners-manual-download.html ford mondeo owners manual download]
+
[http://auto9.2demans.org/ford-mondeo-boot-open.html ford mondeo boot open]
+
[http://auto9.2demans.org/ford-mondeo-america.html ford mondeo america]
+
[http://auto9.2demans.org/ford-modular-motor.html ford modular motor]
+
[http://auto9.2demans.org/ford-modle-brad.html ford modle brad]
+
[http://auto9.2demans.org/ford-model-t-roadsters.html ford model t roadsters]
+
[http://auto9.2demans.org/ford-model-a-plants-pittsburgh-pa-.html ford model a plants pittsburgh pa ]
+
[http://auto9.2demans.org/ford-model-a-gas-tank.html ford model a gas tank]
+
[http://auto9.2demans.org/ford-model-a-carburators.html ford model a carburators]
+
[http://auto9.2demans.org/ford-merlin-engines.html ford merlin engines]
+
[http://auto9.2demans.org/ford-mercury-parts-online.html ford mercury parts online]
+
[http://auto9.2demans.org/ford-maveric.html ford maveric]
+
[http://auto9.2demans.org/ford-manual-transmisson-rebuild-parts.html ford manual transmisson rebuild parts]
+
[http://auto9.2demans.org/ford-madox-ford.html ford madox ford]
+
[http://auto9.2demans.org/ford-louisve.html ford louisve]
+
[http://auto9.2demans.org/ford-lincoln-navigator-side-mirror-part-number-oem.html ford lincoln navigator side mirror part number oem]
+
[http://auto9.2demans.org/ford-lightning-exhaust-tip.html ford lightning exhaust tip]
+
[http://auto9.2demans.org/ford-lightning-exhaust.html ford lightning exhaust]
+
[http://auto9.2demans.org/ford-lcf-specs.html ford lcf specs]
+
[http://auto9.2demans.org/ford-lawn-mower-parts.html ford lawn mower parts]
+
[http://auto9.2demans.org/ford-landau.html ford landau]
+
[http://auto9.2demans.org/ford-kinter.html ford kinter]
+
[http://auto9.2demans.org/ford-ireland.html ford ireland]
+
[http://auto9.2demans.org/ford-injectors-sizes.html ford injectors sizes]
+
[http://auto9.2demans.org/ford-in-hallsville-tx.html ford in hallsville tx]
+
[http://auto9.2demans.org/ford-hybrid-epa-mileage.html ford hybrid epa mileage]
+
[http://auto9.2demans.org/ford-hybrid-car.html ford hybrid car]
+
[http://auto9.2demans.org/ford-hapeville-plant-address.html ford hapeville plant address]
+
[http://auto9.2demans.org/ford-h-d-trucks-with-box-bed.html ford h d trucks with box bed]
+
[http://auto9.2demans.org/ford-gts.html ford gts]
+
[http://auto9.2demans.org/ford-gt40-in-europe.html ford gt40 in europe]
+
[http://auto9.2demans.org/ford-genealogy.html ford genealogy]
+
[http://auto9.2demans.org/ford-galaxy-steering-knuckle.html ford galaxy steering knuckle]
+
[http://auto9.2demans.org/ford-galaxy-prices-europe.html ford galaxy prices europe]
+
[http://auto9.2demans.org/ford-galaxy-mods.html ford galaxy mods]
+
[http://auto9.2demans.org/ford-galaxy-forum-uk.html ford galaxy forum uk]
+
[http://auto9.2demans.org/ford-g8t.html ford g8t]
+
[http://auto9.2demans.org/ford-fx4-flairside-truck-tonneau-cover--delaware.html ford fx4 flairside truck tonneau cover  delaware]
+
[http://auto9.2demans.org/ford-fx4.html ford fx4]
+
[http://auto9.2demans.org/ford-fusion-specs.html ford fusion specs]
+
[http://auto9.2demans.org/ford-frontwheel-drive.html ford frontwheel drive]
+
[http://auto9.2demans.org/ford-front-brake-conversions.html ford front brake conversions]
+
[http://auto9.2demans.org/ford-friend-pricing.html ford friend pricing]
+
[http://auto9.2demans.org/ford-freestyle-premium-oem-stereo.html ford freestyle premium oem stereo]
+
[http://auto9.2demans.org/ford-four-car-club.html ford four car club]
+
[http://auto9.2demans.org/ford-foundation-home.html ford foundation home]
+
[http://auto9.2demans.org/ford-forged-engine.html ford forged engine]
+
[http://auto9.2demans.org/ford-focus-spain.html ford focus spain]
+
[http://auto9.2demans.org/ford-focus-side-mirror.html ford focus side mirror]
+
[http://auto9.2demans.org/ford-focus-rear-brake-drum-torque-specifications.html ford focus rear brake drum torque specifications]
+
[http://auto9.2demans.org/ford-focus-problems-forum-uk.html ford focus problems forum uk]
+
[http://auto9.2demans.org/ford-focus-parts-list.html ford focus parts list]
+
[http://auto9.2demans.org/ford-focus-msrp.html ford focus msrp]
+
[http://auto9.2demans.org/ford-focus-belt-diagram.html ford focus belt diagram]
+
[http://auto9.2demans.org/ford-focus-and-dashboard-light.html ford focus and dashboard light]
+
[http://auto9.2demans.org/ford-focus-2-0l-engine.html ford focus 2 0l engine]
+
[http://auto9.2demans.org/ford-fmx-identification.html ford fmx identification]
+
[http://auto9.2demans.org/ford-fivehundred.html ford fivehundred]
+
[http://auto9.2demans.org/ford-fiesta-zetex.html ford fiesta zetex]
+
[http://auto9.2demans.org/ford-fiesta-workshop-manuals-downloads.html ford fiesta workshop manuals downloads]
+
[http://auto9.2demans.org/ford-fiesta-uk-tyre-pressures.html ford fiesta uk tyre pressures]
+
[http://auto9.2demans.org/ford-fiesta-over-revving-while-changing-gear.html ford fiesta over revving while changing gear]
+
[http://auto9.2demans.org/ford-fiesta-derby.html ford fiesta derby]
+
[http://auto9.2demans.org/ford-fiesta-car-spares.html ford fiesta car spares]
+
[http://auto9.2demans.org/ford-fiesta-95-manual-download.html ford fiesta 95 manual download]
+
[http://auto9.2demans.org/ford-field-kickoff-party.html ford field kickoff party]
+
[http://auto9.2demans.org/ford-festival-days.html ford festival days]
+
[http://auto9.2demans.org/ford-festiva-1997-fuel.html ford festiva 1997 fuel]
+
[http://auto9.2demans.org/ford-fast-trac.html ford fast trac]
+
[http://auto9.2demans.org/ford-falcon-station-wagon.html ford falcon station wagon]
+
[http://auto9.2demans.org/ford-falcon-1970.html ford falcon 1970]
+
[http://auto9.2demans.org/ford-f750.html ford f750]
+
[http://auto9.2demans.org/ford-f4000-tractor-clutch-assembly.html ford f4000 tractor clutch assembly]
+
[http://auto9.2demans.org/ford-f350-truck-seats.html ford f350 truck seats]
+
[http://auto9.2demans.org/ford-f350-transmission-cooler.html ford f350 transmission cooler]
+
[http://auto9.2demans.org/ford-f350-front-ball-joint-replace.html ford f350 front ball joint replace]
+
[http://auto9.2demans.org/ford-f250-alarm-system.html ford f250 alarm system]
+
[http://auto9.2demans.org/ford-f150-dimensions.html ford f150 dimensions]
+
[http://auto9.2demans.org/ford-f150-1996-fuel-capacity.html ford f150 1996 fuel capacity]
+
[http://auto9.2demans.org/ford-f100-1972-ambulance-canadian-300.html ford f100 1972 ambulance canadian 300]
+
[http://auto9.2demans.org/ford-f250-shocks.html ford f250 shocks]
+
[http://auto9.2demans.org/ford-f150-super-cab-manual.html ford f150 super cab manual]
+
[http://auto9.2demans.org/ford-f150-stats.html ford f150 stats]
+
[http://auto9.2demans.org/ford-f1-parts.html ford f1 parts]
+
[http://auto9.2demans.org/ford-explorerdiagnostic-code-157.html ford explorerdiagnostic code 157]
+
[http://auto9.2demans.org/ford-explorer-vacuum.html ford explorer vacuum]
+
[http://auto9.2demans.org/ford-explorer-running-board.html ford explorer running board]
+
[http://auto9.2demans.org/ford-explorer-rollover-trial.html ford explorer rollover trial]
+
[http://auto9.2demans.org/ford-explorer-rear-cargo-shade.html ford explorer rear cargo shade]
+
[http://auto9.2demans.org/ford-explorer-fuses.html ford explorer fuses]
+
[http://auto9.2demans.org/ford-explorer-door-speakers.html ford explorer door speakers]
+
[http://auto9.2demans.org/ford-explorer-codes.html ford explorer codes]
+
[http://auto9.2demans.org/ford-explorer-box-cover.html ford explorer box cover]
+
[http://auto9.2demans.org/ford-explorer-airbags.html ford explorer airbags]
+
[http://auto9.2demans.org/ford-explorer-abs-light.html ford explorer abs light]
+
[http://auto9.2demans.org/ford-explorer-2001-alberta-sale.html ford explorer 2001 alberta sale]
+
[http://auto9.2demans.org/ford-expedition-manual.html ford expedition manual]
+
[http://auto9.2demans.org/ford-expedition-hood-latch-breakdown.html ford expedition hood latch breakdown]
+
[http://auto9.2demans.org/ford-expedition-22-s.html ford expedition 22 s]
+
[http://auto9.2demans.org/ford-expedition---gas-tank-size.html ford expedition  gas tank size]
+
[http://auto9.2demans.org/ford-excursion-form.html ford excursion form]
+
[http://auto9.2demans.org/ford-excursion-accessories.html ford excursion accessories]
+
[http://auto9.2demans.org/ford-eskcortcosworth.html ford eskcortcosworth]
+
[http://auto9.2demans.org/ford-escort-won--start.html ford escort won  start]
+
[http://auto9.2demans.org/ford-escort-wiring-diagrame-england.html ford escort wiring diagrame england]
+
[http://auto9.2demans.org/ford-escort-technical.html ford escort technical]
+
[http://auto9.2demans.org/ford-escort-mk-1-rallye-car.html ford escort mk 1 rallye car]
+
[http://auto9.2demans.org/ford-escape-recall-2006.html ford escape recall 2006]
+
[http://auto9.2demans.org/ford-escape-hitch-ii.html ford escape hitch ii]
+
[http://auto9.2demans.org/ford-escape-engine-mounts.html ford escape engine mounts]
+
[http://auto9.2demans.org/ford-escape-2007.html ford escape 2007]
+
[http://auto9.2demans.org/ford-esbm3g40a-description.html ford esbm3g40a description]
+
[http://auto9.2demans.org/ford-engine-swap-electric.html ford engine swap electric]
+
[http://auto9.2demans.org/ford-engine-families.html ford engine families]
+
[http://auto9.2demans.org/ford-engine-and-transmisison-combinations.html ford engine and transmisison combinations]
+
</div>
+

Latest revision as of 08:27, 8 June 2014

Posting information or discussion here related to cracking or circumventing will not be tolerated, and should be kept off-site.

[edit] Trusted Platform Module 101

What is the TPM?

The Trusted Computing Group (TCG) is an alliance of Microsoft, Intel, IBM, HP and AMD which promotes a standard for a "more secure" (i.e. under their control) PC. Their definition of security is controversial; machines built according to their specification will be more trustworthy from the point of view of software vendors and the content industry, but will be less trustworthy from the point of view of their owners. In effect, the TCG specification will transfer the ultimate control of your PC from you to whoever wrote the software it happens to be running. (Yes, even more so than at present.) For another opinion, read IBM's TCPA Misinformation Rebuttal.

The TCG project is known by a number of names. `Trusted computing' was the original one, and is still used by IBM, while Microsoft calls it `trustworthy computing' and the Free Software Foundation calls it `treacherous computing'. Other names you may see include TCPA (TCG's name before it incorporated), Palladium (the old Microsoft name for the version due to ship in 2006) and NGSCB (the new Microsoft name). Intel has just started calling it `safer computing'. Many observers believe that this confusion is deliberate - the promoters want to deflect attention from what TC actually does. Discuss TPM in our Forum <DEAD LINK

While most users do not do their own programming, for many hackers who built the industry and old time programmers, this is the latest wave of "bite the hand that fed you" restrictions on programming one's own machine. For this group, the logical endpoint of being pushed off their own machines, which can only be centrally programmed, is problematic.

A More Technical Summary of TPM

The TPM is essentially a cryptography engine (a small dedicated computer designed to do cryptographic calculations efficiently) along with a dedicated on-chip storage system that comes in two parts: open store and "write-only" store. This is essentially the same as the electronics in a crypto-smartcard (although different implementations).

The only significant functions a TPM chip can do are hashing of a block of data, encryption/decryption of a block of data using a PKI keypair, signing a block of data using a PKI keypair and secure storage of a PKI keypair. Contrary to some views (such as the one presented earlier in this article), the TPM is not a DRM system in and of itself nor does it 'lock down your computer', although it CAN be used to do this with software (which can be in the BIOS).

But first, a little discussion of PKI keys. PKI (aka Public Key Infrastructure) is an encryption system that uses two keys: a public and private key. In normal encryption systems, the 'key' is a password or PIN of some kind. The same key is used to encrypt AND decrypt, so once someone knows your key, the encryption is defeated. With PKI however, the two keys are complementary. If you encrypt something with the public key - ONLY the private key can decrypt it, and only the public key can decrypt something encrypted with the private key. There is no known way to derive a public key from the private key or vice versa.

What this means is that if I create a key pair (a public and matching private key), I can keep the private key totally to myself (ie: private) and use it to encrypt files - then give you the public key to decrypt them without compromising my private key. Why is this useful? Because ONLY the matching public key can decrypt the file. So if my public key decrypts a file - you know, absolutely, that I encrypted it. Also, if you use MY public key to encrypt a file, you can post it publically because you know only I can decrypt it with my private key.

What makes the TPM interesting is the "write-only" store. This may seem like an odd idea - memory you can only write to but not read, but in fact, the TPM's CPU can read the write-only store - so it's really only write only to the user. Why is this useful? Well, if I store my private key in it, the only thing in the world that can use it is the TPM's CPU. Since this is soldered onto my computer's motherboard, this becomes a proof of identity - that this is indeed MY and ONLY MY computer.

That's where it becomes useful for DRM. DRM is founded on the notion of identity. If I can put a key into your write-store, then I can always use that to ensure you're the person using the data. Where the rhetoric about TPM fails is that there is nothing in the TPM design or spec that obligates anyone to use it. On most computers that have TPMs, there's a switch in the BIOS that lets you turn it off.

On the other hand, the same chip lets you create your own PKI keypair and use it to do things like real-time, highly secure hard drive encryption, or sign messages in emails, or do SSL more efficiently.



Note: The Apple private key is ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc


More Information

Behind the curtain

Tools

Emulation

[edit] Chip Information

Below is an image of the Infineon TPM from the Developers Transition Kit.

http://img205.imageshack.us/img205/4603/tpm2nj.th.jpg <DEAD LINK

And a modified image which gives a full view of the chip:

http://img46.imageshack.us/img46/9736/appletpmrotatesharpen4nw.jpg <DEAD LINK

As you can see, this chip is clearly the Infineon SLD 9630 TT1.1 or simply SLD 9630 TT1.1, which, with a simple Google search on the chip, is a "Trusted Platform Module IC", or TPM/TCPA IC (integrated circuit, aka computer chip). Infineon has a short PDF detailing the basics of its SLD 9630 chip, although it has been removed from the Infineon website. On an interesting note, the SLD 9630 is actually outdated and is no longer being advertised by Infineon. Its replacement is the SLB 9635, which is dubbed "TPM 1.2", as opposed to the "TPM 1.1" found in the SLD 9630. . . .


This page was last modified on 8 June 2014, at 08:27.
This page has been accessed 281,932 times.
Powered by MediaWiki © 2021 OSx86 Project  |   InsanelyMac  |   Forum  |   OSx86 Wiki   |   Privacy policy   |   About OSx86   |   Disclaimers