If you happen to be buying any new PC machine(s) soon, you might find this post very relevant.
In a series of posts, I will be trying to explain the functionalities and security concerns surrounding one of the components that is very likely to be soldered to a motherboard of a machine that you are buying or have bought recently. That is a Trusted Platform Module (TPM).
So what is a TPM?
A TPM is a little chipset that some PC manufacturers have been selling inside their machines for some time now. It has the capability to securely generate and store cryptographic keys inside its non-volatile memory. The main functionalities of the TPM are remote attestation, sealing and binding (don’t worry about these terms; we will come back to them later).
So how can TPM can be used?
The TPM can be used to authenticate hardware devices, platforms, and applications running on top of them. To make this easy to understand, think of your internet browser trying to access your banking website. This browser is running on top of a platform which happened to run on top of some hardware. It is envisaged that [in the future] your bank will be able to verify the type of hardware and software you’re running before giving you access to your banking account; thus, checking the “trustworthiness” of your machine. (This is basically remote attestation).
Do I have to worry?!
As you might have figured out by now, in time you’ll be expected to reveal more about what you’ll be running on your machine in order to get the services you need. Also, content providers will have easier means to enforce usage policies on remote platforms.
Ok, Ok. It is not all bad news. Although Trusted Computing has been criticized by people like Ross Anderson, Bruce Schneier, and the Electronic Frontier Foundation, the Trusted Computing Group (as we will discover more about this in the coming parts) have made some adjustments to answer some of those concerns. (One of the main unsolved concerns is that mass produced hardware and operating systems might restrict some type of legitimate software from running)
On the bright side, TPMs will enable us to verify the integrity of our platforms. This idea will be possible by building our platform trustworthiness, from scratch, securely. First, we authenticate the BIOS, then the boot loader, then the OS, etc. Hence, we can have more assurance about what sort of processes are running on our platforms.
Looking from an Anti-Malware point-of-view, malware authors will be having a lot more difficulty escaping those chains of trust. Rootkits will have no place to hide (theoretically speaking 
) in such environments since discrepancies will be found as soon as a rootkit can load itself into memory!
In the next part, I will talk more specifically about the concerns that surround TPMs and the solutions that have come up to answer some of them. Meanwhile, you don’t have to worry about any [undesirable] activity from your TPM-supported-platform, as all those machines come with disabled and non-configured TPMs!
May 6th, 2008 at 6:45 am
So today all a malicious hacker would need to do would be enable and/or configure the TPM and all new PCs will cease to function correctly. Nice.
At what point did giving Microsoft and/or Intel control over what we can and can’t run on our hardware become a good idea? TPMs will not allow US to verify the “integrity” of our PCs. The TPM will ensure that we can only do what “they” allow us.
May 6th, 2008 at 10:44 am
@badidea
Well, currently all TPMs require physical presence (as described by the TCG specifications) to be enabled. Usually this happens as an option within the BIOS. So we’re sort of protected from people who would like to have it enabled!
Regarding the second point, I tend to have similar worries to yours, but it’s still early to judge. Certainly, vendors will have more powers to enforce DRM sort of applications. But it’s unclear whether they’ll be (legally) able to squeeze small developers out of the picture and restrict the type of applications on their platforms. Remember that ideas like (Protected Media Path) is already implemented in MSFT’s Vista by relying on kernel support. So the next step will be to take that to the hardware level.
May 7th, 2008 at 9:41 am
Could you clarify more specifically what you mean about how mass produced operating systems might prevent some legitimate software from running? What would be a specific example of this, and how exactly would the OS + TPM prevent this software from running? (And what role would the TPM play exactly?)
Along these lines, do you think an OS today could be written that would prevent certain software from running (without using the TPM)? For example, could Microsoft Windows have been written to prevent non-Microsoft software from running? How well do you think such a version of Windows would have sold?
May 7th, 2008 at 12:00 pm
@Hal
how to prevent software from running? basically you’ll be provided with a hardware platform that contains that TPM. Then you install your OS of choice that takes advantage of the TPM to verify its integrity. So, when you boot your machine, the TPM will produce some hash for the boot loader, then when it comes to the OS, it can retrieve that hash and make sure that the boot loader hasn’t been tampered with. Then, the OS will load and run the required processes for all the housekeeping, etc. Every time, it loads something, it can check if there are any other undesirable software running, etc. This way we can obviously stop rootkits from loading themselves before any other security software can run. If you think about the current Vista’s Protected Media Path, the kernel keeps checking for any unknown loaded kernel-mode software, if something is found, it will stop some sort of DRM protected media from playing. Thus, they can prevent copying it.
Having said that, people can still modify the kernel to break that PMP. But with a TPM on board, it’s way much harder!
Forget about DRM sort of content. Will mass produced OS’s try to block third-party applications? Very unlikely. There is no single company out there that can provide a complete OS with every sort of application that a human might need. That’s why they try to produce SDKs and make their platforms expendable, so people can write their own software and utilise the platforms in different ways. However, OS vendors might take another approach and start selling platforms with completely locked environments, and other ones with different levels of semi-locked behaviour.
Do I think an OS today could be written that would prevent certain software from running? Yes and no. They can certainly make it harder by preventing people from directly patching the kernel and enforcing greater measures to enforce the kernel integrity. Thus, the kernel will be sitting in the back watching and enforcing policies. It is not a bullet-proof solution as the route to disable the kernel integrity-checking-routine is still accessible, but until TPMs get more popular, this is what they have in hands.
How well do I think such a version of windows would have sold? It depends on what sort of device you’re looking to get. Mobile TPM specifications were published a while ago and it’s very likely that mobile platforms will get TPMs popular first. So, if you’re buying this new gadget that can play some cool songs and videos. However, you can run nothing else written by the average Bob or copy any of those media files. Would you mind? You might do, but I can count you a lot of other people who would hurry to buy this device. (In theory,at least, the price of those devices should come down if such measures would be enforced). Now, scale this idea to PCs. I think I can also count you a lot of other people that I know who wouldn’t mind getting those platforms if somebody would offer them some discount.
Those are never easy questions, and Trusted Computing is certainly a controversial area.
HTH.
May 12th, 2008 at 6:46 am
TCG and TPM is most certainly a very controversial subject, with a lot of inaccuracies in the anti side, IMO. I read the GNU FAQ and they were complaining that security companies like you would be put out of business by MS adopting TC! But, don’t most OSS fans also complain about the lack of security in Windows? Surely they should welcome the increased strength of the OS?
Nice reply in #4, but the reply from the anti side is that the iPhone can currently be jailbroken if you want. An MTM (Mobile Trusted Module) should make that task much harder, though. I know that a lot of jailbroken iPhones are being shipped abroad, but how many users using it on the intended network have jailbroken just to install apps, etc?
Looking forward to the rest of this series.