Amith Singh writes about the Trusted Computing Module found in Intel Macs. “Regardless of what the media has been harping on for a long time, and regardless of what system attackers have been saying about the ‘evil TPM protection’ Apple uses, Apple is doing no TPM-related evil thing. In fact, Apple is doing no TPM-related cryptographic thing at all in Mac OS X. Yes, I know, there has been much talk of ‘TPM keys’ and such, but there are no TPM keys that Apple is hiding somewhere. More specifically, Apple simply does not use the TPM hardware. In Apple computer models that do contain a TPM, the hardware is available for use by the machine’s owner. Of course, to use it you need a device driver, which Apple indeed doesn’t provide.”
If you look at what the osx86 people are doing, you’ll know all about magic poems rather than TPM hardware being used
The driver and the software stack together make trusted computing possible on Mac OS X, assuming you have a machine with a TPM. This page shows you how to “take ownership” of the TPM and begin using it.
It seems like this driver could be valuable for a totally different purpose.
I understand the newest Pentium processors give Xen the capability to run an unmodified copy of Windows. So maybe this driver could be modified in such a way that it runs in Xen domain 0 (the privileged domain) running Linux or some other free OS. It could intercept Windows accessing the TPM hardware and give answers necessary to circumvent DRM (which is defective by design).
Except Windows DRM doesn’t use the TPM either.
BTW, Xen already has vTPM if you want to play with it.
It’s a shame Apple didn’t include the TPM module on the newer Macs, they are potentially quite useful devices to have around if you wanted a secure way to encrypt/sign your own data. As it stands, you’d have to purchase an external USB dongle or Smart Card to do the same thing. For some users, the idea of an extra dongle isn’t that flash, whereas if there was a TPM module on all Macs, you could get encrypting/signing (say, of email) with little additional cost in a very secure fashion.
You could do it in software alone, but increasingly the ease of which Windows computers are infected (and potentially Mac OS X) with malware means that snagging the passphrase and public/private keys would be trivial. It’s much better to load your keys onto a secure device instead that cannot be copied off, making this possibility much less likely.
Edited 2006-11-02 03:24
” Of course, to use the TPM under Mac OS X, you first need a device driver. I am releasing a Mac OS X TPM driver under the GPL 2 open source license.”
… “I modified the excellent TrouSerS software suite to work on Mac OS X—the modified source is also available for download.”
[Fanboy on]
Every time I go to this fellows site my IQ goes up.
Good God man, when do you sleep?
🙂
Fabulous, fabulous book.
[Fanboy off]
Are there any vendors actually using this chip?
Yes. Intel, HP/Compaq, Acer, Toshiba and Fujitsu use the Infineon chip. Check here: http://www.tonymcfadden.net/tpmvendors.html for more info. The only external USB form factor for the Infineon chip I know of is the eToken Pro from Aladdin (quite expensive). I’m looking at Axalto’s CyberFlex Smart Card with e-gate instead, which lets you plug it into a simple USB carrier for use with computers, or you can get it all in one.
It’s about $35 US either way including the CyberFlex Smart Card + Smart Card reader or CyberFlex Smart Card in a USB carrier, which is pretty cheap compared to the eToken Pro. I’d imagine once those malware coders twig onto private/public keys people will start to use these devices more commonly.
maybe they are just waiting for the right time to start using it, like some kind of deep sleep agent?
maybe they are just waiting for the right time to start using it, like some kind of deep sleep agent?
From what I was reading about the Intel motherboards, the TPM module had to be disabled and ready for the user to start using (if ever). Basically it means they (OS manufacturers) can’t use it as a default option out of the box for their own purposes. The only manufacturer that could probably pull it off is Apple, and if they just removed the TPM module it’s unlikely they’re seriously thinking about using it for various nefarious purposes (like DRM or binary encryption).
I’d imagine they’d provide software support for user level signing/encrypting, with an option to use the hardware TPM if it exists. If that picks up, I guess we could see more and more computers coming with TPM modules in the future instead of requiring external USB keys.
The only issue is that if you lose your computer or USB key, most TPM modules are designed to prevent private key extraction, so once that happens, you are seriously out of luck getting the private key loaded onto a new computer or USB key. I guess you could generate the keys external to the module, then load it up write/execute on the module only. You’d have to be pretty sure that the machine is clean for this to work however (malware could theoretically snarf the private key en route to the TPM module).
Additional edit: also, the use of TPM modules for private/public keys for signing and encryption only works well for private machines. Not quite as reliable with public access computers unless you can encrypt the private key, decrypt and load into the TPM module securely with a per-enterprise decryption key. Most TPM modules only have a limited number of slots for private/public keys, depending on how much flash RAM they have.
Edited 2006-11-03 08:45
Newest Macs’ don’t need a sepparate TPM chip because they feature Core 2 Duo processors that have built-in DRM facilities, you can see that every supposedly non-tpm enabled Mac is powered by a Core 2 Duo chip with LaGrande technology. These facilities are actually needed for OS X to run as the TPM is involved in the binary protection scheme.