[Sussex] BBC Video Downloads

Sat Feb 10 15:16:42 UTC 2007

Quoting Nico Kadel-Garcia <nkadel at gmail.com>:

>> Many of the arguments people give for why it's a bad thing are
>> actually untrue. Things like "You won't be able to install Linux on a
>> Trusted Computing machine" are popular claims that are simply wrong.
>
> This week. But take a careful look at where it's headed: Brian LaMacchia,
> who is one of the core authors of the technology, at his MIT presentation on
> it when it was called Palladium, indicated that there's a real security
> desire to control the BIOS and boot devices. It's even extensible with the
> existing standards to control media devices such as DVD drives or USB memory
> sticks: this would force those devices to be accessible only with authorized
> software, namely software that has been issued the appropriate keys. There's
> a real risk that under the aegis of security concerns a motherboard
> manufacturer can make hardware bootable only with their authorized kernels.

Sorry, but that's just another of those things that fails the Reality  
Test to me.

A hardware manufacturer delibertely crippling their own product to  
make it run less software? How are they going to market that, exactly?  
"Buy our product, it's so secure you can't run ANYTHING on it!"

Even if they made such a board, they would then be under the onus of  
supplying software for it. Every manufacturer of hardware would have  
to provide and maintain their own OS and applications to run on it.  
Either that, or hand their keys out to all the software devs so that  
they can sign the software for them - at which point, their keys are  
no longer secure and will inevitably leak out, rendering the TC  
worthless.

And how does it square with things like LinuxBIOS, which are starting  
to make inroads - I gather AMD will be selling MoBos with LinuxBIOS on  
it this year.

I can see some hardware manufacturers selling hardware WITH AN OPTION  
that you can make it impossible to install unsigned software on it -  
for certain high-security applicatons, this is desireable.

But making it a mandatory feature of a standard desktop PC? And  
locking it to only allow Windows to be installed? MS has enough  
anti-trust worries already without making an overt move to make  
competition physically impossible.

And how does it even add value to a hardware maker? Even Apple doesn't  
prevent you installing a competitor's OS on their hardware - you buy  
the hardware, they don't care about the software you run on it:  
They've made their money, what you do with the product is up to you.  
Run OS X, run Windows, use it as a paperweight, why should theyr care?  
What possible motive could any hardware maker have to get involved  
with software restriction?

Sorry, I just don't buy it. A possible, user-controlled restriction  
function for people who really need security, yes. An unavoidable  
crippling of hardware, no. Fails the reality test.