Linux and the Trusted Platform Module (TPM)
by Terry Relph-Knight
As computing and the internet become ever more a part of everyday life, reliable and strong security becomes increasingly necessary. Security is critical in the areas of business communications, online banking and online shopping, but until quite recently security has not been an integral part of the core computing hardware. Hardware manufacturers have been taking steps to rectify that by introducing the idea of trusted computing based on devices such as the Trusted Platform Module (TPM). Many of these ideas, and the methods to implement them, have come from what the open source community see as the proprietary commercial establishment and so are greeted with some suspicion. Nevertheless, in order to continue to flourish, open source will have to somehow accommodate them and provide support for secure functions such as TPM.
Liberty and Security
In recent years the peculiar relationship between security and liberty has been highlighted in many different ways by the development and spread of information technology and the uses to which that technology is being put. Digital technologies and global connectivity were originally conceived as ways of making both private and business life easier, richer and more productive. As is now being realised, they also make it possible for criminals to steal vast sums of money, terrorists to organise, and governments to spy on their citizens. Companies can manipulate markets through demographic analysis of the online activities of individuals and can target their marketing accordingly; they can even control what their customers can do with their products.
Encryption technologies are very much a part of this and the critical question here is – who holds the keys? If an individual is the only one who holds their private keys then their freedoms and security are protected, or, at least, are their own responsibility. If back door or master keys are allowed, or even legislated, then ultimately the owners of those keys are in control. Even worse, governments and companies in possession of such keys become collection points for very large numbers of keys, making the databases that hold them very attractive targets. So far governments have proven frighteningly inept at protecting this kind of sensitive data.
Digital Rights Management (DRM) is an example of companies controlling consumers' use of their product, Phorm is an example of a technology delivering targeted advertising based on demographic analysis and TPM and associated technologies such as AMT and TXT are examples of hardware integrated security systems.
DRM is designed to protect the media companies not the consumer and Phorm benefits the advertiser not the consumer; both are technologies that have generated a strong negative reaction. TPM and other technologies designed to protect the individual computer might seem beneficial to the end user, but are tainted by fears about back door access.
The birth of Trusted Computing
In 1999, Intel – along with Microsoft, Infineon, National, Atmel and various other organisations – formed the Trusted Computing Platform Alliance (TCPA). Its objective was to focus on two areas: ensuring privacy and enhancing security by complementing existing security standards and systems. Standards and systems such as the X.509 standard for digital certificates, IPSEC (Internet Protocol Security Protocol), IKE (Internet Key Exchange), VPN (Virtual Private Network), PKI (Public Key Infrastructure), PC/SC Specification for smart cards, biometrics, S/MIME (Secure Multi-purpose Internet Mail Extensions), SSL, SET (Secure Electronic Transaction), IEEE 802.11 WEP, IEEE 802.1x and so on. The TCPA was to draw up a specification for a trusted, uniquely-identified platform which would provide various cryptographic capabilities including hardware-protected storage.
In 2005 the Trusted Platform Module (TPM) was launched, a chip that realised the TCPA specification in hardware. The idea was that the TPM would be fitted to (perhaps eventually all) motherboards to act as a 'digital safe' for encryption keys. TPM chips contain an RSA accelerator engine to perform up to 2048 bit RSA, a SHA-1 hashing engine, a random number generator (RNG) and a limited amount of NVRAM. Since then Intel has integrated the TPM function into the larger components in some of its chipsets, usually as a component of the Intel Management Engine which in turn is the hardware component of Intel's Active Management Technology (AMT).
Uses of a TPM
TPM is a technology that may be seen as either benign or malign depending on which side of the 'commercial computing establishment versus everything open source' fence you happen to be standing. TPM can, for example, be used to validate during boot-up, with a high degree of confidence, that the operating system being loaded has not been tampered with. On the other hand, although a TPM chip in itself does not implement Digital Rights Management, it does enable DRM implementation in combination with BIOS code and other software. For example Microsoft have announced a DRM technology called Protected Video Path – Output Protection Management (PVP-OPM) which makes use of the TPM.
All Intel-based Apple Mac computers come with a TPM on the motherboard. Some commentators have claimed that Apple ship their machines with a specific key pre-installed into the TPM which TPM KEXT checks against a public key to verify that the computer is a legitimate Apple machine. They say this is the main reason why generic PCs, even those with TPM on the motherboard, cannot run the Mac OS X. However, it appears this is not accurate; at present Mac OS X does check for the presence of a TPM, but it does not expect to find a private key unique to Apple. Although incorrect, these reports have generated a lot of concern.
The combination of the Intel TPM and operating system support for it came originally to be referred to as 'trusted computing'. It was, and still is, regarded with a good deal of suspicion by many in the open source community. Arguments against it range from "it breaks the terms of the GPL" to "it's an evil device designed to stop people running open source software at all". The fear is that it will be used by Microsoft and Intel to lock motherboards so that Linux will not run on them. This may be prompted by the inaccurate reports of Apple using TPM to lock MacOS X into their motherboards, but locking out an operating system is rather more difficult to achieve than locking one in.
The main objection of the open source community to TPM chips is that they are capable of generating public/private key pairs where the private key is contained within the TPM and is not even known to the computer owner. It is also possible, during manufacture, to inject private keys into a TPM that will be known to a third party, i.e. a computer manufacturer or major copyright holder, but again, not known to the computer owner. Potentially this leads to manufacturers and content providers being able to limit what the computer owner can and can't do with their PC. The Free Software Foundation refers to this kind of restriction of the computer owner and user's rights as "Tivoisation".
Intel simply present TPM as a method of providing improved security for the individual computer user against criminal attacks and play down any possibility of it being used to restrict users' rights. Digital signing or digital passports using secure keys can indeed be seen as a way of "keeping the bad guys out"; the trouble is it depends on your point of view as to who the "bad guys" are. Security experts such as Kaspersky champion digital passports, which could be implemented using a TPM, as the only way forward in protecting the general computer user against cyber-crime.