don't trust trusted computing
It's time to say goodbye to BIOS. If you're lucky, you have no idea what it is, anyway, but the less fortunate have hit F2 or Del to enter setup when their system was booted, and browsed through the myriad options presented. The BIOS doesn't just let you flip settings; it also serves to manage the very low-level hardware on your computer, like RAM, basic video, plug-n-play support, and the built-in hard disk controllers. It translates the commands of more sophisticated programs into the language of your computer's specific chipset.
But most agree that BIOS has outlived its lifespan, and it's time to move on. Apple, for instance, uses OpenBIOS, a newer technology that offers advantages that make it easier to recover from a system crash, boot from the network, or run multiple operating systems on the same computer. Now industry heavyweights like AMD, Dell, HP and IBM are banding together to design a next-gen BIOS architecture called United EFI. That's fine -- but in the process they're going to try to cripple your computer. You shouldn't let them.
The problem is that along with with various improvements in memory management, booting and driver architecture, EFI implements "Trusted Computing". And Trusted Computing is bad news.
There's a good overview of TC (aka "Trustworthy Computing", in Microsoft-speak) here, but it essentially boils down to the use of public key cryptography within the guts of your computer. This allows various aspects of the system to be restricted in hardware. Programs can't interfere with one another's data in memory, and can optionally prevent other programs from reading data they store on the disk. It also protects your input and output (and someday could potentially restrict it to approved devices). Finally, it lets your computer prove to a remote system that it's running or not running particular programs.
This would be great for preventing things like viruses and spyware. The problem is that it would also be great for proprietary technology companies intent on enforcing DRM. DRM technologies would become much harder to beat. The data on your PC would essentially cease to be your own.
Want to transition from Word to OpenOffice? Sorry, but only Word can read its own documents. It's impossible for a program besides Word to access that data, so converting your documents isn't an option. Better buy an upgrade.
Or maybe you downloaded a free copy of a song from a band's website -- they could make that song require a custom player, which in turn requires remote authentication, allowing all kinds of abuses. When the band goes out on tour, suddenly you can only listen to the first thirty seconds, to make you that much more desperate to see them live. You can't write the song to a different file because you can't access it on disk, can't read it out of memory, and can't spoof the authentication because the remote server knows what program you're running.
So why would users want to give away control of their computers to corporations? Well, you won't have much choice -- a major architectural change like this is likely to happen across large swaths of the industry very quickly. But what sales effort exists is likely to be put in terms of protection from spyware and viruses. And that's a real advantage -- but it ignores the possibility of letting users fake credentials, when so desired. It's possible to allow folks to generate a false remote attestation report saying "why yes, I am running Windows Media Player and nothing else", or install unsigned code if they want, or answer a prompt to grant programs access to those MS Word files that were locked away to keep them safe from trojans and worms. Unsurprisingly, the powers that be aren't too keen on this compromise. Until they are, you should be wary of Trusted Computing.
Comments
Apple is thinking about implementing this, too. Bad news.
Post A Comment