Stanford Center for Internet and Society

Increasingly, people are working on virtual, software-based implementations of the TPM (just to give one example). In addition, companies are thinking about implementing virtual TPMs due to cost considerations. Much has been written about potential policy problems of hardware-based TPMs. It's interesting whether the policy implications of virtual TPMs are any different. Any thoughts?

As recent news (Wired and CNet) indicates, Apple is using an Infineon TPM chip in order to bind its forthcoming x86-based version of Mac OS to particular hardware platforms (although the story is disputed, see here). The OSx86Project develops a version of Mac OS that can be run on any arbitrary x86 platform. This is just another example of how companies attempt to tie products and/or services together by technology. Apple is doing a similar thing with its iTunes service and the iPod player. There are many other examples.

In a recent paper on the forthcoming GPL version 3, Richard Stallman and Eben Moglen mention briefly the potential tension between trusted computing and the open source idea and how the GPL version 3 should react to this. Seth Schoen uses this paper as a starting point for some very interesting thoughts on the relationship between trusted computing and open source over here.

Recently, the Best Practices Committee of the TCG published a document entitled "Design, Implementation, and Usage Principles for TPM-Based Platforms". The document, which had been in the pipeline for numerous months, is a major contribution of TCG to the policy debate. In my opinion, TCG should be applauded for the document. It provides a rather balanced view of the policy problems surrounding TCG, points to some solutions, but also to the limitations these solutions suffer from. Some of the solutions will, ultimately, not prevent the problems raised, but given the existing organizational structure of TCG, this document was probably the best the TCG could do (and agree upon). I'll come back to this point at the end of my comments which attempt to highlight some of the underlying policy principles as well as to criticize certain aspects of the document.

I have updated the TC literature section down below. If you know any other sources that deal with important technological advances in the area of TC or with legal and policy implications of TC, please send me an email.

In addition to the slides of my recent talk about trusted computing at the CIS in Stanford, there is also an audio version available.

Furthermore, I have created a version which synchronizes the slides and the audio version. It is available here. I do not really like the synchronized version as it cannot be viewed with Firefox (basically, you have to use Microsoft Internet Explorer and Microsoft Windows Media Player 9), and, on many computers, the whole audio file must be downloaded first and cannot be streamed. But I thought the version might still be of some interest.

The slides of my recent talk about trusted computing at the CIS in Stanford are now available online.

One of the features offered by TC is that it transforms trust in entities into trust in components (see here on pp. 644-645 for an explanation). In such an approach, it becomes of utmost importance how these entities (which I will call "trust anchors" in the following, but you could also call them "ultimate Roots of Trust") are designed. In an overview paper by TCG, one can read (on pp. 45-46) the following:"Anybody may assume authority to certify. The objective of certification is to provide credible reference for accreditation, hence customers of certified products determine which organizations are credible. TCG feels credibility may be found among many organizations from ranging from product manufacturers / vendors, product consumers and consultants. The product owner ultimately decides which certifier best contributes to assurance and risk management calculations."

One of the criticisms raised against trusted computing is that it solves some potential problems of the future without doing the homework first that precedes these problems. Trusted computing, these critics argue, provides an elaborate mechanism for remote attestation, but it does not provide well-functioning mechanisms for local attestation. Therefore, with trusted computing, I am able to determine the state of a remote platform in a trustworthy manner, but I am unable to do the same for my own local platform.This argument may be a little bit extreme, as some functionalities of trusted computing could be used for local attestation. As an Intel paper on LaGrande Technology points out (on pp. 7-8), there are at least three ways to perform a local attestation:

Some readers may remember that we used to have a big comment spam problem at CIS blogs (see here and, more generally, here). Now that this problem has been fixed by a workable solution for several months, we are increasingly getting a new kind of spam: trackback spamming. As long as no workable solution to trackback spamming is installed on the server on which the CIS blogs are running, the trackback functionality will remain turned off. Sorry about that.