[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Arnold Reinhold on MS-Palladium



http://cryptome.org/palladium-mit.htm

---------------------------- CUT -----------------------------

[...]

I went. It was a good talk. The room was jam packed. Brian is very 
forthright and sincere. After he finished speaking, Richard Stallman 
gave an uninvited rebuttal speech,  saying Palladium was very 
dangerous and ought to be banned.  His concerns are legitimate, but 
the net effect, I think, was to make the Q&A session that followed 
less hostile.  

Palladium sets up a separate trusted virtual computer inside the PC 
processor, with its own OS, called Nexus, and it own applications, 
called agents. The trusted computer communicates with a security co-
processor on the mother board,  and has a secure channel to your 
keyboard and mouse and to a selected window on your CRT screen.  

How to prevent the secure channel to the on-screen window from being 
spoofed is still an open problem. Brian suggested a secure mode LED 
that lights when that window has focus or having the secure window 
display a mother's-maden-name type code word that you only tell 
Nexus.  Of course this doesn't matter for DRM since *your* trusting 
the window is not the issue.  

All disk and network I/O is done thru the untrusted Windows OS on the 
theory that the trusted machine will encrypt anything it wants to 
keep private. Windows even takes care of Nexus scheduling.  

A major design goal is that all existing software must run without 
change. Users are not required to boot Palladium at all, and are to 
be able to boot it long after Windows has booted.  

[...]  

There is also a change to the PC memory management to support a 
trusted bit for memory segments. Programs not in trusted mode can't 
access trusted memory. Also there will be three additional x86 
instructions (in microcode) to support secure boot of the trusted 
kernel and present a SHA1 hash of the kernel code in a read only 
register.  There may be a hole somewhere, but Microsoft is trying 
hard to get it right and Brian seemed quite competent.  

[...]  

The real question from Microsoft's stand point is will the 
entertainment industry be satisfied with Palladium's level of 
security and release content that can play on Palladium equipped PCs? 
DVDs aren't Hollywood's main problem.  Movies are becoming available 
online long before the DVD is released.  Hollywood probably wants 
something that monitors ALL content for watermarks. Palladium as 
presented doesn't do this.  But again it is a platform. Once it 
exists, a later version of Windows might require it to be up and 
would then verify all content displayed.  If Hollywood doesn't 
convince Microsoft to do this, Sen. Hollings will be more than glad 
to introduce the necessary legislation. To paraphrase Stallman's 
rant, in the Palladium context Alice and Bob are corporations and 
Mallory is the PC owner.  


---------------------------- CUT -----------------------------



-- 
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de