FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
http://cryptome.org/palladium-mit.htm
[...]
I went. It was a good talk. The room was jam packed. Brian is very forthright and sincere. After he finished speaking, Richard Stallman gave an uninvited rebuttal speech, saying Palladium was very dangerous and ought to be banned. His concerns are legitimate, but the net effect, I think, was to make the Q&A session that followed less hostile.
Palladium sets up a separate trusted virtual computer inside the PC processor, with its own OS, called Nexus, and it own applications, called agents. The trusted computer communicates with a security co- processor on the mother board, and has a secure channel to your keyboard and mouse and to a selected window on your CRT screen.
How to prevent the secure channel to the on-screen window from being spoofed is still an open problem. Brian suggested a secure mode LED that lights when that window has focus or having the secure window display a mother's-maden-name type code word that you only tell Nexus. Of course this doesn't matter for DRM since *your* trusting the window is not the issue.
All disk and network I/O is done thru the untrusted Windows OS on the theory that the trusted machine will encrypt anything it wants to keep private. Windows even takes care of Nexus scheduling.
A major design goal is that all existing software must run without change. Users are not required to boot Palladium at all, and are to be able to boot it long after Windows has booted.
[...]
There is also a change to the PC memory management to support a trusted bit for memory segments. Programs not in trusted mode can't access trusted memory. Also there will be three additional x86 instructions (in microcode) to support secure boot of the trusted kernel and present a SHA1 hash of the kernel code in a read only register. There may be a hole somewhere, but Microsoft is trying hard to get it right and Brian seemed quite competent.
[...]
The real question from Microsoft's stand point is will the entertainment industry be satisfied with Palladium's level of security and release content that can play on Palladium equipped PCs? DVDs aren't Hollywood's main problem. Movies are becoming available online long before the DVD is released. Hollywood probably wants something that monitors ALL content for watermarks. Palladium as presented doesn't do this. But again it is a platform. Once it exists, a later version of Windows might require it to be up and would then verify all content displayed. If Hollywood doesn't convince Microsoft to do this, Sen. Hollings will be more than glad to introduce the necessary legislation. To paraphrase Stallman's rant, in the Palladium context Alice and Bob are corporations and Mallory is the PC owner.