# TCPA brouhaha/hype/flames/kneejerk reactions

## latexer

Ok, since this has been blowing up everywhere, including hate mail to me from someone, slashdot articles whatever, I want to post a small little clarification here about what we (we meaning a few gentoo people interested in these things, not some black robe wearing occult, not some german conspiracy, not someone looking to steal your computer away from you) have in mind when we say we want to work on TSG/TCPA stuff. This is by no means "official", it's just my reaction to this big mess that has started based on one GWN blurb.

Some of use have thinkpads with TPM chips in them. These chips have things like RNGs, hardware storage of keys for PKI, etc. See here for more details on the exact chip.

No, we don't want to lock people out. No we are not working on helping microsoft tailor "Palladium" (the *software* aspect of things that MS intends to use.) to helping control your computer.

I want to do things like have my RNG actually get used. Use the PKI stuff to sign files, do SSH authentication, whatever. This is not the end of the world. Please don't freak out just because some buzzword strikes. Thanks.

----------

## Lepaca Kliffoth

Several people have already tried to make the "unbelievers" see the light, but they just won't listen. No matter how many times anyone tell them that tcpa and palladium are different things, they won't listen and keep saying things like "I'm glad I've got other distributions lying on my desk". I suggest you devs just go on with your work since we are obviously appreciating it. I have a strong feeling that the protesters are just an ill-informed minority and as linux users they'll go and read what tcpa actually is, soon or later.

----------

## vonhelmet

It's buzzword bingo, that's the trouble. It doesn't matter what you're actually doing, if people hear the buzzword they'll freak out.

----------

## Codo

 *latexer wrote:*   

> I want to do things like have my RNG actually get used. Use the PKI stuff to sign files, do SSH authentication, whatever. This is not the end of the world. Please don't freak out just because some buzzword strikes. Thanks.

 One of the first things I want see on this is a Gentoo enabled trusted grid computing environment.  mwahahahaha!!!   :Twisted Evil:   :Twisted Evil:   :Twisted Evil: 

----------

## Gentist

Perhaps it would be a good idea to provide some actual documentation for those who just listen to rumors?

EDIT: Also, if they really are planning to lock down the system in the future, don't you think they'd be getting a lot of 'boards/computers back with a note saying that it doesn't work properly? Doing something like that would effectively kick them off the market.

----------

## Codo

 *Gentist wrote:*   

> Perhaps it would be a good idea to provide some actual documentation for those who just listen to rumors?

 

I don't think the fact that media companies and media providers want to lock down their files/data at a hardware level are just rumours, and things like this will enable things like that in the future...  I'm not saying your computer won't work, by the way...

----------

## Gentist

No, but people still tend to exaggerate when they only get a portion of the facts. I'm just saying that providing some actual docs on the matter might clear some things up.

I haven't had the time to read up on this properly, but... Is it even possible to lock your system down with this chip without the appropriate software support? As long as that is a requirement, OSS users won't really be affected by it unless you actively make it happen to your own system.

----------

## truekaiser

software or not i do not like it. just keep put it in it's own kernel source, maybe tcpa/ngscb/Palladium-dev-sources and out of the normal clean kernels and i'll be happy. stick it in anything else or force it on people who do not want it and i'll leave.

----------

## petlab

I figure that it will become a reality some day that computers will become more secure than they are today....

 :Razz:  doh!

If not EvilCorp, others would have had these sorts of ideas about tougher security h/w & s/w.  If not for the bad color of Parade-ium, some of us opposed to the TCG stuff would be excited about it instead.

Most of those opposed are rightly so, about the EvilCorp/M$ which could take liberties / freedom from the users.

I read in one Slashdot comment that we should ~"lead them" instead of join them.  If those opposed to the TCG stuff would help actively steer it the right way, then users would get the benefits but not the losses.

I really hate the idea of Parade-ium myself, and I STRONGLY SUGGEST that "Owner Override" become the newest buzzword.  I am going to get a tshirt with it!  (Read at EFF.ORG about Owner Override.)

So, what I think is that us open-source loving, free as in freedom loving, not-so-M$ minded people get involved!

----------

## spb

 *truekaiser wrote:*   

> software or not i do not like it. just keep put it in it's own kernel source, maybe tcpa/ngscb/Palladium-dev-sources and out of the normal clean kernels and i'll be happy. stick it in anything else or force it on people who do not want it and i'll leave.

 If you don't want it, don't use it. Simple. If you're going to assume that we're evil for giving people who do want it the chance to use it and go to another distro, then fine. Good bye.

----------

## ChojinDSL

I dont see why everyone is freaking out. Its entirely optional isnt it?

On top of that, if its not opensource, doesnt the gpl or something protect us from "having" to use it? 

Also, if it is opensource, then whats the problem. Look at the source code, if it does something you dont like, pluck it out and make it behave.

Isnt that what opensource is all about? You dont like what a program does, Change it!

----------

## truekaiser

 *spb wrote:*   

>  *truekaiser wrote:*   software or not i do not like it. just keep put it in it's own kernel source, maybe tcpa/ngscb/Palladium-dev-sources and out of the normal clean kernels and i'll be happy. stick it in anything else or force it on people who do not want it and i'll leave. If you don't want it, don't use it. Simple. If you're going to assume that we're evil for giving people who do want it the chance to use it and go to another distro, then fine. Good bye.

 

i will leave if you force it by applying it to all sources, i won't if i can keep it far away from my computers.

i oppose it on principle, yes technology is just a tool but not all tools have both good and bad uses. this like guns only have bad uses.

----------

## petlab

 *ChojinDSL wrote:*   

> I dont see why everyone is freaking out. Its entirely optional isnt it?
> 
> On top of that, if its not opensource, doesnt the gpl or something protect us from "having" to use it? 

 

People who read at againsttcpa.com first, may get the idea that it won't be optional.  If you read at that site, you will get a chilly big-brother-bill type of feeling..  It is easy for many of us to doubt  EvilCorp's motives.  After that, any mention of TCPA or Parade-ium may make a person cringe.

I am not SO worried about evil TCPA stuff anymore.  Just read about how the latest bumbling bill  software DRM wares helped launch virii..  You can find the story at:

http://www.eweek.com/article2/0,1759,1749993,00.asp

The so-called security of Parade-ium (clowns included) is not very credible anymore, in light of these shows of blatant stupidity.

----------

## predatorfreak

I'm don't really worry about TCPA, Paladuim or DRM anymore. None of them really spark my interest.......... /me goes and hunts down a nice looking asm kernel to reverse enginer

----------

## vonhelmet

 *truekaiser wrote:*   

>  *spb wrote:*    *truekaiser wrote:*   software or not i do not like it. just keep put it in it's own kernel source, maybe tcpa/ngscb/Palladium-dev-sources and out of the normal clean kernels and i'll be happy. stick it in anything else or force it on people who do not want it and i'll leave. If you don't want it, don't use it. Simple. If you're going to assume that we're evil for giving people who do want it the chance to use it and go to another distro, then fine. Good bye. 
> 
> i will leave if you force it by applying it to all sources, i won't if i can keep it far away from my computers.
> 
> i oppose it on principle, yes technology is just a tool but not all tools have both good and bad uses. this like guns only have bad uses.

 

Oh for pity's sake, I'm opposed to gun ownership, but even I will concede that a gun can be used for good.

No one is forcing this on anyone.

This is vastly different to Palladium.

Like I said, buzzword bingo. Doesn't matter what you say, it's the magic word that matters.

----------

## Carlo

 *petlab wrote:*   

> I dont see why everyone is freaking out. Its entirely optional isnt it?

 

Once the majority of customers has such a built-in dongle, you won't be able e.g. to use iTunes etc. without it, because the companies won't trust you anymore and make money with everyone, who complies to there rules, but not with those, who trusted in the word optional...

----------

## petlab

 *Carlo wrote:*   

> Once the majority of customers has such a built-in dongle, you won't be able e.g. to use iTunes etc. without it, because the companies won't trust you anymore and make money with everyone, who complies to there rules, but not with those, who trusted in the word optional...

 

Sure, but that is why I emphasize that we should get involved, so that that doesn't happen, or so there are alternatives.  I wouldn't buy a new gadget that forced me to use that type of service.  Not many people would.

That's why we need to get involved, so that if that sort of thing happens, we will have the alternative available.

If we develop a "competing" or "alternate" architecture that has "Owner Override" then people can vote with their money.

----------

## Omega_Supreme_NL

 *Carlo wrote:*   

>  *petlab wrote:*   I dont see why everyone is freaking out. Its entirely optional isnt it? 
> 
> Once the majority of customers has such a built-in dongle, you won't be able e.g. to use iTunes etc. without it, because the companies won't trust you anymore and make money with everyone, who complies to there rules, but not with those, who trusted in the word optional...

 

Actually the solution here would be not to use iTunes, but something like Rhythmbox or whatever you like. That's the beauty of F/OSS someone will want and program a player that you can install and use to play unprotected media. Just as someone will make a program that creates unprotected media.

As for copy control, we (the dutch) just joined the US and Germany as a country where it's illegal to circumvent digital copyprotection measures and distribute tools to circumvent such. (New: keyboards without 'shift' keys)

So, a computer that has no drm what so ever (and remember:TC not equal DRM) you're still not legally allowed to copy any CD's if Copy protection were to become common place) The solution to this problem won't be crying wolf everytime someone mentions a buzzword, the only solution would be a consumer boycot of such protected MEDIA. You can buy players that play this protected media, just make sure it plays unprotected media as well. Then don't buy the protected media but buy the unprotected media in number. Capitalism will do it's job, they'll follow the money!

In the mean time this plan isn't about protecting other peoples rights, it's about protecting your privacy and the security of your computer against others.

Saying this is a bad thing is the same as saying that adding password protection to a system that doesn't have it is a bad thing. Well it's a big bad world out there, and security can never be good enough. I applaud this innitiative, go for it. 

And if all computers come with the necesary chips, Microsoft will try to use it for vendor lock in, that's about the only thing I trust them to do.

Guess what, I will be using Gentoo and using this same piece of harware to provide me with security. I will use F/OSS software that plays my media without DRM.  If that means not buying new media, so be it. I have a large collection of legaly obtained music that will last me a lifetime as long as I keep the originals safe and play the ripped files.

Right here, Right now I can thing of a good qoute that applies: The only thing we have to fear is fear itself. If the F/OSS is to afraid to come with the security functions that this hardware can give, the community will get left behind by other more secure offerings, possibly including the feared DRM monster.

----------

## truekaiser

ok this is for those of you who do not bother to actualy check the specifications that is publicly available.

https://www.trustedcomputinggroup.org/downloads/TCG_PCSpecificSpecification_v1_1.pdf

page 8 shows how this is set up in a pyrimad format. the top most has the most control, the bottom has the least. this is the hardware part.

page 15 shows what this chip does pre post(power on self test), long before the os has control and it already can and will deny you the ability to boot your machine if  it doesn't trust the hardware. even after that it might(depending on the manufacturer) require a BIS certificate just to boot.

page 16 goes on about what must, might, and cannot me mesured.

stuff that has to be mesured:

the cpu microcode

platform configuration includeing any kind of disable flags(which are used to disable hardware)

stuff depending on the manufaturer that might be mesured

BIS certificate

the bios rom

escd, cmos, and nvram data

smbios

and passwords(don't know why this is in here it already is a far more strict system then a simple password..)

after this it goes on about what and how things can be mesured.

page 18 starts to talk about how it will moniter the system during the POST prosess.

page 20 talks about pre-boot, post-boot, os control, and first mentions the hidden hard drive partition needed to store the data.

page 21 talks about the maintenance of the computer and how this system should handle it. it also states here that you will not be able to do anything that the manufactuerer doesn't want you to do at least as far as flashing the bios(imho this looks like the death knell for the linux bios project or what ever it is called.)

page 23 talks about certificates and how it will pertain to plug and play.

page 24 describes how it can control and prevent booting into a os.

page 25 boot loging.

page 26 talks a little bit more about how the hidden partition is used and starts to talk about how this system will moniter and control acpi. first mention of linux also.

page 32 acpi event loging.

page 38 hardware to software tcg interface for pre-boot.

and then from there it starts to talk about the software side. aplication level interface etc.

what it does in hardware alone makes to not even want this.

----------

## spb

 *truekaiser wrote:*   

> what it does in hardware alone makes to not even want this.

 Well don't use it then. Just don't start bitching because some people do want it.

----------

## truekaiser

 *spb wrote:*   

>  *truekaiser wrote:*   what it does in hardware alone makes to not even want this. Well don't use it then. Just don't start bitching because some people do want it.

 

i won't and i hope a good number of people don't so it doesn't become 'required' i posted my last post to show that these 'wild speculations' are real and can be seen from thier own documentaion of the product.

honestly though no one has awnsered my one question. who will be paying to get these certificates needed to boot if they are deemed by the oem's as required? they wouldn't give them out for free it would defeat the whole system they set up more or less.

----------

## Carlo

 *petlab wrote:*   

> If we develop a "competing" or "alternate" architecture that has "Owner Override" then people can vote with their money.

 

There's no "alternate" architecture. The necessary keys to identify and authenticate the relevant piece of hardware are built-in. You can't change them.

 *Omega_Supreme_NL wrote:*   

> remember:TC not equal DRM

 

There wasn't any hardware to implement DRM. With TCPA there is. So you say TCPA is not DRM...  :Laughing:  The legal points aside - you can do some nice things with it, but it will be used to control the user. In the long run your only "choice" will be, not to take part in whatever was possible to do before without it, if you don't agree to authenticate.

 *Omega_Supreme_NL wrote:*   

> In the mean time this plan isn't about protecting other peoples rights, it's about protecting your privacy and the security of your computer against others.

 

Yes. But while this is nice, you help to make TCPA a success, even though you could reach the same with a simple smart card.

 *Omega_Supreme_NL wrote:*   

> 
> 
> Guess what, I will be using Gentoo and using this same piece of harware to provide me with security. I will use F/OSS software that plays my media without DRM. If that means not buying new media, so be it. I have a large collection of legaly obtained music that will last me a lifetime as long as I keep the originals safe and play the ripped files.

 

Shortsighted, imho. You decide for your kids, too.

----------

## Codo

 *spb wrote:*   

>  *truekaiser wrote:*   what it does in hardware alone makes to not even want this. Well don't use it then. Just don't start bitching because some people do want it.

 

Hi spb.  Cool down man.   :Cool: 

I must say I feel on both sides of the fence when we talk about this.  I think there is a need to create an environment of trusted peers, specially over the net, and this sort of technology is one of the ways of doing it (though I expect as well some people forging chips bla, bla, bla).

I must admit as well that the choice of not using it, in an environment where this sort of technology will be  (or maybe not... I can't see the future yet) increasingly used to lock down things like data files, access to networks, content, media, etc.etc.etc. gives you no other option than making that choice.  The option to not use it will be to isolate yourself (or myself) to these things.  It will be a sort of "you are either with us, or without us".  Why do I have to be forced to make such a choice?  So I'm happy eating banana, and then they tell me -You must choose between orange and potato...  -Do you have bananas? -No.  Orange or potatoes. -?!

It is fair, I think, for some people to be concerned and want to talk about it.  And it is definitely a topic to discuss more in detail, as opposed to think about it just like another piece of hardware.  And please I am talking about it's impact concerning content and data, not binaries installed in your machine.

----------

## truekaiser

 *Carlo wrote:*   

> 
> 
>  *Omega_Supreme_NL wrote:*   
> 
> Guess what, I will be using Gentoo and using this same piece of harware to provide me with security. I will use F/OSS software that plays my media without DRM. If that means not buying new media, so be it. I have a large collection of legaly obtained music that will last me a lifetime as long as I keep the originals safe and play the ripped files. 
> ...

 

that and if this becomes standerd you will only be able to do the following.

1. you will only be able to play that music a set number of times before you have to re-buy it.

2. your computer will most likely refuse to even rip the files at the very least.

----------

## Omega_Supreme_NL

@Carlo & truekaisar

I'm sure the media companies are going to try this. My point is, their succes is not going to depend on this hardware. With or without it they'll bring DRM, only with it it will be more secure for them as well.

What will make or brake the case of DRM on media files, is if we the consumers will buy it. If we don't buy it, they will have to come around. The stockholders wil demand profit, and that wont come if there's a boycot.

Your time would be better spent on convincing people not to buy copyprotected cd's and drm inhibitted downloads. I for one already refuse to buy this. And yes I'd  make decissions for my kids if I had them. I wouldn't allow them to buy this drm crap if they wanted to.

Right now copy controlled ?cd's? are becoming more common., there's still plenty of non copyprotected music to go around. There's bound to be music available to your liking that's not encumbered, buy this! If everybody does, this will be the hit record of the future, and if they would turn to DRM because of this, we can send an even stronger message by completely abandoning them.

Also if you want a recording that's copycontrolled, don't just not buy it, also email the record company, that you're spending your money elsewhere and your reason. Flood them with emails like this and keep to your priciples on this.

Don't just write of a technology because it can be used for "Big Bad", use it for the good it can do and fight the bad in a direct more appropiate way.

Also I won't be buying any hardware that doesn't allow me the option to run without TC. If one soundcard requires a trusted environment for operations and the other has it as an option or not at all. I will go for optional first and none second and mandatory not at all.Last edited by Omega_Supreme_NL on Sat Feb 05, 2005 9:25 am; edited 1 time in total

----------

## truekaiser

 *Quote:*   

> Your time would be better spent on convincing people not to buy copyprotected cd's and drm inhibitted downloads. I for one already refuse to buy this. And yes I'd make decissions for my kids if I had them. I wouldn't allow them to buy this drm crap if they wanted to

 

actually it isn't. if i ignore this and go after just the drm they get the base they need to make drm nearly unbeatable, not to mention the other stuff this can enable. i will always refuse to buy this stuff and speak out like this when ever i encounter people blindly accepting it or thinking just because they will use it with some gpl program that it won't cause any harm. just by using it period you show your support for what the people who push this junk want to do.

----------

## Gentist

I'm extremely paranoid when it comes to security, but as long as I have complete control over my computer (being able to disable this chip, or control it fully), I won't complain about it. Besides, as I said before: If they start locking users in they will face hell and a huge economical loss as people return the hardware and mark it broken.

Also, if they "control" your computer without having you sign anything, I'm pretty sure you can find quite a few things to sue them for.

----------

## truekaiser

 *Gentist wrote:*   

> I'm extremely paranoid when it comes to security, but as long as I have complete control over my computer (being able to disable this chip, or control it fully), I won't complain about it. Besides, as I said before: If they start locking users in they will face hell and a huge economical loss as people return the hardware and mark it broken.
> 
> Also, if they "control" your computer without having you sign anything, I'm pretty sure you can find quite a few things to sue them for.

 

shirnk wrap eula's

by opening this product you here by agree to all terms and conditions of this product.

that pretty much covers their rear end for anything that happens.

----------

## Gentist

I never saw an agreement when buying my laptop, and it came with Windows preinstalled (or with a "ghost image"). I never had to accept any kind of agreement. I never saw the EULA. If they placed it somewhere where I wouldn't easily notice it, I think it's pretty easy to claim it invalid.

Although Windows doesn't really have anything to do with this (this is the Gentoo forums, after all). I was referring to the hardware. I've never seen any kind of usage agreement for the hardware I've bought.

Also, an agreement can't save their ass if you don't accept it.

----------

## truekaiser

 *Gentist wrote:*   

> I never saw an agreement when buying my laptop, and it came with Windows preinstalled (or with a "ghost image"). I never had to accept any kind of agreement. I never saw the EULA. If they placed it somewhere where I wouldn't easily notice it, I think it's pretty easy to claim it invalid.
> 
> Although Windows doesn't really have anything to do with this (this is the Gentoo forums, after all). I was referring to the hardware. I've never seen any kind of usage agreement for the hardware I've bought.
> 
> Also, an agreement can't save their ass if you don't accept it.

 

did you check in the paperwork that came with the laptop(thats if you bought it new if you bought it used then yea you wouldn't get a eula) it usealy goes along the lines of just by either opening the package or turning on the laptop you agree to the terms and conditions. my inspiron had that and the on scrren eula for windows which i clicked no to.

you are right though if you don't accept it and you don't use it after not accepting it you are completly safe otherwise they can argue that continued use even after saying no will mean you do agree.

----------

## Carlo

truekaiser: Almost all of these EULAs are pretty much void in Europe.

----------

## Gentist

 *Carlo wrote:*   

> truekaiser: Almost all of these EULAs are pretty much void in Europe.

 

Yeah, I was about to state that... If it came with the papers, I never looked at them, because I would never need them. IIRC, If something isn't stated clearly, I can just claim I never saw it, and it would be void.

It's not much of an agreement if one of the parties aren't aware of it.

----------

## truekaiser

 *Carlo wrote:*   

> truekaiser: Almost all of these EULAs are pretty much void in Europe.

 

thats fine for europe but how many here do not live their and live in the united states where they are perfectly legal binding contracts?

----------

## Carlo

He, you've got to fight for your rights. The (anglo-)american legislation is (still) quite different compared to the (continental) EU one. The big problem is the aggressive politics of the USA trying to force everyone to adopt their idea of selling even common goods and the most basic ideas, if you're wicked enough to claim ownership, in conjunction with their economical power, based on the dollar as key currency. So unfortunately everyone else has to fight, too.

----------

## Gentist

 *truekaiser wrote:*   

>  *Carlo wrote:*   truekaiser: Almost all of these EULAs are pretty much void in Europe. 
> 
> thats fine for europe but how many here do not live their and live in the united states where they are perfectly legal binding contracts?

 

I don't see the problem... If you are legally forced to comply with it when buying it and you don't like it, then don't buy it. Sure, it might be a pain in the ass, but they're not forcing you to buy their products.

If you don't like the law, then do something to change it, or move to another country.

----------

## Dominique_71

First, I don't like at some piece of hardware will supervise all the operations (hardware and software) in my machine, and that without at I can have any control on it. When it is in the data sheet (page 9)  *Quote:*   

> The Manufacturer MUST control the update, modification, and maintenance of the BIOS Boot
> 
> Block component, while either the Manufacturer or a 3rd party supplier may update, modify, or maintain the POST BIOS component. If there are multiple execution points for the BIOS Boot Block, they must all be within the CRTM.

 and *Quote:*   

> 
> 
> The Manufacturer MUST control the update, modification, and maintenance of the entire BIOS

 

I don't even read further, bacause I know at I have no control at all on what this thing will do. So, I will never buy it.

It is the same thing with platform as Itunes, when I read at the vendor will have the right at, unilateraly and at any time, to change my rights on the product it is selling, I just don't buy.

I am not a mosachist that want to give away its rights !

They have write "MUST" and not "must". It is clear to me at the manufacturer will do every thing it means to be able to "MUST". It is two kind of programmation, a software programmation as the whole gnu-linux project, and a hardware programmation, as the one in every digital chip in the world. Both can do exactly the same, it is just to program it, or write it in the silicium. With this "MUST" upgrade the bios and a chip that control every thing, we "MUST" be clear at we will give away the first principe of free software if we are using it: liberty of choice!

Until now, DRM are just some piecec of software in the box, but with this technology, they will become a piece of hardware, exactly as it is allready in hightech TV-video sets. It have been allready raported many problems with thos sets, as legal DVD that was buy at a local store was just not playing, because they was not protected by a DRM, or because the DRM was not recognized as authorized.

Manufacturer can do that today with TV-dvd sets. Why not do that with every file and every functionnality in a computer? Just to say, it is at least 20 years ago when I was learning electronics at school at hightech TV sets was 100 digital from the output of the tuner to the input of the last video stage on the socket of the picture tubes. And it was allready realtime digital effect in it, as the menu or the teletext, luminance and chrominance control. In fact, they (the hightech ones) are more hightech as a pc.

And this crap is just a first move. Read this from Richard Stallman.

Hoppefully, I am not living in the US. I must say that because when I say all the shit its big army is doing all around the world (bombing civilian with RU munition, concentration camp as the one in Gantanamo), I cannot just trust you as country. I have some very good american friends and they don't like the politic of their country.

Now, all the big US manufacturer are doing big business with the US army and gouvernment. So, I can just not trust them either. What will be the next "MUST" upgrade? Answer can be "SECRET DEFENSE". So, I will just not buy it ! It is maybe allready some "SECRET DEFENSE" functionnality in some chips, and not only in those f. Treacherous Computing Chips. So, I will just not buy it.

Money is the best friend we can have in this war, and it is just to not buy it !

Some american music I like, and it is without drm: David Rovics.

----------

