[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/server/staging you-the-problem-tpm2-solves....
From: |
Dora Scilipoti |
Subject: |
www/server/staging you-the-problem-tpm2-solves.... |
Date: |
Sun, 9 Oct 2022 05:21:53 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: Dora Scilipoti <dora> 22/10/09 05:21:53
Added files:
server/staging : you-the-problem-tpm2-solves.html
Log message:
Article by Chao-Kuei Hung (RT #1876123).
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/server/staging/you-the-problem-tpm2-solves.html?cvsroot=www&rev=1.1
Patches:
Index: you-the-problem-tpm2-solves.html
===================================================================
RCS file: you-the-problem-tpm2-solves.html
diff -N you-the-problem-tpm2-solves.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ you-the-problem-tpm2-solves.html 9 Oct 2022 09:21:51 -0000 1.1
@@ -0,0 +1,256 @@
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.97 -->
+<!-- This page is derived from /server/standards/boilerplate.html -->
+<title>You, the Problem TPM2 Solves
+- GNU Project - Free Software Foundation</title>
+<!--#include virtual="/server/gnun/initial-translations-list.html" -->
+<!--#include virtual="/server/banner.html" -->
+<div class="article reduced-width">
+<h2>You, the Problem TPM2 Solves</h2>
+
+<address class="byline">by Chao-Kuei Hung<a
+id="hung-rev" href="#hung"><sup>[*]</sup></a></address>
+
+<h3>1. Trust: to Give or to Earn?</h3>
+
+<p>Microsoft wants you to believe that you can give trust to TPM2 for
+better security. TPM2 is made a mandatory prerequisite, not an option
+for Windows 11. That does not square with how we understand
+“trust” to work. In truth, TPM2 is not about enhancing
+the security of the users. It is about solving the problem of the
+untrustworthy computer users in areas such as
+<a href="https://drm.info/what-is-drm.en.html">Digital Restrictions
+Management</a>, <a href="https://news.ycombinator.com/item?id=25336063">
+game anti-cheating</a>, and
+<a
href="https://www.forbes.com/sites/seanlawson/2020/04/24/are-schools-forcing-students-to-install-spyware-that-invades-their-privacy-as-a-result-of-the-coronavirus-lockdown/">exam
proctoring</a>.
+All these applications have failed so far because users have total
+control over their physical properties, the computers. That control
+allows them to run DRM-stripping software on video/audio/
+<a href="https://github.com/nedlir/OfficerBreaker">text</a> files,
+plugins to cheat in games, and video intercepting software to cheat in
+the exam, among many possibilities.</p>
+
+<p>To discipline the users against their possible ill wills, such
+software has to do way more than minding their own businesses. They
+have to take the highest level of operating system privilege and
+prevent users from switching to other applications or even running, in
+the background, any potentially cheating-aiding software such as
+audio/video recorder. That's why these classes of software all behave
+exactly like rootkit malware. Microsoft has long been consistent in its
+<a href="https://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html">
+complicit approval</a> of Sony's rootkit and its insistence on content
+protection since <a
href="https://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html">
+the miserable failure that was Vista</a>. With the help of TPM2 and the
+assurance of mathematics, however, Microsoft can finally enforce it.
+You have to earn their trust by letting TPM2 remotely attest to
+Microsoft and other software vendors about who you really are, and
+“swear” in cryptographic terms that you are not running
+anything against their software.</p>
+
+<h3>2. The biometrics of CPUs</h3>
+
+<p><a
href="https://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html">
+Fingerprints are usernames, not passwords</a>. They facilitate
+surveillance from governments or corporations over individuals way
+better than they help individuals protect secrets and privacy. For
+example, it is encryption passwords (and the underlying mathematics),
+not fingerprints, that can protect the secrets of a temporarily
+unconscious or even a deceased person. In general biometrics are
+suitable for surveillance and not suitable for computer security
+because of their uniqueness, the difficulty for the owner to forge, and
+the difficulty for the owner to refuse to reveal. (Think of the
+<a
href="https://apnews.com/article/china-technology-beijing-business-international-news-bf75dd1c26c947b7826d270a16e2658a">
+gait analysis technology</a> so well developed in China.)</p>
+
+<p>The public portions of the endorsement key (EK), Attestation
+Identity Key (AIK), and other keys in a TPM2 chip have properties
+similar to the biometrics of a person. It is unique just like the
+serial number of the engine in a car, and the manufacturers keep track
+of all those numbers in their products. With a physically carved
+serial number, it is easy for the user to share with his friends in a
+fake report in case the remote corporate lords demand the knowledge or
+the photo of that number. In the TPM2 situation, however, knowledge
+of the public keys alone is not sufficient to carry out the
+attestations. Cryptographic properties ensure that it is impossible
+for the user to attest without the physical presence of the CPU since
+the private part of those keys are sealed tight in the chip, protected
+even (mainly) against the computer owner. This renders the old trick
+of sharing Netflix password, for example, invalid.</p>
+
+<p>For security experts or computer owners who disapprove of rootkit
+malware taking control of their computers, virtual machines are
+indispensable. TPM2 will render VM technologies useless in
+<a href="https://thomwiggers.nl/post/proctorio/">their fight</a>
+against those classes of rootkit malware coming from the corporations.
+The identity under which most VM's attest to the remote lords will
+necessarily be different from any manufacturer-certified identities and
+they will most likely be crippled or even outright banned by the Windows
+OS.</p>
+
+<h3>3. The train of prison</h3>
+
+<p>Suppose an engineer has to design a luxurious prison made of a train.
+It is not enough to ensure that each railcar is locked. One also has to
+ensure that there is no exit in each gangway between adjacent railcars.
+A DRM-enforcing computer is a luxurious prison made of a train. TPM2 is
+the locomotive and provides the root of trust, followed by the UEFI
+firmware, followed by the operating system, possibly followed by one or
+more levels of virtual machines, and finally followed by the DRM
+application. In addition, there may be several intervening railcars
+which represent the various trustworthy device drivers and/or services
+started by the host and each level of guest operating system.</p>
+
+<p>If the user somehow inserts a virtual machine or service of her own
+design somewhere along the way, she may then escape from the prison even
+if all the other railcars are trustworthy. The platform configuration
+registers PCR in a TPM2 chip are designed in such a curious way as to
+allow only resetting and extending values but not storing arbitrary
+values. That's a cryptographic way of ensuring the gangways are sealed
+tightly.</p>
+
+<h3>4. Closing in the Dragnet</h3>
+
+<p>If the dragnet is big enough, few fish swimming inside it will feel
+restricted. If there are several holes on the dragnet, fish may be
+persuaded that what surrounds them is not a dragnet. If the holes grow
+smaller slowly enough, hardly any fish will care about it. When the
+main exit of the dragnet is taken care of, the small holes can be sealed
+and all fish can finally be trusted to behave inside the dragnet. The
+following is a list of things likely to happen as TPM2 becomes pervasive.
+The less controversial measures and those affecting only a small
+population are more likely to happen earlier.</p>
+
+<ul>
+<li>Free firmware such as libreboot is not trusted.</li>
+<li>VM hypervisors are trusted only if their emulated TPM2 bear certain
+public keys.</li>
+<li>Only the Microsoft version, possibly plus a small number of major
+distributions, of the GNU/Linux operating system are trusted.</li>
+<li>Applications are trusted only if they come from the Windows
+Store.</li>
+<li>Applications are de-listed from the Windows Store if they are found
+to circumvent DRM, etc.</li>
+<li>Software protecting user privacy and freedom against Microsoft
+telemetry and control are de-listed from the Windows Store.</li>
+<li>Software competing with Microsoft products are de-listed from the
+Windows store.</li>
+<li><a href="https://web2.qatar.cmu.edu/cs/15349/dl/DRM-TC.pdf"> Ever
+fewer</a> windows configuration settings remain modifiable if the
+system is to remain trusted. Container technology might slightly
+mitigate the problem.</li>
+</ul>
+
+<p>Meanwhile, applications in such areas as DRM, game-anticheating,
+exam proctoring, and chat message revocation will be among the first to
+enforce remote attestation. For it is relatively easy for the corporate
+lords to persuade the population to give up their control of their own
+physical properties in exchange for the delusion of
+“fairness” (among the peasants) in these application
+areas.</p>
+
+<p>In each of the above, Microsoft may leave alone the older versions
+of the mentioned software/firmware so as to minimize commotion and
+resistance. Time will take care of the small group of old-school
+die-hard population. Eventually Microsoft and its corporate partners
+will have total remote control over computers of the entire population,
+who will finally earn the lords' trust.</p>
+
+<p class="center">* * * * *</p>
+
+<p>To escape from this dragnet, one can wean oneself from unnecessary
+cloud computing software starting today. Gabriel Sieben
+<a
href="https://gabrielsieben.tech/2022/07/29/remote-assertion-is-coming-back-how-much-freedom-will-it-take/">
+summarizes the situation</a> very well:</p>
+
+<blockquote>
+<p>Old copy protection systems tried to control what your PC could do,
+and were always defeated. Remote attestation by itself permits your PC
+to do almost anything you want, but ensures your PC can't talk to any
+services requiring attestation if they don't like what your PC is doing
+or not doing.</p>
+</blockquote>
+
+<p>Richard M. Stallman's warning about
+<a href="/philosophy/who-does-that-server-really-serve.html">Service as
+a Software Substitute</a> 10 years ago is refreshingly worth heeding
+again today. For communicating with friends and colleagues,
+<a href="https://opensource.com/article/20/5/free-software-communication">
+use a completely decentralized protocol or community-run service</a>.
+There are, however, some cloud services (e.g. games) that many people
+find hard to resist. It is therefore important to bring awareness and
+discussion of this issue to a wider population if we believe that
+physical property right should never be stolen by the
+“intellectual property right” propaganda.</p>
+
+<div class="infobox extra" role="complementary">
+<hr />
+<p><a id="hung" href="#hung-rev">[*]</a>Chao-Kuei Hung is a professor at
+the Chaoyang University of Technology and a member of the Software
+Liberty Association, Taiwan.</p>
+</div>
+
+</div><!-- for class="article reduced-width" -->
+</div><!-- for id="content", starts in the include above -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer" role="contentinfo">
+<div class="unprintable">
+
+<p>Please send general FSF & GNU inquiries to
+<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF. Broken links and other corrections or suggestions can be sent
+to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:web-translators@gnu.org">
+ <web-translators@gnu.org></a>.</p>
+
+ <p>For information on coordinating and contributing translations of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and contributing translations
+of this article.</p>
+</div>
+
+<!-- Regarding copyright, in general, standalone pages (as opposed to
+ files generated as part of manuals) on the GNU web server should
+ be under CC BY-ND 4.0. Please do NOT change or remove this
+ without talking with the webmasters or licensing team first.
+ Please make sure the copyright date is consistent with the
+ document. For web pages, it is ok to list just the latest year the
+ document was modified, or published.
+
+ If you wish to list earlier years, that is ok too.
+ Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
+ years, as long as each year in the range is in fact a copyrightable
+ year, i.e., a year in which the document was published (including
+ being publicly visible on the web or in a revision control system).
+
+ There is more detail about copyright years in the GNU Maintainers
+ Information document, www.gnu.org/prep/maintain. -->
+
+<p>Copyright © 2022 Chao-Kuei Hung</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
+Commons Attribution-NoDerivatives 4.0 International License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2022/10/09 09:21:51 $
+<!-- timestamp end -->
+</p>
+</div>
+</div><!-- for class="inner", starts in the banner include -->
+</body>
+</html>
- www/server/staging you-the-problem-tpm2-solves....,
Dora Scilipoti <=