[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/server/staging you-the-problem-tpm2-solves....
From: |
Dora Scilipoti |
Subject: |
www/server/staging you-the-problem-tpm2-solves.... |
Date: |
Mon, 10 Oct 2022 16:31:32 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: Dora Scilipoti <dora> 22/10/10 16:31:32
Removed files:
server/staging : you-the-problem-tpm2-solves.html
Log message:
Remove unused file.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/server/staging/you-the-problem-tpm2-solves.html?cvsroot=www&r1=1.2&r2=0
Patches:
Index: you-the-problem-tpm2-solves.html
===================================================================
RCS file: you-the-problem-tpm2-solves.html
diff -N you-the-problem-tpm2-solves.html
--- you-the-problem-tpm2-solves.html 9 Oct 2022 09:48:20 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,256 +0,0 @@
-<!--#include virtual="/server/header.html" -->
-<!-- Parent-Version: 1.97 -->
-<!-- This page is derived from /server/standards/boilerplate.html -->
-<title>You, the Problem TPM2 Solves
-- GNU Project - Free Software Foundation</title>
-<!--#include virtual="/server/gnun/initial-translations-list.html" -->
-<!--#include virtual="/server/banner.html" -->
-<div class="article reduced-width">
-<h2>You, the Problem TPM2 Solves</h2>
-
-<address class="byline">by Chao-Kuei Hung <a
-id="hung-rev" href="#hung"><sup>[*]</sup></a></address>
-
-<h3>1. Trust: to Give or to Earn?</h3>
-
-<p>Microsoft wants you to believe that you can give trust to TPM2 for
-better security. TPM2 is made a mandatory prerequisite, not an option
-for Windows 11. That does not square with how we understand
-“trust” to work. In truth, TPM2 is not about enhancing
-the security of the users. It is about solving the problem of the
-untrustworthy computer users in areas such as
-<a href="https://drm.info/what-is-drm.en.html">Digital Restrictions
-Management</a>, <a href="https://news.ycombinator.com/item?id=25336063">
-game anti-cheating</a>, and
-<a
href="https://www.forbes.com/sites/seanlawson/2020/04/24/are-schools-forcing-students-to-install-spyware-that-invades-their-privacy-as-a-result-of-the-coronavirus-lockdown/">exam
proctoring</a>.
-All these applications have failed so far because users have total
-control over their physical properties, the computers. That control
-allows them to run DRM‑stripping software on
-video/audio/<a href="https://github.com/nedlir/OfficerBreaker">text</a>
-files, plugins to cheat in games, and video intercepting software to
-cheat in the exam, among many possibilities.</p>
-
-<p>To discipline the users against their possible ill wills, such
-software has to do way more than minding their own businesses. They
-have to take the highest level of operating system privilege and
-prevent users from switching to other applications or even running, in
-the background, any potentially cheating-aiding software such as
-audio/video recorder. That's why these classes of software all behave
-exactly like rootkit malware. Microsoft has long been consistent in its
-<a href="https://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html">
-complicit approval</a> of Sony's rootkit and its insistence on content
-protection since <a
href="https://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html">
-the miserable failure that was Vista</a>. With the help of TPM2 and the
-assurance of mathematics, however, Microsoft can finally enforce it.
-You have to earn their trust by letting TPM2 remotely attest to
-Microsoft and other software vendors about who you really are, and
-“swear” in cryptographic terms that you are not running
-anything against their software.</p>
-
-<h3>2. The biometrics of CPUs</h3>
-
-<p><a
href="https://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html">
-Fingerprints are usernames, not passwords</a>. They facilitate
-surveillance from governments or corporations over individuals way
-better than they help individuals protect secrets and privacy. For
-example, it is encryption passwords (and the underlying mathematics),
-not fingerprints, that can protect the secrets of a temporarily
-unconscious or even a deceased person. In general biometrics are
-suitable for surveillance and not suitable for computer security
-because of their uniqueness, the difficulty for the owner to forge, and
-the difficulty for the owner to refuse to reveal. (Think of the
-<a
href="https://apnews.com/article/china-technology-beijing-business-international-news-bf75dd1c26c947b7826d270a16e2658a">
-gait analysis technology</a> so well developed in China.)</p>
-
-<p>The public portions of the endorsement key (EK), Attestation
-Identity Key (AIK), and other keys in a TPM2 chip have properties
-similar to the biometrics of a person. It is unique just like the
-serial number of the engine in a car, and the manufacturers keep track
-of all those numbers in their products. With a physically carved
-serial number, it is easy for the user to share with his friends in a
-fake report in case the remote corporate lords demand the knowledge or
-the photo of that number. In the TPM2 situation, however, knowledge
-of the public keys alone is not sufficient to carry out the
-attestations. Cryptographic properties ensure that it is impossible
-for the user to attest without the physical presence of the CPU since
-the private part of those keys are sealed tight in the chip, protected
-even (mainly) against the computer owner. This renders the old trick
-of sharing Netflix password, for example, invalid.</p>
-
-<p>For security experts or computer owners who disapprove of rootkit
-malware taking control of their computers, virtual machines are
-indispensable. TPM2 will render VM technologies useless in
-<a href="https://thomwiggers.nl/post/proctorio/">their fight</a>
-against those classes of rootkit malware coming from the corporations.
-The identity under which most VM's attest to the remote lords will
-necessarily be different from any manufacturer-certified identities and
-they will most likely be crippled or even outright banned by the Windows
-OS.</p>
-
-<h3>3. The train of prison</h3>
-
-<p>Suppose an engineer has to design a luxurious prison made of a train.
-It is not enough to ensure that each railcar is locked. One also has to
-ensure that there is no exit in each gangway between adjacent railcars.
-A DRM-enforcing computer is a luxurious prison made of a train. TPM2 is
-the locomotive and provides the root of trust, followed by the UEFI
-firmware, followed by the operating system, possibly followed by one or
-more levels of virtual machines, and finally followed by the DRM
-application. In addition, there may be several intervening railcars
-which represent the various trustworthy device drivers and/or services
-started by the host and each level of guest operating system.</p>
-
-<p>If the user somehow inserts a virtual machine or service of her own
-design somewhere along the way, she may then escape from the prison even
-if all the other railcars are trustworthy. The platform configuration
-registers PCR in a TPM2 chip are designed in such a curious way as to
-allow only resetting and extending values but not storing arbitrary
-values. That's a cryptographic way of ensuring the gangways are sealed
-tightly.</p>
-
-<h3>4. Closing in the Dragnet</h3>
-
-<p>If the dragnet is big enough, few fish swimming inside it will feel
-restricted. If there are several holes on the dragnet, fish may be
-persuaded that what surrounds them is not a dragnet. If the holes grow
-smaller slowly enough, hardly any fish will care about it. When the
-main exit of the dragnet is taken care of, the small holes can be sealed
-and all fish can finally be trusted to behave inside the dragnet. The
-following is a list of things likely to happen as TPM2 becomes pervasive.
-The less controversial measures and those affecting only a small
-population are more likely to happen earlier.</p>
-
-<ul>
-<li>Free firmware such as libreboot is not trusted.</li>
-<li>VM hypervisors are trusted only if their emulated TPM2 bear certain
-public keys.</li>
-<li>Only the Microsoft version, possibly plus a small number of major
-distributions, of the GNU/Linux operating system are trusted.</li>
-<li>Applications are trusted only if they come from the Windows
-Store.</li>
-<li>Applications are de-listed from the Windows Store if they are found
-to circumvent DRM, etc.</li>
-<li>Software protecting user privacy and freedom against Microsoft
-telemetry and control are de-listed from the Windows Store.</li>
-<li>Software competing with Microsoft products are de-listed from the
-Windows store.</li>
-<li><a href="https://web2.qatar.cmu.edu/cs/15349/dl/DRM-TC.pdf"> Ever
-fewer</a> windows configuration settings remain modifiable if the
-system is to remain trusted. Container technology might slightly
-mitigate the problem.</li>
-</ul>
-
-<p>Meanwhile, applications in such areas as DRM, game-anticheating,
-exam proctoring, and chat message revocation will be among the first to
-enforce remote attestation. For it is relatively easy for the corporate
-lords to persuade the population to give up their control of their own
-physical properties in exchange for the delusion of
-“fairness” (among the peasants) in these application
-areas.</p>
-
-<p>In each of the above, Microsoft may leave alone the older versions
-of the mentioned software/firmware so as to minimize commotion and
-resistance. Time will take care of the small group of old-school
-die-hard population. Eventually Microsoft and its corporate partners
-will have total remote control over computers of the entire population,
-who will finally earn the lords' trust.</p>
-
-<p class="center">* * * * *</p>
-
-<p>To escape from this dragnet, one can wean oneself from unnecessary
-cloud computing software starting today. Gabriel Sieben
-<a
href="https://gabrielsieben.tech/2022/07/29/remote-assertion-is-coming-back-how-much-freedom-will-it-take/">
-summarizes the situation</a> very well:</p>
-
-<blockquote>
-<p>Old copy protection systems tried to control what your PC could do,
-and were always defeated. Remote attestation by itself permits your PC
-to do almost anything you want, but ensures your PC can't talk to any
-services requiring attestation if they don't like what your PC is doing
-or not doing.</p>
-</blockquote>
-
-<p>Richard M. Stallman's warning about
-<a href="/philosophy/who-does-that-server-really-serve.html">Service as
-a Software Substitute</a> 10 years ago is refreshingly worth heeding
-again today. For communicating with friends and colleagues,
-<a href="https://opensource.com/article/20/5/free-software-communication">
-use a completely decentralized protocol or community-run service</a>.
-There are, however, some cloud services (e.g. games) that many people
-find hard to resist. It is therefore important to bring awareness and
-discussion of this issue to a wider population if we believe that
-physical property right should never be stolen by the
-“intellectual property right” propaganda.</p>
-
-<div class="infobox extra" role="complementary">
-<hr />
-<p><a id="hung" href="#hung-rev">[*]</a> Chao-Kuei Hung is a professor at
-the Chaoyang University of Technology and a member of the Software
-Liberty Association, Taiwan.</p>
-</div>
-
-</div><!-- for class="article reduced-width" -->
-</div><!-- for id="content", starts in the include above -->
-<!--#include virtual="/server/footer.html" -->
-<div id="footer" role="contentinfo">
-<div class="unprintable">
-
-<p>Please send general FSF & GNU inquiries to
-<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
-There are also <a href="/contact/">other ways to contact</a>
-the FSF. Broken links and other corrections or suggestions can be sent
-to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
-
-<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
- replace it with the translation of these two:
-
- We work hard and do our best to provide accurate, good quality
- translations. However, we are not exempt from imperfection.
- Please send your comments and general suggestions in this regard
- to <a href="mailto:web-translators@gnu.org">
- <web-translators@gnu.org></a>.</p>
-
- <p>For information on coordinating and contributing translations of
- our web pages, see <a
- href="/server/standards/README.translations.html">Translations
- README</a>. -->
-Please see the <a
-href="/server/standards/README.translations.html">Translations
-README</a> for information on coordinating and contributing translations
-of this article.</p>
-</div>
-
-<!-- Regarding copyright, in general, standalone pages (as opposed to
- files generated as part of manuals) on the GNU web server should
- be under CC BY-ND 4.0. Please do NOT change or remove this
- without talking with the webmasters or licensing team first.
- Please make sure the copyright date is consistent with the
- document. For web pages, it is ok to list just the latest year the
- document was modified, or published.
-
- If you wish to list earlier years, that is ok too.
- Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
- years, as long as each year in the range is in fact a copyrightable
- year, i.e., a year in which the document was published (including
- being publicly visible on the web or in a revision control system).
-
- There is more detail about copyright years in the GNU Maintainers
- Information document, www.gnu.org/prep/maintain. -->
-
-<p>Copyright © 2022 Chao-Kuei Hung</p>
-
-<p>This page is licensed under a <a rel="license"
-href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
-Commons Attribution-NoDerivatives 4.0 International License</a>.</p>
-
-<!--#include virtual="/server/bottom-notes.html" -->
-
-<p class="unprintable">Updated:
-<!-- timestamp start -->
-$Date: 2022/10/09 09:48:20 $
-<!-- timestamp end -->
-</p>
-</div>
-</div><!-- for class="inner", starts in the banner include -->
-</body>
-</html>