TPM: Linux First OS to Fully Support TC

[Searching_ _ _]

TPM (Trusted Platform Module) and TC (Trusted Computing) is:

Quote:

At the core of the technology is the trusted platform module (TPM), which is a chip that, among other security-boosting features, generates and manages cryptographic keys, verifies the identity of the computer on a network and protects software and data from malicious changes.
...
TC technology provides security from the moment the power button is pressed. As the system boots and runs, the OpenTC platform continually monitors the computer for changes and ensures that only trusted, verified software is functioning.

Quote:

"openSUSE is now the first operating system to offer full TC support," Petautschnig notes. "Until now, TC had been implemented for specific applications, such as Microsoft's BitLocker hard drive encryption in Windows Vista and Windows 7 or the fingerprint reader on some HP laptops… With the OpenTC platform we are extending the TC environment to the full operating system and beyond," the project manager adds.

Quote:

Many new laptops and increasing numbers of desktop PCs and servers already have TPM chips as standard, while chipmakers such as Intel and AMD have started incorporating the technology directly into their latest generation of processors. However, most TPM chips are currently lying dormant, awaiting activation with the arrival of software that can make use of their enhanced security features.

Science Daily

Is there a way to check if a TPM is present on a given motherboard/processor?

[Dogbiscuit]

Quote:

Originally Posted by Searching_ _ _

Is there a way to check if a TPM is present on a given motherboard/processor?

On one of the newer MSI desktop motherboards that I've seen lately, it's an option. A 14-pin connector is included on the motherboard for a TPM module, but the module itself is ordered separately from MSI for $10 or $15.

There is also a BIOS setup submenu for Trusted Computing.

[Searching_ _ _]

Hehe, Wikipedia...

Quote:

* Since 2004, most major manufacturers have shipped systems that have included Trusted Platform Modules, with associated BIOS support. In accordance with the TCG specifications, the user must enable the Trusted Platform Module before it can be used.
* The Linux kernel has included trusted computing support since version 2.6.13, and there are several projects to implement trusted computing for Linux. In January 2005, members of Gentoo Linux's "crypto herd" announced their intention of providing support for TC—in particular support for the Trusted Platform Module. There is also a TCG-compliant software stack for Linux named TrouSerS, released under an open source license.
* Some limited form of trusted computing can be implemented on current versions of Microsoft Windows with third party software.
* The Intel Classmate PC (a competitor to the One Laptop Per Child) includes a Trusted Platform Module
* Intel's Core 2 Duo processors.
* AMD's Athlon 64 processors using the AM2 socket.
* IBM/Lenovo ThinkPads.
* Dell OptiPlex GX620.

The dark side of TPM:

Quote:

software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor.

Quote:

Because a Trusted Computing equipped computer is able to uniquely attest to its own identity, it will be possible for vendors and others who possess the ability to use the attestation feature to zero in on the identity of the user of TC-enabled software with a high degree of certainty.

http://en.wikipedia.org/wiki/Trusted_Computing

[chronomatic]

TPM is a double-edged sword. On the one hand it does definitely increase security in numerous ways. On the other, it allows vendors to lock you in and disable your PC if they so desire (for example if they catch you pirating software, they can shut you down). It will definitely kill freedom in software. And there is no doubt Microsoft had this vendor lock-in in mind when they designed their own TPM-like mechanism known as Palladium.

Richard Stallman wrote a good essay on why TPM could be the ultimate evil in regards to computer user's freedoms. Bruce Schneier is also very critical of TPM as he outlines in this article. When either of these two guys speak, it is wise to listen.

P.S. It comes as no surprise to me that OpenSUSE was the first Linux distro to offer full support since they are in bed with Microsoft. Although I do know that other distros have been working on TPM -- Gentoo comes to mind.