Just found out my HP laptop has TPM

[soccerballtux]

This one to be exact. I was looking around in my program files and found a folder for Infineon. I don't have any software from them installed...apparently the driver for this is part of the Broadcom networking driver.

I wonder how long it will be until we can't connect to the internet, or can't open *.doc/*.xdoc files with OOo if we don't have one of these [activated, running Windows software]?

RMS article on NGSCB here.

 

[WackyDan]

Originally posted by: soccerballtux
This one to be exact. I was looking around in my program files and found a folder for Infineon. I don't have any software from them installed...apparently the driver for this is part of the Broadcom networking driver.

I wonder how long it will be until we can't connect to the internet, or can't open *.doc/*.xdoc files with OOo if we don't have one of these [activated, running Windows software]?

RMS article on NGSCB here.

Just about every Business laptop and desktop has a TPM today.

The arguement about the illicit purpose of the TPM is highly overrated.

I personally have been involved with TPM use since 99, when IBM first shipped one on a ThinkPad. The TPM is meant to allow a higher rate of trusted authentication per system. If you look at what some vendors like Utimaco are doing... They are using the TPM (command line install only), to do hardware binding, and securing of encryption keys.

Microsoft's Bit Locker is going to be optional.

So while you have a TPM on your system, and a driver installed for it, it is not active unless you specifically install a software package that takes advantage of it. So the driver is in affect, a null driver without supporting applications.

An alternative is to enter your bios and disable the chip. IBM's allow this, as should HP/Dell, etc.

More questions?

 

[soccerballtux]

Hm, what about useage in emails? Your boss could inform you of extortion your company is involved in, but since the email your boss sent you can only be read by company employees, cannot be printed, and your PC is physically locked down, you wouldn't be able to prove to a reporter what is going on.

Or, if used in MS Word documents, this would lock out programs like OpenOffice from reading other .doc files. I'm not asking you to prove a universal negative, but what reason is there to think MS _won't_ use the TCB to do this under the name of "security"?

 

[WackyDan]

Originally posted by: soccerballtux
Hm, what about useage in emails? Your boss could inform you of extortion your company is involved in, but since the email your boss sent you can only be read by company employees, cannot be printed, and your PC is physically locked down, you wouldn't be able to prove to a reporter what is going on.

Or, if used in MS Word documents, this would lock out programs like OpenOffice from reading other .doc files. I'm not asking you to prove a universal negative, but what reason is there to think MS _won't_ use the TCB to do this under the name of "security"?

I can send an email restricted from forwarding or printing from within Outlook or Lotus Notes NOW without the use of TPM.... It doesn't stop me from doing a screen capture however. 🙂 Your first statement though drives at the heart of what TPM in the corporate environment is for - Security.

There is no way that a TPM can restrict a word doc or any other file type with the exception of using the TPM to generate and store keys for data encryption. Again, without the TPM, today I can send you a software encrypted word doc that couldn't be read by open office or MS Word for that matter.

Microsoft does not control TPM development though they are a sitting member of the Trusted Computing Group which ratifies everything to do with chip function and design. MS can not force the default use of TPM by individuals or companies.

A user has to manually decide to implement the chip just like any corporate enterprise does. Microsoft can not by default utilize the chip whether the driver is installed or not.
Remember, the chip has to be enabled, has to have the driver, has to have a software component to be utilized. - that software component installed by or turned on by the end user or it administrator.

The benefits of the chip are numerous and growing, the paranoid aspect people try to pin on it are hogwash. That said, I can respect the checks and balances issue you are essentially bringing up.

We use it for encryption, and to further secure authentication both at login and to secure our digital certificates. We are one company that can honestly say that if one of our laptops is stolen, there is practically no way that data will be recovered, and that the TPM enables a greater confidence in that statement vs using software alone to do it.

 

[WackyDan]

Furthermore, as an individual user - ie; consumer, you wouldn't really have a valid reason for having it enabled to begin with.

 

[soccerballtux]

Exactly. Administrator, the implementer of TPM, being what the tech guys implement at work: what the CEO tells them. The TPM would be used for encyption so that _only_ that list of computers could open said document or email. Even with the right password to begin the access to the email/file, you wouldn't be able to decrypt it without the TPM inside that computer. When you can't print or provide any hard form of evidence as to the contents of that document, it becomes impossible to inform someone else of the documents contents in a verifiable way. With the encrypted emails and .doc files now, with the right password you can read the document. But in the future when Office/Windows utilizes the TPM, you can't access the document on another computer, even if you have the correct key. Then the company could install a remotely controlled pack of thermite on the TPM chip and a company can keep anyone they want from discovering the contests of some documents. Even if the court orders it, the data would not be recoverable. How is this a good thing at all? It only stands as a good thing to those who could benefit from it.....wouldn't the Enron execs have loved this? The only thing it is doing is taking power away from the lower class and giving it to those already in power.

I understand how this could help in cases where a laptop with millions of peoples' most personal data is stolen, but there are ways to deal with that that do not give up our chance to catch a company in the act of shafting all the employees and their 401k's. Choose a 16 character random password with upper and lower case letters, numerals, and other characters and it becomes uncrackable. There's simply no need for the NGSCB.

Does anyone else want to comment, throw in what they think? I'm wondering if anyone else shares Dan's opinion.

 

[WackyDan]

Originally posted by: soccerballtux
Exactly. Administrator, the implementer of TPM, being what the tech guys implement at work: what the CEO tells them. The TPM would be used for encyption so that _only_ that list of computers could open said document or email. Even with the right password to begin the access to the email/file, you wouldn't be able to decrypt it without the TPM inside that computer. When you can't print or provide any hard form of evidence as to the contents of that document, it becomes impossible to inform someone else of the documents contents in a verifiable way. With the encrypted emails and .doc files now, with the right password you can read the document. But in the future when Office/Windows utilizes the TPM, you can't access the document on another computer, even if you have the correct key. Then the company could install a remotely controlled pack of thermite on the TPM chip and a company can keep anyone they want from discovering the contests of some documents. Even if the court orders it, the data would not be recoverable. How is this a good thing at all? It only stands as a good thing to those who could benefit from it.....wouldn't the Enron execs have loved this? The only thing it is doing is taking power away from the lower class and giving it to those already in power.

I understand how this could help in cases where a laptop with millions of peoples' most personal data is stolen, but there are ways to deal with that that do not give up our chance to catch a company in the act of shafting all the employees and their 401k's. Choose a 16 character random password with upper and lower case letters, numerals, and other characters and it becomes uncrackable. There's simply no need for the NGSCB.

Does anyone else want to comment, throw in what they think? I'm wondering if anyone else shares Dan's opinion.

Well then you are bit on the crazy side of things aren't you?

A company's assets are their's to control, not the end user. With or without TPM I can keep people out of a file, or off a system, the TPM makes it even more difficult to crack, and allows a level of security that software alone can't provide.

When it comes to conspiracy theories, I tend not to subscibe, as very few of you ever can debate any rational aspect of what you are claiming.

Again, I've worked with this technology since it's arrival, but nothing I can say here to you or anyone like you will change your way of thinking. Every conspiracy nut making these off the wall claims about TPM's has never, NEVER actually used them, or probably worked in an actual IT environment.

You've actually wasted a bit of my time actually. Conversation over.

 

[soccerballtux]

Originally posted by: WackyDan
Well then you are bit on the crazy side of things aren't you?

Lol, right, if you say so.

A company's assets are their's to control, not the end user. With or without TPM I can keep people out of a file, or off a system, the TPM makes it even more difficult to crack, and allows a level of security that software alone can't provide.

When it comes to conspiracy theories, I tend not to subscibe, as very few of you ever can debate any rational aspect of what you are claiming.

You don't seem like someone very capable of rational reasoning. Perhaps its time to end this conversation. You're blindly proclaiming the benefits of NGSCB, but haven't shown they can provide anything of value(besides more power and money for those who control it [like yourself]) that a software solution can't. I've presented a very real case in which the TPM is used to cover up and destroy evidence of corporate exploit. It has happened in the past, and those at fault were caught. What you are proposing would ensure the same would take place, but would never come to light, let alone be retributed. What you are proposing is lunacy.

Again, I've worked with this technology since it's arrival, but nothing I can say here to you or anyone like you will change your way of thinking. Every conspiracy nut making these off the wall claims about TPM's has never, NEVER actually used them, or probably worked in an actual IT environment.

You've actually wasted a bit of my time actually. Conversation over.

No, no no. You don't honestly expect to make ludicrous ad hominems and walk away unscathed do you? You seem to be rather frustrated. Lets get over the emotional inhibitions you're giving ear to, and instead look at this in an objective light. Since you've worked on this technology since its conception, perhaps you could shed some light for all of us on why this technology is needed, and how it can provide security that an effective software solution can't.

There now. I've asked you to do something twice, very nicely both times, now its your turn. This is how people converse, and it is how things get discussed fairly. If you're so intent on breaking the rules, thats fine, but don't expect anyone to take you seriously.

Honestly, does it have to be this difficult? After all this I'm wondering, "even if what he says is correct, and TPM is good, do I really want a technology created by someone with such social inhibitions?" If you can't work through a conversation following manners and etiquette and answer someone's question, what reason do I have to think you can follow the rules of eloquent coding and make a beautiful program? Or follow the universal rules of humanity and not make a tool of destruction?

I'm sincerely interested in what this technology can provide that will benefit humanity. No doubt security is good. But I can secure my own data in layers of software encryption on disc in such a way that even the existence of the encrypted data cannot be known. Why would I need anything more? Why should I trust my employer with anything more? I shouldn't, don't, can't, and won't.

 

[JackBurton]

Originally posted by: soccerballtux

Originally posted by: WackyDan
Well then you are bit on the crazy side of things aren't you?

Lol, right, if you say so.

A company's assets are their's to control, not the end user. With or without TPM I can keep people out of a file, or off a system, the TPM makes it even more difficult to crack, and allows a level of security that software alone can't provide.

When it comes to conspiracy theories, I tend not to subscibe, as very few of you ever can debate any rational aspect of what you are claiming.

You don't seem like someone very capable of rational reasoning. Perhaps its time to end this conversation. You're blindly proclaiming the benefits of NGSCB, but haven't shown they can provide anything of value(besides more power and money for those who control it [like yourself]) that a software solution can't. I've presented a very real case in which the TPM is used to cover up and destroy evidence of corporate exploit. It has happened in the past, and those at fault were caught. What you are proposing would ensure the same would take place, but would never come to light, let alone be retributed. What you are proposing is lunacy.

Again, I've worked with this technology since it's arrival, but nothing I can say here to you or anyone like you will change your way of thinking. Every conspiracy nut making these off the wall claims about TPM's has never, NEVER actually used them, or probably worked in an actual IT environment.

You've actually wasted a bit of my time actually. Conversation over.

No, no no. You don't honestly expect to make ludicrous ad hominems and walk away unscathed do you? You seem to be rather frustrated. Lets get over the emotional inhibitions you're giving ear to, and instead look at this in an objective light. Since you've worked on this technology since its conception, perhaps you could shed some light for all of us on why this technology is needed, and how it can provide security that an effective software solution can't.

There now. I've asked you to do something twice, very nicely both times, now its your turn. This is how people converse, and it is how things get discussed fairly. If you're so intent on breaking the rules, thats fine, but don't expect anyone to take you seriously.

Honestly, does it have to be this difficult? After all this I'm wondering, "even if what he says is correct, and TPM is good, do I really want a technology created by someone with such social inhibitions?" If you can't work through a conversation following manners and etiquette and answer someone's question, what reason do I have to think you can follow the rules of eloquent coding and make a beautiful program? Or follow the universal rules of humanity and not make a tool of destruction?

I'm sincerely interested in what this technology can provide that will benefit humanity. No doubt security is good. But I can secure my own data in layers of software encryption on disc in such a way that even the existence of the encrypted data cannot be known. Why would I need anything more? Why should I trust my employer with anything more? I shouldn't, don't, can't, and won't.

Jesus Christ, give it a rest. TPM is just another additional piece of security. CEOs with VERY sensitive data would like a secure and easy to use solution. TMP gives you that extra level of security without jumping through hoops. EVERY bit of data stored on a company's asset is THEIR property. You don't like it? Start a business of your own and do whatever you'd like with it. Enough with this conspiracy theory crap.

 

[ForumMaster]

run mac os x on it? it does require the TPM chip unless you crack it.