Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
ot BCaSE Amen! We've all been through this many times before.. however we have NEVER been closer to redemption than we are right now... ever IMHO.
Kindest Regards,
C2
allman the golden egg "stronger PC security that is easy to administer and use, by IT staff and end-users alike."
Kindest Regards,
Cricket
Allman sorry called away to a meeting... this is all I have to offer at the moment sorry...
wxp whitepapers:
"Users residing at the same household have security and privacy concerns as well, and it is necessary to be able to create profiles that control access, security, and privacy. For example, a parent may want to create a profile for their children, where an allowance is granted, with allowable content rating guidelines (G, PG, PG-13) attached."
From wxp white papers:
"An ideal privacy solution is flexible, protects data according to a rule system, is self managing, allows for private relationships between one or more parties, and is convenient and transparent to the parties involved."
Anonymous authentication! TvTonic handles this! I have time to edit this post so I'll look for the info I was thinking of... a moment please
OT misc. Thanks Allman. Barge great PIC (looks like a gentleman who cares about kids)! Larry D thanks for the response I do not have private reply's. Wildman thank for the article earlier. howard_b_golden thanks for the response too...
P.S.
Allman if your assertion that there is more to wave then utilities wouldn't wxp alone verify that? Not that anyone would every watch adult entertainment or place bets if you lived in a State where that is legal and NOT want anyone else to know who you were unless you specifically endorsed it.
SKS used to say he wanted to make the internet experience as seamless and anonymous for the end-user as flipping channels on a remote... seems he has done EXACTLY that!
Kindest Regards,
Cricket
OT boombreaker a very gracious thank you to you! I'll try and not po too many longs here as I truly respect them so much... it has been a long long road and frankly it is easy for me to forget all the nuances involved and gorilla egos (not on this board I mean intc, msft et cetera). All too easy to over-look advances in the technology... I have to admit I'm pretty darn excited as we are starting to see a real ramp up across all markets for "trusted" anonymously authenticated data packets... so very very cool... just glad I lived to "see" it overcome inertia.. lol... WOW has it been a trip!
Kindest Regards,
Cricket
Hi Doma/allman/barge/awk - been a long time and need some help here...
We are going to get a lot of new eyes on this stock going forward so I need to bone up here a little more..
Allman said Trust Assurance Network and you say Trusted Computer Group SERVICES COMPANY.
Seems the real distiction here is between the Trust Assurance Network and what it takes to have one i.e. device attestation and revocation checking:
"Through issuing credentials to the trusted platform, an attestation server attests to a third party that a platform is trusted. Revocation checking ensures that the credentials remain valid. This is a critical service for IT as service providers, business-to-business exchanges and VPNs are able to rely upon authentic machine-based transactions versus a possible third party spoof."
**Isn't wave the only one to have demoed this?**
and Trusted Computer Group Services Company i.e.
"An emerging server capability is key escrow management. This is the ability to transport and securely store the TPM hardware keys and certificates to a server for escrow or disaster recovery purposes. Managing business users requires solutions that are policy-driven and that seamlessly integrate in the existing IT infrastructure. A key escrow manager provides IT administrators with the tools to service users in case of a system malfunction, or to upgrade a user to a new platform. Key escrow is a logical and uncomplicated method for a business to gain control of its TPM-secured intellectual property assets through back-up and restoration services. This type of service also extends the TPM platform for IT managers to potentially enable capabilities such as asset management, data sharing and distribution, remote authentication and audit."
**Isn't wave also the only one that can perform this patented and complicated process?**
Can we have services without the attested devices out there?
Can't we make oodles of money from EITHER of those aspects?
Wave Systems has absolutley nailed it! Barge is absolutely correct IMHO that they have been hitting home runs long before anyone else knew what the game was called.
awk/barge said "It's not about singular vertical segments (music, movies, e-commerce, DRM...), it's about the infrastructure of Trusted Computing enabling all vertical markets.
Interoperability of a secure infrastructure is what it's all about."
What makes a Trust Assurance Network and can we have any trusted services without one?
Anyone out there with a stab at how the pieces are going to be monetized and by whom and in what order lol?
That's what we're all here for... can't we all just get along
Peace,
Cricket
OT LD 24 people or 24 visits by one person? If I visit your chart does it spell something out for me or do I need to have some background in reading charts?
TIA
Cricket
allman - re: where it is all going
From the previous article:
"end users need to protect their digital content by effortlessly accessing secure applications. Members of the Trusted Computing Group are working to deliver these solutions for business and government customers, and eventually consumers."
IMHO your assessment is quite reasonable. However, I think there will be many different revenue generating models for wavx... truly the beauty of it all... hard to conceive that B2B wont pull so hard we finally hear that sucking sound that... that... hummmm what was that guys name... fardlebear... whoa.. Alzheimer’s setting in...
The best part is IMHO the pieces fall into place over the next 2 years... this is going to be a FUN FUN time again... and about darn time.... sheesh...
Regards,
Cricket
Tony / Kevin - GREAT JOB!
Regards,
Cricket
howard_b_golden all good questions. What are your thoughts on the following article?
The Security Challenge
Trusted Computing Initiative Provides Security Solutions for Servers, PCs and Hand-held Devices
By Brian Berger
http://www.cyberdefensemag.com/articles5.php
Trusted Computing Server Solutions
While we have discussed client-side data protection, a critical issue in any network is correctly verifying the identity of each authorized user. Vendors are beginning to explore the capabilities of the server or IT-managed capabilities to take advantage of the TPM on the clients. A service that is becoming very attractive to business users is called attestation. An attestation server provides the ability for any application to ensure that it is transacting with a trusted platform.
Through issuing credentials to the trusted platform, an attestation server attests to a third party that a platform is trusted. Revocation checking ensures that the credentials remain valid. This is a critical service for IT as service providers, business-to-business exchanges and VPNs are able to rely upon authentic machine-based transactions versus a possible third party spoof.
An emerging server capability is key escrow management. This is the ability to transport and securely store the TPM hardware keys and certificates to a server for escrow or disaster recovery purposes. Managing business users requires solutions that are policy-driven and that seamlessly integrate in the existing IT infrastructure. A key escrow manager provides IT administrators with the tools to service users in case of a system malfunction, or to upgrade a user to a new platform. Key escrow is a logical and uncomplicated method for a business to gain control of its TPM-secured intellectual property assets through back-up and restoration services. This type of service also extends the TPM platform for IT managers to potentially enable capabilities such as asset management, data sharing and distribution, remote authentication and audit.
Summary
Millions of TPM-enabled PCs have already shipped, mainly in the U.S., but increasingly all over the world. IT administrators need to be able to easily administer the unique security aspects of these machines, and end users need to protect their digital content by effortlessly accessing secure applications. Members of the Trusted Computing Group are working to deliver these solutions for business and government customers, and eventually consumers.
About the Author:
Brian Berger is a representative for the Trusted Computing Group. For more information about the Trusted Computing Group and secure computing, visit http://www.trustedcomputinggroup.org or http://www.wave.com
Regards,
Cricket
cool we're BACK !!!!!!!
eamonshute - they started in 2002.
Hi barge... duly noted ! What's REALLY cool to about this is that you NEED TvTonic for the tivo like functions..
"TVTonic also offers a subscription based, programming guide function that turns your PC (TV tuner required) into a personal video recorder and allows it stream Live TV or pre-recorded content to other networked PCs."
I like the "other" networked PC's as we most certainly would like to have our selected movies streamed upstairs to the bedroom.
I wonder if I can have the menu choices upstairs from the streamed content cached on my avx box downstairs that ... now THAT would be nuts... we may never get out of the house again... LOL... Seriously.. instead of speakers in every room I'd consider putting small LCD's so I could have dvd quality music videos in every room...
oh man... this is going to be FUN!
P.S.
the infomercials will be different wont they... instantly purchase what I want rather than call.. wait.. listen... blab awhile... whatever... everything has changed... everything!
Kindest Regards,
Cricket
Media Center PC Showcase
17 Brands to Choose From
Updated: March 12, 2004
Because of its special hardware feature requirements, Media Center PCs running Windows XP Media Center Edition 2004 are available only from Microsoft PC manufacturer partners. We've created this page to make it easy to compare Media Center PC brands and find the right fit for you. When you're ready to buy, you can order direct from a manufacturer or shop a variety of retailers. For more information about how this product works, read What Are Media Center PCs.
PC Manufacturers Product Image More Information
Visit the ABS Web site
Visit the CyberPower Web site
Visit the Dell Web site
Visit the Gateway Web site
Visit the HP Web site
Visit the Howard Computers Web site
Visit the iBUYPOWER Web site
Visit the Mind Computer Products Web site
Visit the Niveus Media Web site
Visit the Northgate Innovations Web site
Visit the Systemax Web site
Visit the Tagar Systems Web site
Visit the Toshiba Web site
Visit the Touch Systems Web site
Visit the ViewSonic Web site
Visit the ZT Group Web site
What kind of displays can I connect to a Windows XP Media Center PC?
The Windows XP Media Center PC can connect to a variety of displays:
Media Center PC + desktop monitor. With computing and entertainment functionality in one place, this set-up is ideal for places where space is at a premium, such as a studio apartment or dorm room.
Media Center PC + desktop monitor + TV. Use the desktop display for computing and the TV for entertainment.
Media Center PC + high-resolution display. A high-resolution display, such as a plasma or projection TV, provides sufficient resolution for desktop tasks, like reading e-mail or surfing the Internet, and offers a home theater-like experience for TV, home movies, and DVDs. When connected to a widescreen display, 16:9 support lets you toggle between normal, zoom, and stretch video modes.
What is content protection, and how is it used by Media Center?
Content owners and/or broadcasters can set copy protection flags to indicate that a program is subject to content protection.*** When Media Center detects that this flag is set, it will protect the content by limiting the ability to copy and distribute the program.
10 Ten Reasons to BUY:
Microsoft® Windows® XP Media Center Edition 2004 Top 10 Benefits
Do amazing things with the most fully featured version of Windows for a home PC
Windows XP Media Center Edition is the most fully featured version of Windows you can get for a home PC. Built on Windows XP Professional, it delivers the same power, reliability, networking capabilities, and security features you expect, plus tools that help you do amazing things with digital media. Create, manage, and enjoy your world of digital music and video using Windows Media® Player 9 Series. Download Windows Movie Maker 2 and use it to quickly and easily turn your digital video clips into professional-looking movies. Communicate with friends and family in real time using text, voice, or video with Windows Messenger.
Enjoy digital entertainment without the complexity of multiple devices
Windows XP Media Center Edition gives you easy access to more types of entertainment experiences through a single system, the Media Center PC. Media Center is built from the ground up to deliver the picture and sound quality you expect from a digital entertainment center. With support for adaptive de-interlacing and video scaling, Media Center delivers a smoother, sharper picture on high-resolution progressive scan displays. Support for 5.1 surround sound in Windows Media Player 9 Series puts you in the middle of breathtaking audio. Media Center also integrates your experiences across live and recorded TV (Personal Video Recording), movies and videos, music, pictures, and radio, so you get powerful performance combined with elegant simplicity.
Access more entertainment with less effort
Media Center keeps all your entertainment in one unified place, so you don't need to learn multiple controls and interfaces. Menus and commands are consistent across all digital media and easily navigable using a mouse and keyboard or remote control. Within one unified view, browse thumbnail images of your music, photos, and videos to easily find entertainment. While you browse your entertainment choices, the Now Playing window keeps your currently-playing media selection in view and within easy reach. Search helps you quickly find TV shows by category or keyword, or locate music tracks and albums by artist or genre.
Transform your living space into a home theatre
Connect your Media Center PC to a standard or widescreen TV or a high-resolution display, such as a plasma or projection TV, and enjoy your digital media in a dynamic home theater environment. The TV Setup Wizard and Display Calibration Wizard help you configure your TV signal, display type, and video playback quality, so you can enjoy the best possible quality experience for all your digital entertainment. Enhanced 16:9 support lets you toggle between normal, zoom and stretch video modes to optimize widescreen displays.
'Time shift' live TV and radio -and never miss a moment
Media Center puts you in full command of all your entertainment choices including even live TV and radio. Now, you can pause, rewind, and skip through live TV and radio as easily as videos or music - using many of the same controls. When interrupted, just press pause to freeze the broadcast. When you're ready to continue, you can play, rewind, and skip through content by using familiar buttons. Share a game-winning grand slam. Catch an announced song title. Or listen to a favorite radio program from the start. With live broadcasts in your control, you can even advance recorded TV frame by frame, skip back or ahead by 29 seconds at a time, or replay a priceless moment.
Your TV shows; your schedule
Stop scheduling your life around the broadcast times of your favorite shows. With the Media Center program Guide and Personal Video Recording (PVR), your favorite shows are on when you want, on your time. Find shows to watch and quickly set recordings by using the Guide, a grid-based view of up to 14 days of upcoming programming. Select category filters to display just the programming you want, such as sports, movies, news, music or kids. Or search by title, keyword or category to quickly find shows that match your interest. For even more convenience, let Media Center automatically record shows that interest you based on keyword or category, title, actor, or director.
Experience your digital memories with friends and family
Media Center is the perfect destination for viewing vivid, full-screen images of your digital memories. From anywhere in the room, navigate thumbnail images of photos stored in My Pictures. Or insert a digital imaging storage media, such as CompactFlash or Secure Digital Cards, to automatically launch a slideshow. Use the remote to flip through pictures individually or zoom in, pan, and print a photo. With Media Center, just a couple button clicks lets you launch a dynamic slideshow of your vacation or special event complete with animated transitions and your favorite soundtrack.
Work and play at the same time
Now, you can conveniently watch a baseball game, movie, or video while performing other tasks on your PC. Simply resize the Media Center window to view your program or movie while simultaneously working, emailing, or surfing the web. If you are interrupted while watching TV, just click to mute the volume and automatically display closed captions that stream along the bottom of the window.
Put your world of music at your fingertips
Windows XP Media Center Edition and Windows Media Player 9 Series help you build a digital music library or Media Library on your Media Center PC, making it incredibly easy to find the right music for any occasion within moments. Media Center lets you copy your CD to your digital jukebox at the press of a button on the mouse or remote - it'll even download album art and information for you. Specify the file format that best suits your needs and optimize for efficient storage or for the highest possible fidelity to your original CD source. With your music collection in one place, use the remote to sort and shuffle by album, artist, song, or genre. You can even select from one of 20 Auto Playlists that automatically update depending on your listening habits, or create your own playlist for relaxing after work or entertaining guests at a dinner party.
Get connected to a world of digital movies, music, and more - on demand
Now, with Media Center, the PC and remote control introduce you to brand new entertainment experiences. Media Center connects you with entertainment options available from leading on-line, on-demand content providers. Rent and watch digital on-demand movies. Find and download new music. Watch movie previews. Play games. Discover a world of entertainment content from the comfort of your favorite chair!
Note: To enjoy all the benefits of Windows XP Media Center Edition, Internet access is recommended; for some features, such as the Electronic Programming Guide, it is required.
© 2003 Microsoft Corporation. All rights reserved. Microsoft, Windows, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
barge did you try the demo.AWESOME! Now I can finally see why weets say's.. IT'S HERE! The new house will include an HDTV and this box thank you... for me it has become a must have... WAY TOO COOL... my clearchannle contact will be po'd I have a nicer system for this simply staggering convergence ability...
Kevin_s5 --- you in?
so now... truly.. the journey is only JUST beginning...
Kindest Regards,
Cricket
P.S.
http://www.niveusmedia.com/demo/mce2004/index.html#
barge - the box allows radio to be recorded too lol. Remember clear channle trying digital signals and trying to find a way to monetize it awhile back... man it has been A LONG TIME COMING but it is finally starting to fall into place..
Microsoft Media Center Edition 2004
Pause and rewind live TV and radio so you never miss a moment
Record an entire TV series or genre and watch shows on your schedule
Experience your digital photos, videos, and DVDs with friends and family
Put your world of music at your fingertips with an amazing jukebox
Get connected to a world of digital movies, music, and more - on demand
Kindest Regards,
Cricket
howard_b_golden Thank you. I have much better clarity on your thoughts regarding TPM's. It's a fair and honest question regarding timelines and frankly what makes this investment so exciting to me (especially now). Your feelings expressed here, "My belief is that they will probably be adopted", is the same as mine! While my hope is for the domino's to fall not only as Weby's illustration suggests (more likely in reference to OEM's inclusion of TPM's and the tech to manage them) but all devices to include a programmable easy to manage tpm...
I have to run but thank you for the response.
Regards,
Cricket
howard_b_golden re: wishful thinking? FINREAD doesn't meet your criteria of fitting the financial sector membership description or are you saying there are so many sectors i.e. health, entertainment, government pulling for tpm's that to pick just one isn't appropriate?
Once there is a demand.. then wouldn't it be foolish not to create the supply? Sensitive information needs to be protected. Part of that is attesting to it's authenticity which happens in two parts (hardware(tpm/software)- device attestation and software attestation).
"Several solutions aim at securing e-commerce transactions: electronic wallets, virtual card numbers, prepaid accounts, dedicated payment cards, direct billing by a third party, etc. However, none of these offer convenience, universality and security at the same time. To gain the consumer's support, those payment instruments must fulfill the same criteria as does money in the physical world. One way is to make it look and work like a payment method which has already become mass used, for purchases at face-to-face merchants. The banking payment smartcard is one.
Several partners belonging to the payment industry have joined their experience in bank card transactions to design a secure smart card reader. Their achievement takes the form of the first technical specifications (final versions to be downloaded here) for a smart card-reading device to be connected to the Internet through a personal computer.
Referred to as FINREAD, this EMV compliant chip card reader has wide ambitions: not only to secure payment transactions, but also to authenticate and protect the confidentiality and integrity of sensitive personal data transfers. E-government, access to social welfare systems (for health professionals) are a few examples among other applications.
P.S.
It seems you want to dissuade anyone from thinking tpm's are necessary. Is it true you feel they are superfluous to the need for trusted data flow or am I misinterpreting your stance?
Regards,
Cricket
OT Hello go-kitesurf! You've been on a roll today.. very enjoyable reading... thank you for that and for sharing!
Kindest Regards,
Cricket
Hello Zen 88. I keep hearing the the words of SKS uttered in cautious tones that the last thing in the world he wants to do is po msft. I completely paraphrase here naturally as I have never actually heard him speak live. However, msft has some rather grand drm plans of their own regarding Windows Media 9 with built in DRM:
microsoft has announced support for the following portable device companies:, Casio, Cirrus Logic, Creative, CVC Networks, Diamond, Digisette, DnC Tech, e.Digital, Hewlett Packard (Compaq), Hitachi, I-Jam, Iomega, Intel, MIPS Technologies , Nike, NTT DoCoMo, Olumpus, Panasonic, Sanyo, Sensory Science, Sigmatel, Sonic Blue, Sony,.Texas Instruments, and Thomson/RCA ,. Leading chip manufacturers have made Windows Media Format (with the Windows Media Audio codec and Windows Media Rights Manager) the most widely supported non-MP3 format.
Let msft create the market and give it life. BASF didn't create anything.. they simply made it better.
P.S.
How is all that sensitive data out there going to be protected i.e. pki (msft and intc think so). Who's going to manage the k's ? Without the TPM's and the device attestation process that is essential for them to be in fact trusted... the rest.. no matter how elegant.. falls apart or so it would seem…
Kindest Regards
Cricket
howard_b_golden Thank you for taking the time to respond to my questions. What folks feel is essential is going to be a matter of opinion until it becomes a dictate I suppose. "TPMs will help reduce the chance that the source can be compromised. That is what their value is. They make security stronger. They are helpful, but not essential IMO."
Differing opinions on whether attested software and attested hardware are essential to passing credentials around the (web, grid, other) are what makes this a healthy discussion board.
It is my feeling that the very efforts that brought both NGSCB and the TCG into existence will also make it essential to have your sensitive information protected beyond the level of simply having them stored on your hard drive.
However, that doesn't preclude Microsoft with it's lets get tougher on security stance from coming up short --- time will tell what the market feels is essential.
Regards,
Cricket
howard_b_golden I would respectfully offer this. "In order to realize this security model fully, hardware must also be nexus-aware, and processors must include the Secure Software Component (SSC), also known as the Trusted Platform Module (TPM). These hardware modules can perform cryptographic operations and store cryptographic keys. The Trusted Computing Group (TCG), in which Intel and Microsoft are major partners, has already generated and approved the standards for this module."
http://www.intel.com/cd/ids/developer/asmo-na/eng/97003.htm?page=4
Where are you proposing the cryptographic keys be stored?
Without a TPM how can they be passed from PC to PC in a trusted manner? How is the attestation being done so that PC2 knows that the iCard info from PC1 hasn't been altered? Isn't it absolutely essential that I be able to attest that both the information and the source are trusted?
Regards,
Cricket
OT Mig.. that's what IBM thought of DOS my friend..
peace
ot go-kitesurf excelent post - thank you!
have to run off to a meeting... damn this is getting addictive again lol..
Mig try this link.. seems MLB is a believer in the concept..
http://mlb.mlb.com/NASApp/mlb/mlb/subscriptions/index.jsp?partnerId=178x60_maytv_bos
P.S.
Click on the TRY IT NOW link
Regards,
Cricket
Vacation house - with "Rock solid stability - which provides the highest level of quality, reliability and compatibility."
You can see why things have taken time.. the gorllas are acutely aware they may not ever get a "do over" so it needs to be PERFECT.
As Awk says - things are good.. IMHO
Kindest Regards,
Cricket
OT barge despite the reduction in remuneration I shall consider myself paid in full! It may cost you one additional beverage later on down the road! Keep up the great work and thank you for what I need most in this life... humor and laughter.. can't pay you back for that other than to say Thank You!
Kindest Regards,
Cricket
Hi Awk interesting point. These iCards that:
1)Are virtual
2)Know who you are at any given time (continually updated)
3)Can be passed from PC to PC
It sure sounds like there must be all kinds of attestation going on here... on the user level and the hardware level..
These virtual iCards that are passed from PC to PC and know who I am at ANY given moment MUST NOT EVER BE PASSED IN THE CLEAR or msft and jqpublic would have some big problems...
honestly I never heard of iCards before (head buried in work) but from the blurb I just read it would seems to indicate you are right on the money!
Kindest Regards,
Cricket
OT Good Morning Barge. I had an early day Friday and away this weekend so I am just seeing this now.... I’d make this a private reply but I am not a premium member… I keep hearing the echo's of "wave has figured a few things out" -- when trusted services (web, grid, other) are in full swing it will seem as though it was always the way of things... no one will know what a slog it has been... and no one will ever really appreciate the strength of your convictions except the 'ol clb0135 gang.. thank you for always being an inextinguishable light of optimism and truth cast upon the shadows of despair dispelling the nay sayers.. a pillar of strength and providing what has to be the most memorable and hilarious images ever conjured on these boards... simply awesome! I have to attend to some other pressing personal items… selling house and moving… crazy work scene… going on vacation MAYBE blah blah blah… I will, however, be jumping out every now and again to see what is going on and how folks are… There are some truly wonderful folks out here.. hope to meet you all down the road under extraordinarily happy times
Kindest Regards,
Cricket
OT LOL.. I agree about the future being here... you understand as do I how incredibly jaded some, including myself, are without losing sight of the fact that IT IS HAPPENING.. just pain-stakingly slow. Barge coined perhaps the funniest clb0135 expression I ever heard... in deference to our esteemed lady investors I will only say it had something to with strip teases...
P.S.
Barge also conjured up one of the funniest images ever and makes me laugh out loud as I write this... the one were we are all packed into a small plane careening toward the edges of the grand canyon cliffs and just as we prepare for impact snapping our necks as it jerks away at the last second, all the while the bashers are cackling unintelligibly in uncontrolled rants complete with fits and spasms...
This investment journey has been an UNBELIEVABLE trip and once it is all said and done we will realize how unfairly blessed we were to have taken it… the landscape is vast… and plane is still flying… bring us home barge…. Bring us home.
As for my wife I married well indeed! A true angel.
PPS Good luck with that range hood... I installed a space saver microwave and it was a PITA.. Pain In The Apple
Kindest Regards,
Cricket
OT hello allman. I wish I could contribute in a more significant manner. I was going back and reading some posts of my favorites as I haven't been completely tuned in to the day the day happenings for awhile.. I read Kevin_s5 just now and see that he is taking a little break too.. I love this community and feel I have come to know some here well enough to want to meet them in person... It is my feeling only but one day we'll wake up and see wavx has gone all the way to bright... When I started this adventure some 6 years ago now I told my spouse 2003 was recognition and the start of something remarkable with 2006 where the real fun begins... I was wrong.. However, as far as my spouse is concerned 2006 is my deadline lol... I'm comfortable with that and hope it comes a lot sooner... either way $ is $
Kindest Regards,
Cricket
ot - thank you go-kitesurf.. everything you say makes sense to me... back to lurking and waiting for PR's lol...
Kindest Regards,
cricket
TIC TOC TIC TOC QUESTION for all!
Anyone help with this quick question regarding the clock Janus will use?
If this has already been discussed please forgive me… been away for awhile attending to business and family with occasional lurking for peace of mind reasons.
Regarding Janus - Have the various elements that make a “hacker resistant trusted clock” even possible been discussed?
It seems pretty clear Microsoft finds a “trusted clock” essential to their DRM plans.
Source one: “Part of Microsoft’s patent: The digital rights management operating system also limits the functions the user can perform on the rights-managed data and the trusted application, and can provide a trusted clock used in place of the standard computer clock.”
Source Two: “Janus would add a hacker-resistant clock to portable music players for files encoded in Microsoft's proprietary Windows Media Audio format. That in turn would help let subscription services such as Napster put rented tracks on portable devices--something that's not currently allowed. Fans of portable players could then pay as little as $10 a month for ongoing access to hundreds of thousands of songs, instead of buying song downloads one at a time for about a dollar apiece. “
Source Three: “As the Levy article mentions, Palladium will permit the creation of documents with a given lifetime. This feature by necessity requires a secure clock, not just at the desktop of the creator of the document, but also on the desktops of all parties that might in the future read such documents. Since PC's do not ship with secure clocks that the owner of the PC is unable to alter and since the TCPA's specs do not mandate such an expensive hardware solution, any implementation of limited lifetime documents must by necessity obtain the time elsewhere. The obvious source for secure time is a TPM authenticated time server that distributes the time over the Internet. In other words, Palladium and other TCPA-based applications will require at least occasional Internet access to operate”.
So what I think I see from this is a fundamental need to make sure the hacker resistant trusted clock found in the portable Janus device is in fact trusted. Whomever makes the chip is responsible for keeping the clock hacker resistant the way Atmel does.
How is the trust going to be established? Who has demonstrated the only attestation server that I know of (which includes a secure trusted method of real-time clock attestation). I believe wavx had to modify things a bit to accommodate the less than "embassy" tpm's out there but they did in fact do it. Additional, perhaps some might want to “generate reports for tracking of attestable billable events”.?
Taken from waves pages...
"Real" Time
Applications and services that must verify the precise date and time of events need an uncontestable time source. The TAN’s Device Server offers trusted time services and ensures that EMBASSY devices have accurate local time according to their time
synchronization schedule.
Managed Security
To activate the managed security environment, EMBASSY devices
register with the TAN’s Device Server. System administrators may
set policies and permissions for TAN users and services, generate reports for tracking of attestable billable events, and create device groups having exclusive authorities. Additionally, technical support personnel may view the state and history of individual EMBASSY devices, and contain threats by revoking trustlets or disabling devices. These integrated functions help enterprises contain costs by making technical support and system administration as efficient
as possible.
Just curious if this was discussed... knowing me it has been the very focus of the janus discussions... sorry all..
P.S.
Barge - your thoughts here.. Doesn't Intel hold the server side metering patents and wave hold the trusted client side metering patents... the kind of synergy that dreams are made of..
Lord it has been so long I just forget what I thought I used to know lol..
ot Hello Kevin_s5 You have mail! Thank you for all your wonderful contributions as they are truly appreciated! I'll try not to write a book here... I believe sks is right on track and we are going to start the much anticipated ascension to ubiquity as promised (was it Biddle that said PC's are unique because you can go from zero to ubiquity overnight when speaking with sks?). I believe the iterations of embassy as the faithful has seen them will all come to pass. The world will demand a programmable chip as sks has stated. I am "around" but taking a mental health break from the boards lol.. It is still a habit to pop over now and again to see what is going on briefly but truthfully I haven't spent the time to dig in.. I feel the days of wondering will it ever happen are over for me as I feel confident we will see revenues booked 1st quarter next year as per sks for boards going out now I believe when discussing intel royalty checks - It's all happening my friend! I gave up my membership here for my "sabbatical" otherwise I would have sent a private response! Kevin thanks for being a good friend and terrific DD contributor. We will all have our day in the sun and share a few laughs with our families!!!
Kindest Regards,
C2
OT if you're interested in a pretty good resource that will keep you busy for awhile this one might be good:
http://cnscenter.future.co.kr/menu/rsc-center.html
Regards,
C2
AMD sighting September 8th?
Even though this was from WinHec 2003 the date says Sept. 8th --
Was this Strongin call to action posted here before?
P.S.
It some very interesting concepts discussed like the synergy between ngscb and tcg without calling them by name but it will be apparent i.e. applications running in secure memory partitions ngscb doesn't mean they are "trusted" blah blah... and it has some items x-point doma awk and ramsey may find interesting regarding TPM's and EK's... well... if this was already posted sorry... interesting read if your into this kinda thing...
http://www.microsoft.com/whdc/winhec/papers03.mspx
using the above link will make for easier reading!!
AMD Platform for Trustworthy Computing
Abstract
This paper provides information about AMD’s Platform for Trustworthy Computing, and the evolution of the PC platform to support for trustworthy computing. This evolution affects the platform hardware components, platform software and firmware, and also affects the operating system (OS). OS changes in support of trustworthy computing are outside the scope of this paper, but the interaction of the platform with external systems is discussed. The paper provides a call to action to component vendors, OEMs, integrators, and infrastructure providers.
Contents
Introduction 3
Motivation and Constraints 3
Privacy 3
Protecting Personal Data 3
Protecting Platform Identity 4
Security 4
Security Improvement Clearly Needed 4
The Open Nature of the PC Platform 5
Backwards Compatibility 5
Balanced Cost vs. Benefit 5
Ownerships 5
Commerce Depends on Rights Protection 5
Lack of Third Party Trust 5
Benefits of Increased Trust 6
The Stand-Alone SEM Platform 7
Design Constraints 8
Threat Model 8
Legacy Support 8
Open Architecture 8
Cost 9
Key Architectural Concepts 9
Memory Partitioning 9
Sealed Storage 9
Secure Initialization 10
Microprocessor Changes 11
SEM is a Hybrid Hardware and Software Solution 11
Protected Applications 11
Security Kernel 11
Trusted Execution Mode 11
Memory Partitioning 13
Other Protections 15
Interrupt Handling 15
Secure Initialization 17
TPM 18
The Networked SEM Platform 19
Issues Particular to Networked Trustworthy Processing 19
Determining the Trust Characteristics of Remote Systems 19
Privacy Protection and Machine Identification 20
Liability Allocation 20
Call to Action and Resources 21
Windows Hardware Engineering Conference
Author's Disclaimer and Copyright:
© 2003 Advanced Micro Devices, Inc.
All rights reserved.
The contents of this document are provided in connection with Advanced Micro Devices, Inc. (“AMD”) products and technology. AMD makes no representations or warranties with respect to the accuracy or completeness of the contents of this publication and reserves the right to make changes to specifications and product and technology descriptions at any time without notice. No license, whether express, implied, arising by estoppel or otherwise, to any intellectual property rights is granted by this publication. AMD assumes no liability whatsoever, and disclaims any express or implied warranty, relating to its products including, but not limited to, the implied warranty of merchantability, fitness for a particular purpose, or infringement of any intellectual property right.
WinHEC Sponsors’ Disclaimer: The contents of this document have not been authored or confirmed by Microsoft or the WinHEC conference co-sponsors (hereinafter “WinHEC Sponsors”). Accordingly, the information contained in this document does not necessarily represent the views of the WinHEC Sponsors and the WinHEC Sponsors cannot make any representation concerning its accuracy. THE WinHEC SPONSORS MAKE NO WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THIS INFORMATION.
Microsoft, Windows, and Windows NT are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.
Introduction
This paper provides information about AMD’s Platform for Trustworthy Computing, and the evolution of the PC platform to support for trustworthy computing. This evolution affects the platform hardware components, platform software and firmware, and also affects the operating system (OS). OS changes in support of trustworthy computing are outside the scope of this paper, but the interaction of the platform with external systems is discussed. The paper provides a call to action to component vendors, OEMs, integrators, and infrastructure providers.
Motivation and Constraints
AMD sees three interrelated areas of end-user benefit as the driving force for evolving the PC platform toward increased trustworthiness: Privacy, Security, and Ownership. As a set they are referred to as PSO.
Each of these areas is discussed in greater detail below. Addressing all of these areas results in an improved PC platform that delivers more value to users of the platform and that can host a broader set of applications.
Privacy
Privacy protection in the context of PC platforms and applications is a complex area with differing views as to exactly what is meant by this term. In this paper, the term is used narrowly to cover two specific areas: the protection of personally identifiable information (PII) stored within the PC, and the protection of data that would identify the PC platform itself.
Protecting Personal Data
Security is a Prerequisite for Privacy
Data protection of any kind is not possible without adequate security. This applies equally to a file cabinet full of paper files and a hard disk full of electronic files. In both cases, the privacy of the data is dependant on the security system protecting the container. In the real world, we use locks, cameras, and such to provide physical data protection. For computer files, we use the electronic analogs of these physical security tools.
Security is the most basic privacy protection and computer security the most basic PC platform privacy technology. A key goal of Trustworthy Computing is to increase privacy protections and thus the first goal is increased security.
Existing Systems are Vulnerable
The current PC Platform and mainstream operating systems provide limited security and remain vulnerable to a whole range of attacks (and thus expose users to the loss of their PII). Increasing the protections defending PII against common attacks is necessary.
Privacy and Security are in Tension
The best security systems depend on clearly identifying the individual granted access to whatever is being protected. The need of a security system to identify accurately individuals granted access creates a tension between security and privacy. At its root, this tension is the availability of PII to the security system.
Increased Security Without Compromising Privacy
Protecting personal data thus requires both increased security and a security system that is designed to minimize or eliminate the PII used by the security system. Where the security system does utilize PII, it must be protected against improper disclosure.
Protecting Platform Identity
The Connected Trustworthy PC
A PC Platform is rarely used in a stand-alone environment. Most PCs are connected either continually or occasionally to a network.
The increased trustworthiness of the PC is of particular value in a connected environment. The greatest end-user benefit from trustworthy computing arises when remote content and service providers can determine the characteristics and capabilities of a trustworthy PC.
Secure Remote Attestation
Determining with high confidence, integrity, and confidentiality, the characteristics of remote systems requires using cryptographic techniques. (The constraints on this process will be discussed later in this paper.)
Hardware Protection for Platform-Specific Data
It is an essential privacy requirement that any digital certificate, cryptographic key, or other platform-specific data used for secure remote attestation be protected at the hardware level.
The Platform Owner Controls Platform-Specific Data
The platform owner must remain in complete control of any platform-specific data. The owner must be able to determine with whom, and under what circumstances, any such data is used.
The platform owner must be empowered to completely block the use of such data. Such absolute on/off control, while required, may not be optimal, and the platform should provide a means for the platform owner to exert more “fine grained” control over the use of platform-specific data. This control should include the ability to delegate control to software processes trusted by the owner to manage the use of the platform-specific data in a manner consistent with policies set by the owner.
Security
Increasing the security of the PC platform enhances the value of the platform and expands the number of applications for which the PC is suited. Increasing platform security provides an improved execution environment for critical applications and is also the primary means to improve the PC’s ability to protect PII.
Security Improvement Clearly Needed
Security experts agree that existing systems are far too vulnerable to attacks. The popular and trade press are continually filled with articles that describe new vulnerabilities and attacks. No operating system or application suite is immune to such attacks.
The losses incurred by PC users as a consequence of the current state of PC platform security are significant and growing.
Responding to the need for increased security, many providers of PC platform technology have increased their spending on security-related technology. Notable among these is Microsoft Corporation, whose Trustworthy Computing (TWC) initiative has been well publicized. The architectural advances described below complement this and other similar efforts.
The Open Nature of the PC Platform
The open nature of the PC platform allows anyone to develop applications or hardware for the PC. Historically, this openness contributed directly to the success of the PC platform. While clearly of benefit, this very openness greatly complicates efforts to increase the security of the PC platform.
Securing closed systems is relatively straightforward. Increasing the security of the PC without closing the platform was a constraint that influenced the architectural evolution described in this paper.
Backwards Compatibility
In addition to maintaining the openness of the PC platform, an essential constraint that influenced the architecture described below was the need to preserve the industry investment in hardware and software.
A great deal of the value of the PC platform comes from the availability of compatible hardware and software. The architectural evolution described here remains fully compatible with existing hardware and software, and at the same time provides the opportunity for new applications and hardware to be developed that leverage the enhanced capabilities of the platform.
Balanced Cost vs. Benefit
Cost constraints govern all engineering activities. Evolving the PC to increase the trustworthiness of the platform and at the same time minimizing any cost increase was a key goal and requirement. The architectural changes described below enable a significant increase in platform security while keeping cost increases to a minimum.
Ownerships
A more trustworthy PC platform provides increased security and data protection for the platform owner. It can also provide this increased level of data protection for third parties who provide applications and data to the enhanced platform, and who use the PC platform as a vehicle for delivery of digital goods and services.
Commerce Depends on Rights Protection
In any marketplace, a respect for property rights is essential. Without basic protections for both the buyer and seller, commerce comes to a halt. Moving the discussion to an e-commerce market place with digital goods and services does not change basic economic truths.
Lack of Third Party Trust
Historically, the PC platform has not provided an environment friendly to commerce. PC platforms have generally not been “trusted” by remote parties to protect their interests, and in general have not been effective at providing basic protections.
Markets are fluid and dynamic and react to the environment. In the case of PCs, the market has reacted from the beginning to the PC’s lack of basic protections for remote third parties in a number of ways:
Refusal to Sell
Some content and services providers have simply refused to offer their goods for sale on or through the PC platform. This has resulted in a decrease in the value of the PC and a market opportunity for other more trustworthy platforms.
Hardware and Software Add-ons
Some content and service providers have developed software and hardware add-on solutions to overcome the inherent lack of trust in the PC platform. Some of these solutions have proven adequate from a security perspective, and others, most notably the DVD Copy protection system, have not.
These add-on solutions are proprietary closed systems, and they have not enabled open, multi-vendor, trustworthy commerce on the PC Platform.
Relocation of the Market to Servers
The vast majority of e-commerce that takes place involves purchasing physical goods from Internet providers. The actual transactions generally take place either on the web servers that support this market, or on proprietary back-end financial services networks. The PC’s role in most e-commerce is not significantly different from that of a dumb terminal.
Adjustment of Sales Price for Piracy
Where the goods purchased on the Internet are digital and instant delivery is available, the sales price reflects the typically high rates of piracy that occur post-sale.
This same adjustment applies to many other digital goods purchased through all channels where the piracy rates are pre-factored into the sales price.
Benefits of Increased Trust
Increasing the trustworthiness of the PC platform will yield a number of benefits and expand the range of applications that can be reasonably run on the PC. In specific regard to e-commerce, the benefits will include:
Expanded Availability of Content
As the PC evolves into a trustworthy platform for e-commerce, the extent and quality of services and content delivered through the PC will grow. This will translate into increased value for the PC platform.
Lower Cost Content
The current market for digital goods and services that are delivered to the PC has been distorted by the lack of trust inherent in the existing PC platform. The sales price of many digital goods is inflated to compensate the seller for the high rates of piracy. Consequently, those individuals and businesses that acquire legitimate licenses for these products end up paying for those that acquire the products illegally.
The same market distortion applies in other commerce systems, such as the credit card system, where the legitimate participants pay in aggregate for the fraud that occurs. In the arena of digital goods, the piracy rates are higher and thus the price distortions are greater.
As the market becomes more distorted, the incentive for individuals to behave in an ethical and legal manner is decreased, leading to a further increase in fraud or piracy.
An evolved PC platform that provides the technical foundation for e-commerce systems that respect third party property rights will lead to a reduction in the “market distortion factor” and this will translate to lower costs for legitimate purchasers.
Some individuals and companies that have become accustomed to a free ride will resist this change. Such resistance should be anticipated and addressed (at least in part by fair pricing), but since it is based on a false premise that users have a “right to steal,” this resistance should be confronted and overcome.
New Opportunities for Peer to Peer Transactions
Beyond the improvements in availability of high quality content and the reduction in the cost of digital goods, trustworthy computing should also enable a new level of peer-to-peer interaction that is based on mutual trustworthiness.
Predicting how this will develop on the other side of the “inflection point” is difficult, but some speculation is warranted.
Consider the following possibilities:
• A commerce environment where peer-to-peer payments can occur directly from one PC to another over the Internet without the need for a trusted third party.
• Secure gaming.
WEB Services Security Support
WEB services standards and the broad use of XML-based data exchange enables a whole range of new services for end users. Many of these new services will involve transactions between a service provider and a person’s (or company’s) persistent on-line digital data.
The existence of this on-line data raises significant new security and privacy concerns at both the server and client endpoints.
At the server endpoint, data will be vulnerable unless adequately protected. Servers employing trusted capabilities are better suited to provide this protection.
At the client endpoint, and at the interface between the client and server, increased confidence in the user-authentication process is required. As more personal and company data is maintained on-line, the accurate determination of who is actually in control of the data becomes a gating issue for deployment of the services.
Trustworthy platforms have the potential to play a critical role in strengthening this authentication process.
The Stand-Alone SEM Platform
This section begins the detailed description of the SEM Platform architecture. This description begins with the description of the architecture as it applies to a stand-alone platform. The next section addresses the issues of how trustworthy processing and network (particularly Internet) connectivity is addressed.
Design Constraints
All architectures are the result of compromises between what the designers would like to accomplish and the real world constraints that can’t be avoided. The SEM platform architecture has been significantly affected by the constraints discussed in this section.
Threat Model
Any security solution must be developed with some form of threat model in mind. The SEM architecture was developed with a primary requirement to overcome software-based attacks, including software attacks mounted by the local operator of the system and those mounted via the network.
Additionally, the architecture was developed with the objective that no reliance on “security through obscurity” would be needed. This constraint enables open disclosure of the architecture (as is being done here) without comprising the security of the solution.
The SEM architecture has a secondary goal (as opposed to a requirement) to maintain its protections in the face of low-cost unsophisticated hardware attacks. Developing a solution that meets the certification criteria for “Tamper Resistant” trusted hardware is explicitly not a goal. AMD recognizes the value of such certifications, but to achieve this as a goal is not possible given the cost constraints on the architecture.
The SEM architecture did not attempt by itself to address Denial of Service attacks. Such attacks are still capable of preventing execution of applications or the OS. These attacks, however, will not result in incorrect operation of protected applications, or in the exposure of protected data.
Legacy Support
The SEM architecture has been developed with a hard requirement to preserve the investment of the industry in OS and application software. While this constraint made achieving security goals more difficult, it is clearly an essential element in a viable architecture.
The SEM architecture enables existing applications and all but the most OS poorly written device drivers to execute without modification. The architecture preserves investments in Operating System design. The architecture does require the development of new OS components. System performance will benefit from a base operating system that is modified to be SEM aware, but this is not an architectural requirement.
Open Architecture
Open Software Development Model
The SEM architecture is also constrained by the requirement to support an open application development model. There are no architectural reasons that preclude any developer from producing applications that can take advantage of the SEM platform capabilities.
Such applications are not more privileged than existing applications, and thus require no third party (or even self) security certifications.
Open Hardware Development Model
Under the SEM architecture, the PC platform remains open to third party add-in hardware from all vendors. The architecture does require changes to some platform components and the addition of a new component. Aside from the components that implement parts of the SEM architecture, all other add-in components will continue to be useable in a SEM-enhanced platform.
Cost
Without question, cost has been an overriding constraint on the architecture.
Key Architectural Concepts
Memory Partitioning
At the core of the SEM architecture is the concept of memory partitioning. The primary objective of the architecture is to enable a new class of applications that can execute in a memory space that is protected against software attack by other applications, device drivers, worms, viruses, Trojans, and the main OS.
Protected Applications are not themselves “Trusted”, but because they execute in a protected memory partition, they can be expected to execute as designed in the face of software-based attacks.
Protected Applications are not more privileged than other applications and thus from an architectural perspective need no pre-certification. The platform makes no determination as to which applications are “trustworthy”, rather the SEM architecture enables the platform users or application authors to have more confidence that such applications execute as intended by the author.
Sealed Storage
Sealed storage is a new capability of the PC platforms that was first published and specified in specifications adopted by the Trusted Computing Group. Sealed Storage has value independent of the platform’s SEM capabilities, but when combined with SEM-enabled protected processing, secure storage adds significant value and is essential to full utilization of the Protected Applications.
The Sealed Storage capability allows data to be bound to a particular processing environment. The processing environment is reflected in Platform Configuration Registers. When the specific environment is in effect or active, the data bound or “sealed” to that environment can be retrieved. When the environment to which the data is sealed is not active, the data remains sealed and cannot be retrieved.
An example is useful: Consider an enhanced personal banking application that makes use of a cryptographic key to authenticate transactions. This key can be sealed to a Platform Configuration that is judged (by the bank) to be the correct environment for the operation of the application. The banking application itself could be executed in a number of different environments, but the key would only be accessible to the application when the actual environment matches that chosen by the bank.
The use of the sealed storage facility in tandem with a protected partitioned memory space for execution adds greatly to the overall value of the SEM architecture. Together, the capabilities allow for applications to execute in a more reliable manner and to protect their state-data (including secrets) when the protected environment is not in place.
Secure Initialization
All trusted environments suffer from a “chicken and egg” initialization problem. Once a trusted environment is set up it can protect itself against attacks, but the same protections cannot be relied on to protect the setup process.
This initialization problem has been solved in a variety of ways in previous architectures:
Secure Facility Pre-Load
One solution depends on the use of secure, audited facilities where initial setup is performed. This setup is then “locked down” so that it cannot be changed. Smart Cards, for example, are often initialized in such facilities, and are distributed to users pre-configured with fixed, factory setup applications and keys already installed.
Fixed Secure Loader
A variation on this theme used by some devices is to install in such a facility a small “secure loader” that is locked down. This loader is generally provided with factory installed cryptographic keys that allow it to validate external code before loading. This approach has more flexibility than complete pre-loading, but also creates logistical and policy problems. For example, in such a system, which party controls the keys used to authenticate valid modules for later loading? This post-sale control of the devices is acceptable in many markets where the “ownership” of the device remains with the issuing authority. This post-sale control is more problematic in the PC space where the consumer purchases the device.
Secure Log
Another design for secure initialization was incorporated into the Trusted Processing Module (TPM) specification. This specification describes the concept of using a “Root of Trust for Measurement” and a “secure log” to capture all events that affect security from the Power On Reset (POR) forward. This approach allows any software to be loaded (trusted or otherwise) and to execute, but enables an interested party to examine the log of what was actually loaded, validate this log, and thus determine if all the desired software was loaded, and that no undesirable software was loaded. This approach offered a great deal of flexibility, but it suffers from some weaknesses:
• The “Root of Trust for Measurement”, and thus the basis for trusting the log must still be reliably pre-installed. In the TCG specifications, this root of trust is the BIOS software, and thus the scheme is vulnerable to attacks that change BIOS contents.
• The actual log produced during the start-up process can become long. It may be difficult for an interested party to arrive at security conclusions about the system simply by knowing what software has been executed, when such software may not have been evaluated for its security properties.
• The logging operation can be considered to be a chain of connected measurements. Each link in the chain records the characteristics of the next link in the chain. If any link in the chain fails to check the following link, the state of the platform can no longer be determined by examining the log.
SEM Hardware-Assisted Secure Initialization
The SEM Architecture builds on the Secure Log approach, and adds hardware support to eliminate the limitations of that approach.
The SEM platform’s hardware assist also provides the means to enable transition to and from normal operation into operation with increased trustworthiness at any time after system startup.
The details of this hardware support and the SEM-enabled secure initialization process are described below.
Microprocessor Changes
Central to the SEM Architecture are a number of extensions to the x86 microprocessor micro-architecture and instruction set. Collectively, these extensions to the x86 architecture enable a new application class, Protected Applications, and a new Operating System object, the Security Kernel.
SEM is a Hybrid Hardware and Software Solution
The SEM architecture relies on both the hardware micro-architecture changes and on the correct operation of the Security Kernel to provide the protected environment for applications.
Protected Applications
Protected applications execute in a partitioned memory space that is isolated from the legacy application memory space and the legacy OS memory space.
Security Kernel
A new OS object, the Security Kernel (SK) also operates in the partitioned memory. The SK administers Protected Applications, and is responsible for defining and maintaining the partition between both the legacy applications and OS on one side of the partition, and the Protected Applications and SK on the other side of the partition.
The size, complexity, function, and behavior of any specific SK are outside the scope of this document, but some constraints applicable to all SKs are worth noting:
Security Evaluation
While any SK may be functional, only those SKs that have been subject to some form of security evaluation are of real interest.
Protected Application developers will look to such evaluations as they decide if the new protected application environment delivers an adequate level of security for their particular needs.
Size and Complexity
The size and complexity of a given SK will directly impact the level of effort needed to perform a security evaluation of the SK, and will also directly effect the ability of software engineers to provide an SK free from bugs that could also be security vulnerabilities.
Small, simple SKs will be relatively easy to design, fully test, debug, and evaluate. Large and complex SKs may be impossible to fully test, debug, and evaluate given constrained resources.
Trusted Execution Mode
SEM provides a new CPU state bit (TX Mode bit) that discriminates between operation in the legacy memory partition (TX=0), and operation in the new protected memory partition (TX=1). The TX Mode bit operates orthogonally to the existing x86 protection mechanisms, and operates alongside these mechanisms. Most commercial operating systems in use today utilize only the user/supervisor (ring-3/ring-0) protections, and thus separate all code into two classes. The addition of the TX mode bit provides an additional parallel operating mode that also supports both User and Supervisor modes. This is illustrated in the following diagram.
The TX mode bit is set or cleared as the processor executes restricted control transfers between the memory partitions.
SMCALL Transition
A new transfer instruction (SMCALL) is the only explicit instruction that allows transition between the memory partitions.
The SMCALL instruction behavior is analogous to the behavior of the SYSCALL instruction:
• The SMCALL target is taken from internal protected CPU Registers. The target of the instruction will be a Security Kernel entry point defined by the Security Kernel.
• The SMCALL instruction is privileged and can only be executed by ring-0 (supervisor mode) code. There is no mechanism provided for explicit transition to the Security Kernel from ring-3 (user mode) code.
• The SMCALL instruction automatically switches from the legacy memory partition to the protected memory partition.
• The SMCALL instruction switches the TX mode bit from TX=0 to TX=1.
• The SMCALL instruction also clears the new Global Interrupt Flag (described later).
SMRET Transition
A new transfer instruction (SMRET) reverses the actions of the SMCALL instruction described above. This mechanism is the only means for switching from TX=1 to TX=0.
Security Exception Transition
In addition to the above SMCALL/SMRET programmed transitions, the SEM architecture includes a new Security Exception mechanism.
The Security Exception mechanism uses the same SK entry point as the SMCALL instruction. An error code indicates the cause of the Security Exception and allows the exception to be discriminated from the SMCALL.
The SMRET instruction is used for return from either an SMCALL or from a Security Exception.
The importance of the Security Exception in the SEM architecture cannot be overstated.
The Security Exception is triggered whenever code executing with TX=0 attempts to perform any operation that could possibly compromise SEM protections. This forced transition to the SK enables the SK to intercept all such actions. The SK can then determine if the action poses a security risk and the appropriate action to be taken.
Memory Partitioning
The SEM architecture provides hardware support that works in concert with the SK to establish and maintain a partition between the memory space accessible to the legacy applications and OS (TX=0), and the memory space accessible to protected applications and the SK (TX=1).
Paged Virtual Memory
The SEM architecture extends the existing x86 hardware support for paged virtual memory to provide a mechanism for memory partitioning.
Existing hardware provides support for multiple separate virtual address spaces. Much of the code in existing Operating Systems is devoted to managing the data structures that define these virtual address spaces.
The Basic Premise for SEM
The basic premise of the SEM architecture is that the software that controls the data structures that define virtual memory translations, controls what memory is accessible to applications.
SK Control of Page Tables
In the SEM architecture, the SK is given the ultimate control over the virtual memory translation data structures (page tables, and page directories.) This control enables the SK to determine what physical memory is accessible to the legacy OS and applications and what physical memory is accessible to the SK and Protected Applications.
CR3 Load Trapping
In the x86 architecture Control Register 3 (CR3) contains the address of the root virtual memory translation tables. By changing only the contents of CR3, operating systems switch rapidly from one set of virtual to physical translations to another set of translations.
In the SEM architecture, changes to the content of CR3 will result in a Security Exception if TX=0, unless the specific value loaded has been “pre-approved” by the SK. This mechanism prevents TX=0 code from changing the contents of CR3 to unapproved values.
The process the SK uses to “approve” a particular set of virtual to physical mappings is beyond the scope of this paper, but at a minimum, such “approved” translation maps must not contain any translations that would allow access to memory reserved for TX=1 operation.
CR4 and MSR Protections
In the processor, there are a number of architectural, and model specific registers that influence the operation of the virtual to physical translations. An example of this class of registers is Control Register 4 (CR4). CR4 contains various bits that enable virtual memory operation and determine the layout of the data structures that are used in the translation.
In the SEM architecture, changes to CR4 or any other control, or model specific registers that affect the virtual to physical transition by code executing with TX=0 will trigger a Security Exception. This prevents TX=0 code from making changes to the processor configuration that would allow a bypass of the memory partition.
Page Table Write Trapping
The page table data structures that make up a particular virtual address map must be protected against unauthorized modification. Without protection, TX=0 code could change the contents of the tables and establish new mappings, including mappings that target memory reserved for TX=1 applications or the SK.
For proper operation, these data structures must be readable by code executing at TX=0.
The SEM architecture allows for the page structures to be readable to the TX=0 code, but writes to these page tables result in a Security Exception that invokes the Security Kernel. This prevents code executing at TX=0 from establishing new virtual to physical mappings not permitted by the SK.
Non-Paged Memory
During normal OS operation, there are events that cause paging to be disabled. The most common such event is the System Management Interrupt (SMI), which causes the processor to transition into System Management Mode (SMM). This transition can be triggered by a number of external or internal system events.
With paging disabled, the memory partition mechanism using the virtual memory system is not operational, and thus the potential for a compromise of the memory partition arises.
The straightforward solution to this problem would be to disallow SMI and SMM operation when the SEM protections are in effect. This would have a negative effect on OEMs and others that rely on SMM to perform platform specific functions.
The SEM architecture fully enables SMM operation without compromising the memory partition by providing an alternate memory protection mechanism during non-paged operation.
The SEM architecture uses a new hardware visible data structure called the Device Exclusion Vector (DEV) to identify pages of memory that are not accessible to TX=0 code when operating in non-paged mode.
Other Protections
Protection Against Bus-Masters
The SEM architecture also protects memory regions defined by the SK against modification by other bus-mastering devices in the system. The SK defines the list of pages to be protected via entries made in the Device Exclusion Vector (DEV). The DEV is also used during non-paged operation as described above.
Memory cycles originating from bus-master devices that target protected memory are blocked.
I/O Protection
The SEM architecture also provides a means for the SK to gate access by any code executing at TX=0 to specific I/O ports. The SK defines the list of I/O ports to be protected via entries made in the Global IO Protection Bitmap, a new hardware-visible data structure. Attempts to access protected I/O ports by code with TX=0 trigger a Security Exception.
The SK can then determine the correct response to the I/O request.
This mechanism provides the SK with the hardware support needed to virtualize accesses to any I/O device by TX=0 code.
MSR Protection
Later generation complex microprocessors utilize a number of Model Specific Registers (MSR). These registers provide a means for control of micro-architectural features of the processor, and improper settings in these registers could compromise SEM protections. The SEM architecture provides a mechanism to prevent unauthorized modification of the MSRs by TX=0 code. The SK defines which MSRs are protected via entries made in a new MSR protection data structure. Attempts to access protected MSRs by TX=0 code trigger a Security Exception.
Miscellaneous Protections
The SEM architecture also contains a variety of miscellaneous protections. These protections address specific identified vulnerabilities and common attacks.
Interrupt Handling
Interrupt handling under the SEM architecture remains largely unaffected by the addition of the TX mode flag, but there are some minor differences.
Separate IDTs
Code on each side of the memory partition must maintain its own set of Interrupt Descriptor Tables.
Interrupts that occur when TX=0 operate normally, and use the TX=0 IDT, which will vector to a TX=0 Interrupt service routine (ISR).
Normal interrupts that occur during TX=1 operation use the TX=1 IDT and vector to a TX=1 ISR.
No Automatic TX Mode Transition
Since the TX=0 code and the TX=1 code utilize different virtual address maps interrupts that occur in TX=1 code must be handled by a TX=1 Interrupt Service Routine. Similarly, interrupts that occur in TX=0 code must use a TX=0 ISR. Interrupts (except notably the Security Exception) do not perform automatic transition between TX modes.
Interrupts and Mode Transition
The SMCALL instruction and the Security Exception do not automatically perform all steps necessary to completely set up the CPU state for TX=1 operation. The control transfers perform the minimum number of steps needed to effect the actual mode transition and to enable “transition” code to be invoked. This transition code is responsible for ensuring that all needed CPU state is set up for operation in TX=1. To enable interrupts, the transition code must swap from the TX=0 IDT to the TX=1 IDT by switching the contents of the IDTR.
The transition code must execute as an atomic sequence of instructions. To ensure that no interruptions of this code occur, a new Global Interrupt Flag is provided in the SEM architecture.
Global Interrupt Flag
The x86 architecture provides an Interrupt Flag that masks most (but not all) interrupts. NMI, SMI, and Machine Check are examples of interrupts not masked by the Interrupt flag, and exceptions are not masked.
To ensure the transition code can operate atomically, the Global Interrupt Flag (GIF) is provided. When clear, the GIF blocks ALL interrupts and ALL exceptions.
Two new instructions (STGI, and CLGI) are provided to enable software control over the GIF.
The GIF is normally set to 1, allowing normal interrupt operation. The SMCALL instruction and the Security Exception both clear the GIF. The transition code must set the GIF as it concludes to enable interrupt processing by TX=1 code.
TX=1 to TX=0 Transition
Transitions back to TX=0 code following a SMCALL or Security Exception must also use transition code. This code reverses the actions performed on entry to the TX=1 code. The GIF must be cleared using the CLGI instruction to ensure this transition code executes atomically. The SMRET instruction will set the GIF as it executes, enabling normal interrupt operation to resume.
Special TX=1 Interrupt Handing
While operating in TX=1, uncontrolled transitions to TX=0 code must be prevented. To ensure that such a transition does not occur, the normal processor behavior of the System Management Interrupt is modified if TX=1.
System Management Interrupt
When the TX=0, the SMI interrupt response is the same as on existing systems.
While the GIF is clear, the SMI is masked, but held pending and will be recognized once the GIF is set.
When TX=1 the SMI interrupt generates a normal interrupt with a pre-defined interrupt vector. This lets the SK know that an SMI has been requested. The actual transition to SMM is held pending.
When signaled via this interrupt that an SMI is pending, the expectation is that TX=1 code will safely transition back to TX=0. As soon as the processor changes state back to TX=0, the SMI is recognized and normal SMI actions will take place.
Secure Initialization
The SEM architecture provides direct hardware support for the secure initialization process.
SKINIT Instruction
The cornerstone of the SEM extensions to support secure initialization is a new instruction SKINIT.
This instruction performs a series of operations and data transfers that cannot otherwise be duplicated using normal code and cannot be emulated in software.
The SKINIT instruction begins its operation in a software environment that does not include an operational Security Kernel. The SKINIT instruction is designed to operate reliably in the face of software attacks that attempt to subvert the Secure Initialization Process.
The SKINIT instruction is the root of trust for subsequent operation.
SKINIT Security Objective
The security objective of the SKINIT instruction is to establish a starting point for trusted operation. More specifically, the SKINIT establishes a known execution environment, and then executes within this environment a known software object.
These two conditions establish the root of trust for the protected application environment enabled by the SEM architecture.
In actual operation, no attempt is made by the hardware to determine if the software object to be executed in the known environment is indeed a “known” or “trusted” software object. Instead, the SKINIT allows this evaluation to take place after the fact, securely, regardless of the characteristics of the actual software object.
The SKINIT instruction could be used to load an untrustworthy software object, but the object will not be able to masquerade as a known and “trustworthy software object”. The “Sealed Storage” capability described above will ensure that no “secrets” intended for use only in a trusted environment are available if the trustworthy environment is not properly setup.
The “after the fact” analysis is key to ensuring that the platform remains completely open, and prevents the need for installation of “trusted software” in a secure manufacturing facility. The SKINIT instruction does not depend on any software pre-installed in the platform (including BIOS) to ensure correct operation.
SKINIT Operation
The basic functions of the SKINIT instruction operate atomically as described below.
Establish Known Execution Environment
The SKINIT operation begins by performing a series of internal steps to restore the processor to a “clean” state. These steps are a modified version of the steps performed during an “INIT” operation. This phase includes specific steps designed to ensure the integrity of the SKNIT instruction in the face of attack.
Securely Record Software Characteristics
The next step performed is to securely record the characteristics of the software that will be executed at the end of the SKINIT instruction.
During this step, the processor securely transfers the image of the software object to the TPM component. The TPM component will record in internal storage the cryptographic HASH of the software object.
That the transfer operation is protected by hardware means that this phase of the SKINIT cannot be emulated in software.
Jump to Software
The final step in the operation of the instruction is to begin execution within the software object.
Initial Software Object Functions
A detailed discussion of the behavior of the software object that will be executed by the SKINIT instruction is out of scope for this document. The basic tasks of this object, though, are obvious and include performing additional setup steps that lead to the establishment of the partitioned-memory operating environment with an initialized and functional Security Kernel.
SKINIT and Platform Configuration
The software object executed by the SKINIT instruction is the first software object in a short chain of trust. The cryptographic HASH of this object resides in the TPM as a consequence of the actions of the SKINIT instruction. The Security Kernel is the final object in this chain.
The cryptographic HASH of all software objects in the chain leading from this first object up to and including the Security Kernel must also be recorded in the TPM.
These HASH values recorded in the TPM provide the platform configuration data needed to enable the use of TPM provided Sealed Storage functions. This same platform configuration data is used as the basis of the remote attestation process described in the section on the networked SEM platform.
TPM
A key architectural element in the SEM platform is the inclusion of an enhanced Trusted Processing Module (TPM). The detailed behavior of first generation TPM devices is defined in the TPM Specification V1.1 adopted by the Trusted Computing Group (TCG).
AMD is a member and promoter of the Trusted Computing Group.
The TCG is currently developing the next revision of this specification. AMD anticipates that this revision will define the characteristics and behavior of TPM modules used in the AMD SEM Platform.
TCG rules prevent public disclosure of draft specifications; consequently further details of the interaction between the SEM architecture and the enhanced TPM cannot be provided at this time.
Parties interested in gaining access to draft specifications of the Trusted Computing Group, or in contributing to the development of such specifications, are encouraged to become members of the Trusted Computing Group.
The Networked SEM Platform
This section addresses the issues and challenges faced in using trustworthy processing in a connected environment, and (in some cases) describes how the SEM platform addresses these issues. The focus of this section will be on using trustworthy computing in the more challenging Internet environment, as opposed to the corporate environment, for the following reasons:
• In the corporate environment there are external constraints on computer user behavior that are not present on the Internet. For example, a corporate user who attempts to break the security of trustworthy systems will typically be subject to termination. This is a serious deterrent.
• Corporations, as opposed to users, generally own the computer hardware.
• Privacy expectations are reduced in the corporate environment (at least in the United States). Consequently, the privacy issues that face trustworthy computing within the corporation are less of an issue than in the Internet environment.
• Corporations are in a position to impose a proprietary, closed, trust-infrastructure inside the enterprise to enable trusted computing. Internet infrastructure solutions must generally meet criteria not applicable inside the enterprise.
• Corporate users are less likely to engage in wide-open commerce using trustworthy computing. Corporations tend to do business with a relatively fixed and often pre-qualified vendor base.
• Solutions that address the more stringent requirements of the Internet can often be utilized in the enterprise; the reverse is often not true.
Issues Particular to Networked Trustworthy Processing
Determining the Trust Characteristics of Remote Systems
The first problem that must be solved before the trustworthy processing capabilities of a remote system can be used is determining what trustworthy capabilities actually exist within the system at the far end of the wire.
The now famous cartoon of a dog at a computer with the caption “On the Internet, no one knows you are a dog” illustrates the problem.
Solving this problem in the face of deliberate attempts by attackers to spoof the trusting party is not trivial. Cryptographic techniques can be used to solve this problem and are used in the SEM platform for this purpose.
Unfortunately, relying on cryptographic techniques to address the problem leads to a whole range of side effects and additional problems that must be solved.
Personalization
The schemes used for solving the remote attestation problem typically utilize public key cryptography.
For lots of good reasons that are beyond the scope of this paper, the keys used in the remote attestation process should be unique. In other words, each platform should have its own unique key-pair. These keys are only useful if a platform specific endorsement certificate attesting to the validity of the keys is also provided.
This requirement leads directly to the need to personalize the platform. In this context, personalization involves: installing the keys and generating the endorsement certificate. The issues and design choices associated with the personalization process are quite similar to the problem of secure initialization discussed above.
The most common means to deal with personalization is to perform this step in a secure facility. This process leads to a logistical issue relating to how the certificate is transferred, as well as the potentially significant costs to PC OEMs.
In the SEM platform architecture the TPM device is the only device that is personalized. These components can be personalized during manufacturing before they are joined to the rest of the platform. Certificates can either be embedded into the TPM device, or they can be delivered via the Internet further eliminating the logistical impact that would follow if media containing the certificate needed to accompany the TPM through manufacture.
Privacy Protection and Machine Identification
The existence of unique keys and certificates within the TPM raises concerns that these unique values could be used as a form of platform identifier.
The SEM platform includes specific hardware-based protections to address these concerns:
• The first level of protection provided by the hardware is the ability to completely disable the TPM.
• The next level of protection is fine-grained control over the use of TPM commands that utilize data that could be used to identify the platform.
• The authentication and attestation protocols provide an additional level of protection. Data exchanges with remote parties use cryptographic techniques to obscure platform-specific data.
• Protection against the misuse of the authentication process as a means to identify platforms should be an integral design and operational requirement of the trust-infrastructure developed to support open networked trustworthy systems.
Liability Allocation
The problem of liability allocation is not strictly an issue for the networked use of trustworthy systems, but network usage more directly depends on a solution to this problem. Liability allocation addresses failures in the security model for a trustworthy system that leads to some form of financial loss. Liability allocation determines “who is left holding the bag”.
Trustworthy systems will be compromised as a result of attacks that exceed the designed threat model, and possibly as a result of errors in design or implementation. Security systems are never perfect. The SEM Platform Architecture represents a quantum leap forward over the security of existing systems, but vulnerabilities remain, and will be exploited.
Parties that rely on the security of SEM platforms must do so with the full knowledge that some platforms will be compromised. OS vendors, silicon providers, motherboard vendors, and OEMs cannot assume significant liability for the consequences of security failures.
A system must be developed to ensure that consequential liability for security failures does not attach to suppliers of the trustworthy platforms.
The trust-infrastructure provides a possible means to clearly allocate the consequential liability to the service or content provider. Such providers must make use of information about the platform in making content and service delivery decisions. The trust-infrastructure could be designed to obtain an indemnification against loss before providing information about a platform’s capabilities to a content or service provider. Other solutions to the problem of liability allocation are possible.
Call to Action and Resources
Call to Action:
• For system manufacturers: Develop plans for how to market more Trustworthy Computing platforms, engage with AMD and others developing standards and solutions.
• For device manufacturers: Work with AMD and others to determine the specific impact of Trustworthy computing on the devices or components that you manufacture.
• For infrastructure providers: Engage now with AMD and others involved in defining the trust infrastructure that will be needed to support the networked use of Trustworthy computing.
Feedback:
• To provide feedback about this document, and to begin working with AMD on trustworthy computing, please send e-mail to geoffrey.strongin@amd.com.