Saturday, December 13, 2003 9:51:39 AM
SPIN and mbarr,
In terms of motherboards sold, I believe that focusing on that figure, alone, is fairly narrow-minded. I don't think you have yet figured out this investment (as none of us may have...), but motherboard sales are not representing the brunt of Wave revenues.
Wave's future relies on the re-architecture of the PC. This re-vamp will include many changes besides just putting a TPM on the motherboard. In fact, you will see many implementations where the stand-alone TPM chip is not the only chip in the system. The reason I say this is that looking at the LaGrande Technology (LT) architecture for protection, we see that there are many areas of hardware necessity. The TPM is currently designed on the motherboard, yes. However, for LaGrande to work, secure I/O is required. Looking more closely at secure I/O, the Super I/O controller is also located on the motherboard. So why not build a TPM core to be fabbed into the I/O controller?
The I/O controller must be secure, which requires hardware support. Therefore, there must be TPM-like functions built into the I/O controller. The controller will protect the floppy drive, hard drive (Seagate), keyboard keystrokes, mouse and other I/O peripherals.
Wave is not about "being in a DVR" as someone put it. Wave is about creating and managing an architecture of support for trust and security inside the PC, and on the other end, the server side, through attestation and key management.
This includes all the hardware manufacturers making a TPM, a Super I/O controller, and a graphics processor (all three being hardware chipsets) that supports this new architecture! This is not about TPM-only.
At boot-up (skipping secure boot), the CPU(prescott) will "handshake" with the o/s(NGSCB) to see if the architecture/platform to support trusted computing is there. In other words, it will check to see if there is a TCPA TPM, Super I/O and graphics controller to support the system, a nexus, and the user has actually turned this all "on".
Once this initializing process is done, the nexus will ask the CPU to initiate authenticated startup which starts the nexus security kernel. This clears the hardware and loads the nexus kernel into physical memory to be used. The operating system will make sure that no other processors are interuppting this process and that it is secure. Once complete, the CPU then hands over control to the nexus, which will process data and transactions in a protected mode.
The other TCPA hardware in the PC will recognize the system as running in nexus mode and support it.
For the graphics:
NGSCB-Enabled Chipset
NGSCB-enabled computers require a specially designed chipset, which is currently being developed by multiple vendors. This chipset includes the following basic features to support NGSCB functionality:
-Page-granular DMA protection in collaboration with the NGSCB-enabled CPU
-System management mode (SMM) containment in collaboration with the NGSCB-enabled CPU
-NGSCB features implemented in the bus bridge or memory controller
-Memory, I/O controller, and bridges that follow the parameters set by the DMA exclusion vector, which is an in-memory, 1-bit-per-page table that may be cached and that ensures that DMA devices do not read or write to the secure area of memory
-DMA exclusion vector programming under nexus control
-Memory reset scrub if the protected environment fails
-Connectivity with the SSC
The SSC is the TPM v1.2. This is happening middle next year. the v1.1a and v1.1b have no large differences except secure time, from what I understand.
As you can see, there are multiple vendors creating the secure graphics processors. There are also multiple vendors creating the secure super i/o controllers and there are also multiple vendors creating the TPM controllers. All of these hardware units will have to talk to each other, adn an outside source that holds the master keys to make sure that the hardware has not been compromised. They will also have to talk to outside servers to make sure that the PC accessing content (from a Disney server), running on a Disney media player (and they did develop one, gee, wonder why?), is the correct PC that is supposed to have access.
At this point, I literally don't believe TCG can happen without Wave's architecture. Maybe Wave offered all this information to the TCPA for free. Maybe Wave can be replaced "later". Maybe Wave's eTS is a stepping stone for MSFT. But for right now, only Wave can enable this TCPA thing to actually happen and the gorillas need them. Of course, ICBW!
Oh, and guys, NSM is a very large player in the I/O controller market...
In terms of motherboards sold, I believe that focusing on that figure, alone, is fairly narrow-minded. I don't think you have yet figured out this investment (as none of us may have...), but motherboard sales are not representing the brunt of Wave revenues.
Wave's future relies on the re-architecture of the PC. This re-vamp will include many changes besides just putting a TPM on the motherboard. In fact, you will see many implementations where the stand-alone TPM chip is not the only chip in the system. The reason I say this is that looking at the LaGrande Technology (LT) architecture for protection, we see that there are many areas of hardware necessity. The TPM is currently designed on the motherboard, yes. However, for LaGrande to work, secure I/O is required. Looking more closely at secure I/O, the Super I/O controller is also located on the motherboard. So why not build a TPM core to be fabbed into the I/O controller?
The I/O controller must be secure, which requires hardware support. Therefore, there must be TPM-like functions built into the I/O controller. The controller will protect the floppy drive, hard drive (Seagate), keyboard keystrokes, mouse and other I/O peripherals.
Wave is not about "being in a DVR" as someone put it. Wave is about creating and managing an architecture of support for trust and security inside the PC, and on the other end, the server side, through attestation and key management.
This includes all the hardware manufacturers making a TPM, a Super I/O controller, and a graphics processor (all three being hardware chipsets) that supports this new architecture! This is not about TPM-only.
At boot-up (skipping secure boot), the CPU(prescott) will "handshake" with the o/s(NGSCB) to see if the architecture/platform to support trusted computing is there. In other words, it will check to see if there is a TCPA TPM, Super I/O and graphics controller to support the system, a nexus, and the user has actually turned this all "on".
Once this initializing process is done, the nexus will ask the CPU to initiate authenticated startup which starts the nexus security kernel. This clears the hardware and loads the nexus kernel into physical memory to be used. The operating system will make sure that no other processors are interuppting this process and that it is secure. Once complete, the CPU then hands over control to the nexus, which will process data and transactions in a protected mode.
The other TCPA hardware in the PC will recognize the system as running in nexus mode and support it.
For the graphics:
NGSCB-Enabled Chipset
NGSCB-enabled computers require a specially designed chipset, which is currently being developed by multiple vendors. This chipset includes the following basic features to support NGSCB functionality:
-Page-granular DMA protection in collaboration with the NGSCB-enabled CPU
-System management mode (SMM) containment in collaboration with the NGSCB-enabled CPU
-NGSCB features implemented in the bus bridge or memory controller
-Memory, I/O controller, and bridges that follow the parameters set by the DMA exclusion vector, which is an in-memory, 1-bit-per-page table that may be cached and that ensures that DMA devices do not read or write to the secure area of memory
-DMA exclusion vector programming under nexus control
-Memory reset scrub if the protected environment fails
-Connectivity with the SSC
The SSC is the TPM v1.2. This is happening middle next year. the v1.1a and v1.1b have no large differences except secure time, from what I understand.
As you can see, there are multiple vendors creating the secure graphics processors. There are also multiple vendors creating the secure super i/o controllers and there are also multiple vendors creating the TPM controllers. All of these hardware units will have to talk to each other, adn an outside source that holds the master keys to make sure that the hardware has not been compromised. They will also have to talk to outside servers to make sure that the PC accessing content (from a Disney server), running on a Disney media player (and they did develop one, gee, wonder why?), is the correct PC that is supposed to have access.
At this point, I literally don't believe TCG can happen without Wave's architecture. Maybe Wave offered all this information to the TCPA for free. Maybe Wave can be replaced "later". Maybe Wave's eTS is a stepping stone for MSFT. But for right now, only Wave can enable this TCPA thing to actually happen and the gorillas need them. Of course, ICBW!
Oh, and guys, NSM is a very large player in the I/O controller market...
Join the InvestorsHub Community
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.