Wave Systems Corp. (fka WAVXQ)

[orda]

Correction on Vista and TPM versioning
-Posted by David Berlind @ 8:28 am
http://blogs.zdnet.com/microsoftvistas/index.php?p=44


Microsoft has issued a correction to the statements that were given to me during our last conference call regarding the type of Trusted Platform Module hardware that must be included in a PC in order for certain security features of Vista to work. In that call, Microsoft mentioned that a TPM conforming to version 1.2b of the Trusted Computing Group's specification would be required. In my most recent blog on the issue (see Microsoft: No substitutes for Trusted Platform Module allowed), I noted that I couldn't find any reference to version 1.2b on the TCG's Web site. Microsoft has since responded with the following statement:

TPM 1.2b does not exist. A system that implements a Trusted Platform Module (TPM) and ships with a version of Windows Vista that includes the Secure Startup feature must include a TPM that complies with the TPM Main Specification, Version 1.2 (or later). The TPM provides the hardware support that Secure Startup requires to perform platform integrity measurement and reporting. The TPM provides hardware-enhanced, persistent protection of sensitive information and encryption keys which are used to enable full-volume encryption.

Version 1.2 does exist, but the correction still does not address one key problem which is that there are almost no conforming systems on the market today (this again, according to Microsoft during the conference call) and there's no way to upgrade existing systems to get them ready for Vista. In other words, new systems will have to be purchased in order to take advantage of TPM-supported features like full volume encryption (see why my colleague George Ou thinks Vista's TPM strategy is questionable). In fact, in response to a separate e-mail inquiry, Microsoft has confirmed that full-volume encryption is the only feature that requires the TPM (and a feature that won't necessarily be available in all editions of Vista).

That said, a TPM could play another important role from Microsoft's perspective. Shortly after Apple announced it would be porting it's OS X operating system to Intel-based personal computers, sources told me that the selection was based on Intel's implementation of the TPM and how it could play a role in assuring Apple that bootlegged copies of its operating system would be prevented from running on just any Intel system. Sure enough, in August of this year when the first developer versions of Intel-based Mac OS X systems shipped, they included a TPM.

The ability to exercise that sort of control over the specific systems that software (operating systems or applications) can run on cuts to the chase of what makes the TPM so special: like humans with fingerprints, every physical system has a unique identifier that's burned into the hardware in such a way that no two systems will never be alike. Although I don't know the technical details, the "no TPM upgrades allowed" is obviously related to this. Allowing TPM upgrades would create a technical loophole that could defeat their purpose (more on that to come in a separate blog).

With it's Windows Product Activation (WPA) strategy, Microsoft has already demonstrated the will and the resolve to marry software to specific hardware. In a column that I wrote over four years ago, I described in detail how WPA attempts to marry a specific software license to a specific computer by using the computer's hardware configuration to compute a relatively unique fingerprint for every system. Given the lengths to which Microsoft has gone to make WPA successful, its inconceivable that it wouldn't take advantage of TPMs to make the program even more reliable. than it is today

Originally, the WPA idea generated quite a bit of controversy. Not only on the legal front, but also operationally. Whereas it protected Microsoft's interests from a software piracy perspective, the scheme also ran the risk of foiling legitimate uses of the software it was trying to protect. For example, if a user upgraded a system's hard drive and needed to reinstall Windows, the computed fingerprint to which the software was originally married (and tracked in Microsoft's databases) would change. In WPA's scheme of things, a different fingerpint means a different system and a different system could mean attempted piracy. So, by virtue of simple hardware upgrades, false positives (in terms of catching pirates) were possible. TPMs can eliminate virtually all chances of such false positives because the fingerprint isn't based on something arbitrary like a system's configuration. Instead, the fingerprint is a unique digital certificate that's encoded into hardware in a way that it can't easily be cloned or reproduced. In terms of such resiliance to cloning, hardware-based digital certificates are considered to be more reliable than software-based ones.

Moving from a computed fingerprint to a real one is theoretically better for both Microsoft and its customers. Since the fingerprint never changes, customers are free to alter the hardware configurations of their systems without raising any red flags in Microsoft's WPA database. From Microsoft's perspective, this means less support costs connected with customers who are legitimately re-installing. From the legitimate customer's perspective (someone just trying to legitimately upgrade one or more systems), it means almost no chance of being flagged as a pirate.

Whether or not Microsoft intends to make use of the TPMs in this fashion (as Apple may end up doing), remains to be seen (I've asked Microsoft and will report on my findings).