?

Log in

 

Stupid Slashbots! - 410

About Stupid Slashbots!

Previous Entry Stupid Slashbots! Aug. 1st, 2005 @ 12:50 pm Next Entry
From /.: Apple kernel includes DRM[1] shocker.

In actual fact the story was about Apple including a trusted computing driver in their latest developer kernel. Of course the story nicely skips the fact that Linux also has such a driver.

[1] Digital Rights Managements, not Direct Rendering Manager.

Update: The recent developer builds leaked onto the torrent sites include only Rosetta as a key bit of technology which requires TPM. Examining the Rosetta dæmon (from publically available sources - not the code itself) I have to say my gut instinct is that this isn't to restrict running it, merely to make use of the accelerated SHA-1 implementation on the TPM chip. Further I would guess that this is to make a very fast hash-table implementation, the sort of thing required for a performance critical thing like binary emulation.
Leave a comment
From:(Anonymous)
Date:August 1st, 2005 12:35 pm (UTC)

Of course.

(Link)
When I read that article, I was surprised as well. But it makes sense: if there were no DRM, how would Apple be able to prevent people from installing Mac OS X on non-Apple computers?
[User Picture Icon]
From:filecoreinuse
Date:August 1st, 2005 12:56 pm (UTC)

Re: Of course.

(Link)
TBF it doesn't. From the 10,000 metre perspective the TPM chip provides a set of one-way alterable registers[1]. The BIOS sets these registers to one value on boot and the Ring 0[2] kernel sets them once more. The 'setting operation' is a hash with the previous values done in such a way so as to ensure that a particular value must have come from a particular BIOS/kernel combination. The kernel can, of course, refuse to run if it was launched from the wrong BIOS and applications can refuse to run if they are on the wrong kernel.

Getting OS X's kernel to boot would be fairly straight-forward. Either a) modify the BIOS so it sets the registers correctly or b) modify the kernel. Option b) is probably easiest in this case because the OS X kernel can be replaced with your own compiled Darwin kernel.

What would be a problem is if, for example, the Window Server refused to run on anything other than the OS X kernel. This would be somewhat troublesome since each OS X update that updated the kernel would also now have to update this server. All in all I find it unlikely that Apple would go down that route.

Finally we come to applications like iTunes. What Apple could do is ensure that the audio driver is the OS X supplied one and not one that could, for example, allow one to rip the audio stream directly. This is a bit pointless however as there are solutions to avoid music copying less tied into the hardware.

In reality what is likely to happen is that Apple will build into, e.g. iTunes the ability to provided DRM'd music which can only be unlocked on your particular machine (although I home there would be a mechanism to deal with upgrades).

In conclusion adding TPM support to an OS still makes it non-trivial to cryptographically restrict which machines it can run on unless you want to lock down all kernel code so it never changes (something which could be possible on Windows machines since the kernel there is rarely modified).

[1] Along with some crypto, signing, and protected memory areas.
[2] On the x86 architecture there are several 'rings' which give progressively more access to the bare metal. Kernels usually run in ring 0 which give them complete access to memory, etc. User-space apps (like web-browsers) run in higher rings which implement memory protection, etc so your browser can't scribble all over your word-processors memory.
[User Picture Icon]
From:filecoreinuse
Date:August 1st, 2005 01:29 pm (UTC)

Re: Of course.

(Link)
Of course I forgot to point out that one can simply just make a particular app require the presence of a TPM chip. For example, the Rosetta binary in the OS Intel builds does just this.
From:(Anonymous)
Date:August 2nd, 2005 03:11 am (UTC)

Re: Of course.

(Link)
"TBF it doesn't. From the 10,000 metre perspective the TPM chip provides a set of one-way alterable registers[1]."

How could you explain this to a casual Mac user ? We don't understand TCPA, even at Slashdot most people talk out of their ***.
[User Picture Icon]
From:captain_aj
Date:August 1st, 2005 01:51 pm (UTC)
(Link)
WTF OMFG DMCA DRM TCPA TPM M$ APPLE EVIL LUNIX GOOD!11!!11!!
[User Picture Icon]
From:twisted_times
Date:August 2nd, 2005 11:10 am (UTC)
(Link)

A bubh?
[User Picture Icon]
From:captain_aj
Date:August 2nd, 2005 05:43 pm (UTC)
(Link)
See, this means you're untainted and aren't familiar with the ways of the lesser-spotted Slashbot.
From:trejkaz
Date:August 13th, 2005 08:28 am (UTC)
(Link)
An even faster way to implement a hashtable is to use a hash function which isn't cryptographic.
From:ozzyuu66
Date:February 16th, 2013 04:24 pm (UTC)
(Link)
Local women looking for discreet affairs Go Here dld.bz/chwZF
(Leave a comment)
Top of Page Powered by LiveJournal.com