I own a copy of Free Software, Free Society. I'm an associate member of the Free Software Foundation and I even donate to them every month. I even call it GNU/Linux. I'm a big, big fan.
But when Richard Stallman is wrong, you've got to call him on it.
Lately, I've been working on getting the TPM chip in my thinkpad to work properly as a PKCS#11 smartcard device. This was kind of a work assignment, kind of a personal mission once I realized the whole problem, which I'll summarize: if you're storing secret keys (e.g. GPG, SSH, or SSL) as a file on some media, whether hard disk or removable, even encrypted with a strong passphrase, then at some point in time the secret information can be read by root. Moreover, if your bootloader and kernel are not authenticated at boot time, then all bets are off. A root exploit, a backdoor, a keylogger, or a modified kernel can subvert your security, without you ever knowing it. The solution is to use a smartcard, a separate secured piece of non-volatile storage that never allows the software to read the secret information, only to make use of it through secured operations such as encryption, decryption, signing, and verifying data, as well as random number and key generation.
We can technically solve this problem by using smartcards, but a smartcard is difficult to integrate into all aspects of a computing platform. For example, it would require a lot of code, maybe too much to make a trust system, to use a smartcard for certified booting, to make sure the kernel you're running is really the one you want to be running. But if we could embed the same functionality into a chip right on the motherboard and provide a specification for integrating it, much greater personal security could be achieved broadly.
Even the FSFE (FSF Europe) distributes smartcards. Smartcards are big in Europe.
So, let's examine the state of the world:
We have a Free Software implementation of a TPM Software Stack.
We have a Free Software implementation of a PKCS#11 interface for the TPM, thus allowing us to use the TPM chip as a smartcard.
We know smartcards can stop the theft of secret information from a machine, even in the face of root access or physical access.
And yet, the number of programs that support PKCS#11, the open standard for interfacing with smartcards, similar to the role OpenGL plays in 3D graphics, is dismal. No hard disk encryption program supports it (though it is slated for eCryptFs), OpenSSH doesn't support but there is a patch, there is a backend for OpenSSL to use it but it is maintained independently, there is an external program for GnuPG to support it Werner Koch doesn't think it belongs in Free Software.
On the plus side, some free software that supports it right out of the box:
StrongSwan (but unfortunately its sibling FreeS/Wan doesn't...)
QT's Cryptographic Architecture, used in KWallet and Kopete, among others. (Unfortunately, there's no similar project for GNOME yet).
As I push for more security in the applications I depend on every day, it disturbs me to think that responses like RMS's to trusted computing are believed without being validated. If you just casually read the TPM specs, it's clear that they're talking about allowing users to store secret information securely, not any of the extrapolation or inference that RMS puts into his "Can You Trust Your Computer?" essay. He's using the same FUD tactics he wagged his finger at when Microsoft tried to say Free Software was inherently low quality.
This is the kind of arrogance that makes the FSF hated and they should have corrected it long ago.
Rereading the essay right now, it irks me so bad that I need to dissect it in more detail here:
The first two paragraphs are about the evils of proprietary systems, completely unrelated to the TPM chip.
His first technical point about 1/5 of the way down, "The technical idea underlying treacherous computing is that the computer includes a digital encryption and signature device, and the keys are kept secret from you." But the keys aren't kept secret from you, so lets assume you're running a free operating system and you have total control over the keys that go on the device. That's a win for security. But, the rest of this paragraph builds from his faulty assumption that the user won't control the keys (and in fact, the rest of the paper), so it's informationally bankrupt.
The next paragraph about how "Hollywood" intends to use the chip is pure speculation. The TPM is disconnected from any of the multimedia functions of a device. The TPM only stores RSA keys. DVD drives were supposed to do basically the same thing, and that was directly connected to the media access.
And the next paragraph about emails no longer being able to be read is possibly the worst in the document because it shows either a complete misunderstanding of public key cryptography or a direct attempt at misdirection in the mind of the reader. Is the mail signed? If so, then it's signed with a public key which doesn't live on your computer. Is it encrypted? If so, then it's encrypted with a key on your boss's computer! No matter how I twist my mind for this one, there's no more "disappearing ink" then there is when I'm using GnuPG or S/MIME as they exist normally. This obscenity continues in the next paragraph. And if we just stop for a second to consider the population of users who currently use even digital signatures in email, roughly 0.00001% if that, embracing open access to the TPM chip for securing mail to actually bring his version of "today" to reality sometime before we die instead of fear mongering for an orwelling future that won't see the light of day anyway would be appreciated.
He continues with more schpiel about fearing government and the holy virtues of Free Software. And damnit, as much as I am a Free Software advocate and instigator for positive change in government, this spinning of the real story just makes me sick.
The best part, the companies he mention as people to tell to stop trusted computing (Intel, IBM, and HP/Compaq) are all huge supporters of free software.
Damnit, RMS, on this TPM issue you're so wrong it hurts. Please at least add a postscript to your essay saying that there may be positive uses of the TPM chip. Stop spreading FUD, it's beneath you and your morals and it's hurting our shared cause.
2 comments:
/me nods.
I'm not particularly security literate so please forgive my ignorance where possible.
In terms of e-mail, I don't think that normal e-mail in the wild (e.g. personal e-mail) would be an issue as much as inter-company e-mail that was set up on a mandated OS and set to require you to encrypt your e-mails and for the key to expire after a set time period. Maybe your boss tells you to do something criminal but the key provided to decrypt the message expires and the message is unreadable after a week or so.
Wouldn't another worry be TPMs preset to only allow booting of kernel signed by the manufacturer (e.g. only windows)?
I guess I never really read the RMS essay as a "TPMs are BAD!" essay but rather as a "Jeez, TPMs could be use to restrict booting of free operating systems, but if you can, you should because you would have control of the TPM" essay. Though the second part is not explicitly written and was my interpretation.
While I agree that the TPM chip has a lot of value and usefulness to end users, at the same time I see a germ of truth to RMS's critique. The TPM chip does in fact have a key whose secret value is not knowable to the user or controllable by him. It is called the Endorsement Key and comes installed more-or-less permanently in the chip. The chip will do certain things with the EK and follow certain rules in using it, and the user can't get the chip to break the rules.
There is also another key called the Storage Root Key which is generated dynamically at the time the user initializes and enables his TPM chip. That key, too, is never revealed to the user and is used only by the TPM chip according to its rules.
Having said that, there is no truth to the stories that Hollywood or some other institution will know or control these keys. Only the TPM chip knows them, and it acts as essentially an independent agent in terms of how it uses these keys. It is this independence which is so threatening to RMS and others, and either out of confusion or manipulation they present these claims that someone else controls your computer. This is false, but it is true that your computer can gain a degree of independence and autonomy which is impossible with classical computing models. I see this technology as having great potential for opening up new ways of handling information, but some others see only the threat of losing complete control over their computers.
Post a Comment