Well, sites are still abuzz: the Apple Intel Transition Kits have been opened and photographed, and at least some of them are based on a stock Intel motherboard. With an Infineon SLD9630-series TPM chip on it.
Some libertarians and open-source advocates came out swinging since, as usual, TPM, TCPA, DRM and even the moribund Palladium are usually used interchangeably. Some cooler heads popped up, but the Slashdot thread was particularly entertaining. Cory Doctorow even said:
Apple may never implement this in their own apps (though I’ll be shocked silly if it isn’t used in iTunes and the DVD player), but Trusted Computing in the kernel is like a rifle on the mantelpiece: if it’s present in act one, it’ll go off by act three.
It means that the price of being a Mac user will be eternal vigilance: you’ll need to know that your apps not only write to exportable formats, but that they also allow those exported files to be read by competing apps. That they eschew those measures that would lock you in and prevent you from giving your business to someone else. I’m pretty sure that apps like BBEdit and NetNewsWire won’t lock me out, as their authors are personally known to me to be wonderful, generous, honorable people. But personally familiarizing yourself with the authors of all the software you use doesn’t scale.
So that means that if Apple carries on down this path, I’m going to exercise my market power and switch away, and, for the first time since 1979, I won’t use an Apple product as my main computer. I may even have my tattoo removed.
Now, Cory is one of my favorite authors, and Boing Boing is the first site I check every day, but this unfortunately just plays into the hands of the FUD crowd.
The situation is somewhat complex. Granted that DRM is a bad thing and should be avoided. Granted that, as the EFF says, a trusted platform can be misused under certain circumstances. However, jumping from the mere presence of the TPM chip to the conclusion that DRM was one of the reasons for the entire Intel switch is very far-fetched. Even if the Mac OS X kernel checks for, and uses, the TPM chip to prevent users from running Mac OS X on a non-Apple PC – a use I consider entirely legitimate – suddenly switching in mid-paragraph to DRM protection of media, and encryption of formerly public data formats, is unwarranted. (This very common confusion between the aims and definitions of TPM, TCPA and DRM is quite well addressed in a rebuttal paper published by IBM a few years ago.)
And the examples given – BBEdit and NetNewsWire – are totally off anyway. BBEdit, by definition, saves stuff in plain text format! If I want to mess about with any other type of format I certainly wouldn’t use BBEdit anyway; and NetNewsWire exports data in OPML format because it’s public. Regarding closed formats, the StuffIt .sit has been very popular (although completely undocumented) since before Cory became a Mac user in 1979, yet few people have complained about this until very recently.
The obvious and ostensive purpose of the TPM chip is, of course, locking Mac OS X’s Intel version (which strictly speaking is a “universal binary” version) to running only on the transition kits. Apple has repeatedly and clearly stated that they won’t allow Mac OS X to run on non-Apple computers; and, since the clones were killed and Apple has started charging for the system, this has always been stated in the license terms:
2. Permitted License Uses and Restrictions.
A. This License allows you to install and use one copy of the Apple Software on a single Apple-labeled computer at a time.
This was sort of redundant in the past, as there were no other PowerPC-based general-purpose computers on the market at any time; and few people would have argued, as some seem to be doing now, that they have a “right” to install Mac OS X on computers explicitly disallowed by the license – not the least because doing so would have entailed an impossible amount of work. Strangely, the amount of work required has now been perceived to have shrunk enough to argue for this position…
So, what’s inside the TPM chip to make it so repulsive? Infineon has published some technical data. It’s a simple microcontroller with a standard LPC interface, like other on-board peripheral chips have; the interface’s peak bandwidth is about 4MB/s. It has several types of internal memory, including 16KB of EEPROM used to store secure keys, a random number generator, specialized hardware for fast generation and checking of SHA-1 digital hashes, similar hardware for RSA encryption and decryption, and several anti-tamper facilities. In other words, it’s a simple peripheral that can receive blocks of data and return other blocks of data, transforming them according to the algorithms and keys stored inside. These can be the same for all deployed chips or can be different for each equipment, presumably at some additional cost.
Naturally, all those functions could be equally well performed by software running on the main CPU. The difference is that with a relatively trivial effort, such software could be intercepted or decoded by a hostile party; this is several orders of magnitude harder to do with the TPM chip, as long as suitable precautions are taken by the software which accesses it. Note that usually the “hostile party” is not the computer’s owner, who always has the option of ripping the chip off the board, or more practically, spending his/her money elsewhere! It all depends on how the chip is used, as well see below.
I don’t have access to a transition kit myself, and would be under NDA if I had. However, from what I’ve read on the net, the Mac OS X boot process checks for the presence of the TPM chip and later on uses it to verify, or decrypt, some parts of its own object code; a perfectly legitimate use. Will this chip be in the Intel Macs when they come on the market? We can’t say, of course. Its presence in the transition kit units is of course explained by the fact that time constraints forced Apple to use a standard Intel motherboard. In their own systems Apple will be free to integrate TPM-like functions into the system controller chip, for instance, since they’re only using a small subset of the chip’s capabilities. They could also ask Intel to produce slightly modified versions of their CPUs, which might restrict Mac OS X to Macs as effectively as running on a PowerPC did in the past.
What if they opt for the easy way out and simply keep the full TPM chip for the standard Intel Macs? If the chip is used only for restricting Mac OS X to Macs, no problem. But what if they use it for more nefarious purposes, say, for strengthening the iTunes DRM encryption? I don’t see how this would be any more harmful than the existing situation; civil libertarians are concerned about the existence of DRM, not about its relative efficacy. By its construction, the chip’s functions are only accessible to “trusted” software modules, meaning that it wouldn’t be useable by any random application.
The TCPA specifies a complex system of interlocking security procedures to produce a “trusted” system – meaning a system where both the user and the software running on it can trust everything to be in a known state. That is, the BIOS (or EFI, or whatever) and the TPM chip are mutually certified, then every single piece of software or hardware that is loaded, or initialized, later must be similarly examined and certified by a trusted function. If a non-certified item is encountered, it must be either rejected altogether or the system must enter an “untrusted” state. So, to do this consistently, Apple would have to reject all third-party peripherals and software applications! Certainly the CIA, FBI and some corporations would be eager to buy a number of such systems, but who else would? Notice that you could also just protect certain data paths – as Microsoft’s Protected Media Path project is supposed to do; to be really effective, this would mean trusted DVD drives, loudspeakers, monitors and so on. Banks would need trusted keyboards and network cards. In other words, this is not something suitable for your general computing needs.
Even so, let’s suppose that Cory is right. Let’s suppose Steve Jobs goes psycho and deploys the Mac Intel machines with full TPM, TCPA, DRM and whatnot. Let’s suppose that all things at the iTunes Music Store will now be sold only with strong encryption, as well as all Pixar films, MTV music videos, and so on. Let’s suppose all other software companies are infected and stop support for plain text files, HTML, XML, etc. Let’s suppose that we all go mad as well and continue to buy Macs at current quantities or better – say, 5 to 7 million a year. What would happen?
Why, the current installed base is something over 30 million PowerPC Macs (or even more, depending on your sources). By the end of 2007, Intel Macs will be perhaps 15% of that. It will take at least 5 years, probably more, for Intel Macs to surpass the PowerPC Mac installed base. In other words, non-TPM systems will be in the majority for several years. Can you see Apple (or their stockholders, of which I’m one) restricting such important markets to 15% of their customers? Or even 50%? For years??
If you really believe this, I have a bridge here I’d like to sell…
…as I was posting this, I saw that John Gruber, as usual, has a highly cogent post about this very subject.