Trusted Computing for Mac OS X. Amit Singh. All Rights Reserved. Written in October 2. Executive Summary. If you do not have the time, patience, or inclination to read this entire document, please consider reading the executive summary rather than reading an incorrect reinterpretation somewhere else. The Trusted Computing Platform Alliance TCPA was a collaborative initiative involving major industry players such as Compaq, Hewlett Packard, IBM, Intel, Microsoft, and some others. The successor to the TCPA is the Trusted Computing Group TCG, whose goal is to develop vendor neutral standard specifications for trusted computing. Unfortunately, there are several aspects of trusted computing that are often misunderstoodin particular, its relationship to the controversial idea of Digital Rights Management DRM. We will not discuss the pros and cons of trusted computing here far too many expositions haven been written both for and against the concept. The purpose of this document is to discuss a specific piece of hardware found in certain Apple computer models the Trusted Platform Module TPM. TPMs and Trusted Platforms. A Trusted Platform is a computing platform that has a trusted component say, some tamper resistant built in hardware. Usually the resistance in question is to an external attack and not to an attack by the owner. In the case of the TCG platform, the TPM is that trusted piece of rather complex hardware. A TPM can be thought of as the core of a trusted subsystem. Its logical constituents include functional units and memory. Examples of functional units include a SHA 1 hardware accelerator and a true random number generator. Examples of memory types include working memory, non volatile storage, and EEPROM. The TPM specification requires certain features, and in some cases, requires a minimum number of certain resources. In the next section, we will see the feature set of the specific TPM used by Apple. Note that the strict definition of a trusted computing platform includes other requirements besides a TPM. For example, there must be a Core Root of Trust for Measurement CRTM and supporting software. The CRTM can be thought of as some set of instructions that execute during the boot process. People often associate TCG the erstwhile TCPA with Microsofts infamous Palladium project. People also typically use TCG synonymously with DRM. Sure, you can use a TPM to perform some work in a DRM scheme, but from a crackability standpoint, you wont automatically be any better unless several other additional measures are taken and the potential use of many such measures is valid cause for concern. It is also believed that a TPM can somehow prevent or control program executionit cannot. A TPM cannot participate in execution decisionsit is still software that has to make these decisions. The TPM also doesnt know, and cannot know, about black or white lists of computer serial numbers. This is not to say that there are no justifiable privacy concerns or controversies with the use of trusted computing. An extreme and contrived scenario could be if the TPM is abused by a vendor, say, one that refuses to let the customer disable the TPM or change its ownershipthat is a bad thing. Kalashnikov Concern, the Russian arms manufacturer best known for its eponymous line of rifles used by militaries and militants alike the world over, has developed a. Support/OEM_Software/UEFI%20BIOS%20Step%205d.JPG' alt='Reboot To 4 8 Software Executive' title='Reboot To 4 8 Software Executive' />However, in doing so, the vendor will have to go against the specification. As with anything else, a TPM could be part of both evil and non evil uses. This is a never ending discussion with a very wide scope, and we havent even started discussing the general notions of trust and security. There already is no dearth of such discussions, so let us move on with the issue at hand. The Infineon TPM1. In recent Apple computers that do have an onboard Infineon TPM, the module is an SLB 9. TT 1. 2. In my experience, the 9. Before we look at its key features, let me refer you once again to the TCG web site for detailed documentation on what these features mean and what they do. Some important hardware details of the 9. Claims compliance with TCG TPM Main Specification Family 1. Level 2, Errata Level 0. CMOS technology. 24 Platform Configuration Registers PCRs1. KB of general purpose non volatile memory. EEPROM for storing upgradable firmware and user keysdata. Zappit System Cleaner 4 Download Fix, Clean ZAPPIT SYSTEM CLEANER 4 DOWNLOAD And Optimize PC SPEED Up Your PC FREE Scan Now Recommended. Mediagazer presents the days mustread media news on a single page. Executive Summary. If you do not have the time, patience, or inclination to read this entire document, please consider reading the executive summary rather than. Executive Overview Keeping PCs in a business up to date with the latest SoftPaqs presents a number of problems, including time, bandwidth, and logistical issues. Install Windows Xp Mode In Virtualbox. Welcome to the OWASP Global Projects Page The Projects pages are constantly being updated. Some pages may contain outdated information. You can help OWASP. Kristen Stewart and Oscarwinner Lupita Nyongo are in early talks to topline Sonys Charlies Angels reboot, which has Elizabeth Banks attached to direct. The film. MCADCafe. MCAD industry commentary, news, product reviews, articles, events and resources from a single, convenient point. We provide our users. TouchMix30 Pro Windows USB Driver Beta This driver connects a TouchMix30 Pro mixers digital audio inputs and outputs to Windows via USB. The driver provides a. Cryptographic engine up to 2. RSA keys supportedHashing engine hardware accelerated SHA 1True Random Number Generator TRNGTick counter with tamper detection. Low Pin Count LPC bus interface operation based on a single 3. MHz clock. Support for an external output signal on a General Purpose IO GPIO pin. Various security features such as overunder voltage detection, low frequency sensor, high frequency filter, reset filter, and memory encryption. The TPM is not a cryptographic accelerator. It is not meant to aid in bulk encryption. Moreover, the specification does not contain any cryptographic throughput requirements. Perhaps the most critical Apple specific thing to note about the TPM is that Apples firmware is not TCG aware in that theres no Apple provided provision for asserting physical presence. Some sensitive TPM operations such as clearing the TPM, which results in a new TPM owner being established and any previous owner being forgotten require physical human presence to be asserted. For example, to assert physical presence on some computers with TCG aware firmware, one must press the Fn key at power on time, enter the BIOS, and clear the TPM from within the BIOS. There is also a software initiated way to assert physical presence, which is what we will use. The key thing to realize is that the software method is normally only possible when the firmware is TCG unaware. If not, the firmware locks physical presence, disallowing the software method and resulting in stricter security. Another way of looking at the firmwares TCG unawareness is that there is no firmware level TPM driver included. An EFI driver can certainly be written though. A TPM Device Driver for Mac OS X. The TPM is a very interesting and complex piece of hardware with many uses. For example, you could use the TPM from within your own programs to. Create privatepublic key pairs such that the private key never leaves the TPM in clear form. Therefore, the private key cannot be stolen nor can you yourself clone it. Private keys can leave the chip after they have been wrapped encrypted with a TPM resident key. Sign data. Again, without the private key ever leaving the chip. Encrypt data such that it can only be decrypted on the physical machine specifically, through the physical TPM it was encrypted on. Encrypt data such that the process is additionally contingent upon one or more measurements in simple terms, the state of things on the system, as determined by hash values contained in one or more TPM Platform Configuration Registers. In this case, decryption will only succeed if the said measurements are identical to their values at encryption time. In protocols such as SSL that use key exchange, employ the TPM for a much better guarantee regarding the identities involved. Apples TPM Keys. The media has been discussing Apples use of TPM for a long time now. There have been numerous reports of system attackers bypassing Apples TPM protection and finding Apples TPM keys. Nevertheless, it is important to note that Apple does not use the TPM. If you have a TPM equipped Macintosh computer, you can use the TPM for its intended purpose, with no side effect on the normal working of Mac OS X.