Cerca nel blog

2006/04/09

Evidence of “Palladium”/TPM chips in shipping Intel Macs

This article is made possible by the kind donations of "sa.cri" and "afusco3".
The article has been updated since its initial posting.
Una versione italiana di questo articolo è disponibile qui.



The Mac TPM DRM logo has
been kindly donated by
Hale and is freely usable.
I've been quiet, until now, on the subject of Macs with Intel processors. For those of you who know my poorly concealed passion for Macs, that might sound odd. But there's a good reason, and it's called Palladium.

Actually, it's called Trusted Computing. The term Palladium is a leftover from a Microsoft project announced in 2002 and then awkwardly renamed Next-Generation Secure Computing Base, but it has stuck despite being incorrect.

The basic idea of Trusted Computing is hardware-based security, provided by means of a dedicated chip known as Trusted Platform Module (TPM). This is a highly controversial project, as I wrote four years ago (in Italian). It's being peddled as a security system that provides advantages to users (which is partly true), but it also entails the risk of paving the way for virtually unbreakable copy protection systems and ultimately to unprecedented forms of censorship and surveillance. The Electronic Frontier Foundation's analysis is merciless, although IBM's opposite view is also worth reading.

The EFF also raises a purely technical issue which applies to any hardware-based security solution: if security is handled by a chip, you have to trust that the chip doesn't contain implementation errors or, worse still, undocumented backdoors. Moreover, if security is handled by a chip which is soldered to the motherboard or even integrated within the main processor, there's no way to remove it, even for very legitimate purposes, such as replacing it with a new release if it turns out to be flawed.

With software-managed security, instead, you can easily change the software whenever you want. You can update it if it's found to be broken. You can choose the implementation that you trust, rather than the one chosen by your computer manufacturer. Better still, if you use open source software to ensure your security, you can check (or ask trusted experts to check) that it works exactly as specified, without flaws and backdoors. Not so with security on a chip.

More importantly, as far as I've been able to determine so far (and IBM's rebuttal is too vague), a computer fitted with a TPM chip and a TPM-compliant operating system can refuse to obey the commands of its owner and run only the programs and the operating systems approved by the computer's manufacturer and/or the OS maker. Remember Dave Bowman and HAL in 2001 ("I'm sorry, Dave, I'm afraid I can't do that")? Exactly. This is nasty stuff.

Trusted Computing technology is already integrated in many PCs, although up to now no operating system uses it for questionable (i.e., user-as-enemy) purposes. So far, it's been used mostly to encrypt user data. Even Windows Vista won't implement Trusted Computing fully. TC support is available (as an option) in Linux.

What's all this got to do with Macs? Well, while the presence of TPM chips on non-Apple machines is well-known and documented, it seems nobody wants to admit that the Intel Macs currently on sale (not the developer kits; the standard shipping Macs) also have a TPM chip. I have reliable evidence that an Infineon TPM chip is indeed present in at least some shipping Intel Macs. Moreover, Mac OS X for Intel is the first mainstream OS to use Trusted Computing to enforce OS copyright and licensing.

I contacted Apple Italy asking to confirm this: they said they'd get back to me. I'm still waiting. My original article, in Italian, was published on March 30, 2006.

Sorry, folks, I'm a Mac enthusiast, but I'm not buying a Mac (hell, I'm not buying a toaster) if it's got a snooping security chip over which I'm allowed no control. And it seems I'm not alone, although I won't have to worry about removing tattoos. This abomination goes against the very concept of "personal computer". My computer is mine, dammit: it's not a playground I want to share with uncle Bill, the limousinati from Hollywood and the moguls of the music industry.

Rant over. Now let me explain.

The issue of TPM chips in Macs began with Apple's developer kits. When Apple announced its migration from PowerPC to Intel processors, it provided developers with a kit which included an Intel PC and Mac OS X compiled for Intel, long before Intel Macs were available in shops. These PCs unquestionably had a TPM chip, as shown for example by photos of the motherboard at OSX86Project.org. The chip was an Infineon like this one. The purpose of the TPM chip in these developer systems was to prevent ordinary, non-Apple PCs from running Mac OS X. The chip worked essentially like a built-in dongle.

That hardware-enforced DRM soon failed, but never mind: it was in a developer box. The real question, for me as a Mac buyer, was whether standard, non-developer Intel Macs also included a TPM chip. So I Googled high and low and surprisingly found that everybody was quite mum about the issue. There was lots of talk about TPM in developer kits, but once the production Macs were out, everyone cheered that they were so cool and they dual-booted Windows, but the TPM chip issue was essentially swept under the carpet. Mac fans (including me) don't like to hear bad news about their fetish.

All I found was an an Italian article claiming that the presence of the chip (also known as Fritz Chip) on shipping Macs was "extensively documented by developer sites and by the tech specs of some Apple distributors". But I was unable to find any of this "extensive documentation".

I did find several sites that dissected MacBook Pros, Intel Mac Minis and Core Duo iMacs, but there was no mention of the TPM chip. Apple's site doesn't mention TPM chips at all. I e-mailed Apple Italy, but got no answers after the initial "I'll get back to you on that".

There's no doubt that Mac OS X for Intels checks whether a TPM chip is present. Based on the evidence available up to now, this is done solely to make it harder to run Mac OS X on non-Apple computers.

That's a perfectly understandable reason, but the bigger picture is that once this chip is soldered inside the computer you're buying, there's really nothing to stop Apple from using it for other purposes in the future. Since Apple has substantial interests in the music market (iTunes, iPods), it might be tempted to use this chip as a key for essentially unbreakable DRM, with all the unpleasant consequences of copyright being enforced not according to the law applicable in your country, but according to the RIAA/MPAA's whims. Even for legitimate buyers of content. Think Pentium III unique IDs. Think Sony rootkits.

I found an article from Heise.de (in German) which seemed to confirm that the TPM chip was indeed present on shipping Intel Macs. Also, a photo from Kodawarisan seemed to show an Infineon chip:

kodawarisan_imac_tpm_on_right.jpg

Heise.de's article (translated thanks to r.pulito) has these interesting quotes:

The Japanese page Kodawarisan shows pictures of an iMac with Dual Core processor. According to these photos, this Apple computer still contains an Infineon TPM. The markings of the 28-pin IC next to the Intel South Bridge... are hard to read, but the Infineon logo is clearly recognizable...

...It's quite suprising that Apple makes no mention, in the iMac specs available so far, of the existence of this component... It is unclear whether the TPM is active by default and cannot be deactivated, as in the developer kits...

...It is also unclear how this component is intended to work. Up to now, it provided a sort of hardware dongle to prevent installation of Mac OS X on non-TPM motherboards. The fact that TPM can be used to support for imposing by default a DRM system is explicitly mentioned in the Trusted Computing Group FAQs.

The day after I published my first post on this issue in Italian, a technical source who prefers to remain anonymous sent me some high-resolution photographs of the motherboard of a shipping, non-developer-kit single-processor Intel iMac. The photos show an Infineon chip with the following code: SLB9635TT12 - G546K1V - 00ZA544257. The first row of the code matches the TPM chip on developer Macs. The full set of photos, with a wider field of view, is in my Flickr album.

tpm chip closeup.png

So yes, there is a TPM chip in at least some shipping Macs as well, not just in the developer kits. Mac users are now faced with some unpleasant choices, unless Apple changes its strategy and finds a less controversial way to restrict use of its excellent operating system.

In my opinion, using a non-removable security chip is evidence that Apple and the many other TPM-embracing manufacturers plan to secure the computer against the user. With a soldered chip, content (the OS today, movies and music tomorrow) is tied to the computer, not to the user. This makes it hell to migrate DRM-locked stuff from one computer to another. What happens if/when the computer fails?

A much more user-friendly and user-trustable approach would be to implement a removable chip or smart card. A mobile phone's SIM card comes to mind: it's standard, extremely compact, cheap, carries a unique ID tied to a well-established authentication infrastructure, and it's designed to be transferred easily from one device to another. If your beloved MacBook Pro broke, you'd simply remove the SIM and plug it into another Mac, restore all your stuff, and you'd be all set, just like you are now when your mobile phone kicks the bucket. Try doing that with a chip soldered to the motherboard. Not socketed. Soldered.

Am I worrying too much? Maybe. Or maybe I'm recognizing an eerily familiar pattern. Previous incidents have shown the music/movie industry's willingness to disregard user rights, and even user security. A TPM chip gradually making its way into all PCs (not just Macs) is an excellent opportunity for further abuse. And opportunities of this kind are seldom wasted.


Update (2006/05/18)


A Slashdot discussion links to a Trustedcomputing.org document describing the Infineon chip shown above. It most definitely is a TPM chip, which "provides computer manufacturers with a proven secure operating system inside the TPM... automatically checks system integrity, and can authenticate the platform to third parties if authorized by the primary user". It is easy to imagine scenarios in which the "primary user", aka you and me, will have no choice but authorize such authentication. Your papers, please.

The same discussion notes that booting a recent Linux kernel on an Intel Mac will detect the TPM chip.


Update (2006/12/03)


According to this article by Amit Singh, newly shipped Macs are no longer reporting the presence of a TPM chip. More specifically, says Singh, Mac OS X gives an empty reply to the command ioreg | grep TPM on recently shipped Macs; Singh does not specify whether he's actually disassembled an Intel Mac to see if the TPM chip is physically there or not.

An informal poll among my readers (in Italian) seems to confirm that this behavior occurs on at least some Intel Macs, although some readers are reporting that their newly purchased Macs are still reporting the presence of the TPM chip. Mysteriouser and mysteriouser. The removal of Trusted Computing from Macs would be excellent news for consumers, so I'm rather cautious about accepting it as true.

Moreover, if the TPM chip was added to Intel Macs to prevent OS X from running on non-Apple machines and the chip is now no longer present, does this mean that OS X no longer requires a TPM chip to run? That would be a remarkable development. It would also mean that some versions of OS X for Intel don't check for TPM and some do.

As usual, Apple is silent on this issue.

Nessun commento: