Researcher Finds Trusted Computing Chip in Apple Models

By Daniel Drew Turner  |  Posted 2006-11-10

Researcher Finds Trusted Computing Chip in Apple Models

Recently manufactured Intel-based Apple computers contain a chip on their motherboards that would allow users to take advantage of "trusted computing" capabilities, according to computer researcher Amit Singh.

Singh, a member of Googles technical staff in Mountain View, Calif., is the researcher who recently disclosed that there are encrypted binaries in Apples Mac OS X operating system that are designed to protect the operating system from being pirated.

Singh wrote about the existence of the chip, called a "trusted computing module," in a chapter of his book, "Mac OS X Internals: A Systems Approach," which has been excerpted online.

Read more here about how Apple encrypted parts of the Mac OS to protect it from piracy.

However, Singh also discovered that Apple has not included a way for Mac OS X to use the TPM directly, indicating that no DRM (digital rights management) or other restrictions are tied to the TPM.

"Apple simply does not use the TPM hardware," Singh wrote in his book.

"The TPM is an opt-in feature," Singh told eWEEK, adding that "Apple cant just turn it on—nobody can, other than the user."

The TPM itself consists of a small memory chip, a true random number generator, a low-power processor and a few other components, all on one chip.

The TPM can have no effect on the system unless the operating system or firmware of the computer equipped with a TPM contains drivers that are aware of the TPM.

Singh has determined that Mac OS X and Apples firmware do not contain these elements and thus cannot use the TPM.

"My speculation is that the motherboards just came with them as part of the package from Intel," Singh said.

However, said Singh, it is possible for individual users to take advantage of the TPM in their Intel-based Macs; Singh has written a TPM device driver for that purpose.

Uses for this, Singh said, could include tying data to one machine by encrypting it so that only the machine with the users unique TPM can decrypt it.

Or the machines owner can encrypt the hard drive so that it only decrypts when connected to the owners computer. Both of these could be useful, or even mandated, in certain government or military situations.

Some other researchers agree that the TPM is not in use now, but wonder about the future.

"The question is of course this: Why is Apple putting the chip into its products if theres no plan to use it?" said Ross Anderson, a professor of security engineering at the Computer Laboratory at the University of Cambridge.

Next Page: Pondering possible motives.

Pondering Possible Motives

"There are several possibilities," he said.

First, "theres a plan for general future use of the TPM, whether in OS X 10.5, 10.6 or later."

Or, he added, "theres a plan for offering TPM use into specialized markets, such as the U.S. military."

Third, "theres the possibility of TPM use directly by application software vendors, e.g. in Office 2007."

Lastly, he said, "or its there in order to support dual-boot operation whereby a MacBook will also be able to run future versions of Windows Vista alongside OS X."

"Quite how each of these options site with Apples traditional business model of making money on hardware, and subsidizing the development of OS X (and key apps) so that people have worthwhile software to tempt them to buy this hardware, is unclear," Anderson said.

"From the viewpoint of software economics," he said, the first and third make more sense than the second and fourth.

"But we will probably have to wait and see," he added.

Anderson has been very critical of trusted computing initiatives in the past, noting that they have often been tied to attempts to enforce harsh DRM restrictions, such as preventing users from copying purchased media files, or preventing users from playing a CD on more than one computer.

Originally, the TPM hardware was designed as a part of the concept of TC (trusted computing), which is the brainchild of the TCG (Trusted Computing Group).

The group has created specifications for TPMs and their software interfaces as well as specifications for mobile devices, storage, networks and peripherals.

Among the TCGs current members are Intel, AMD, Microsoft, IBM, Infineon, Hewlett-Packard, Lenovo and Sun Microsystems.

Click here to read about how the Trusted Computing Group is working on a hardware-based encryption standard for hard disks.

The goal of TC was to create a hardware and software that would prevent malicious tampering of application and system software as well as to prevent computers from executing unauthorized programs, and potentially to provide a way to confirm the identities of users making purchases online.

Most recently, the TCGs Storage Work Group has promoted its hardware-based encryption using TPMs for hard drives.

However, many critics were skeptical of TC, partially due to Microsofts TC initiative, code-named Palladium, which was seen as a Draconian way for the company to prevent piracy of its operating system.

"Palladium left a really bad taste in peoples mouths," Singh said.

He said that Microsoft could not get vendor buy-in and this nearly sunk the initiative; "some people still detest the idea," Singh added.

Apple representatives did not respond requests for comment from the company.

Check out eWEEK.coms for the latest news, reviews and analysis on Apple in the enterprise.

Rocket Fuel