Researcher Finds Trusted Computing Chip in Apple Models

The latest Intel-based Apple Computers contain a "trusted computing" chip that would allow users to take advantage of enhanced hard disk encryption and security capabilities. So far, there is no evidence that Apple can use the chip to invoke d

Recently manufactured Intel-based Apple computers contain a chip on their motherboards that would allow users to take advantage of "trusted computing" capabilities, according to computer researcher Amit Singh.

Singh, a member of Googles technical staff in Mountain View, Calif., is the researcher who recently disclosed that there are encrypted binaries in Apples Mac OS X operating system that are designed to protect the operating system from being pirated.

Singh wrote about the existence of the chip, called a "trusted computing module," in a chapter of his book, "Mac OS X Internals: A Systems Approach," which has been excerpted online.

/zimages/3/28571.gifRead more here about how Apple encrypted parts of the Mac OS to protect it from piracy.

However, Singh also discovered that Apple has not included a way for Mac OS X to use the TPM directly, indicating that no DRM (digital rights management) or other restrictions are tied to the TPM.

"Apple simply does not use the TPM hardware," Singh wrote in his book.

"The TPM is an opt-in feature," Singh told eWEEK, adding that "Apple cant just turn it on—nobody can, other than the user."

The TPM itself consists of a small memory chip, a true random number generator, a low-power processor and a few other components, all on one chip.

The TPM can have no effect on the system unless the operating system or firmware of the computer equipped with a TPM contains drivers that are aware of the TPM.

Singh has determined that Mac OS X and Apples firmware do not contain these elements and thus cannot use the TPM.

"My speculation is that the motherboards just came with them as part of the package from Intel," Singh said.

However, said Singh, it is possible for individual users to take advantage of the TPM in their Intel-based Macs; Singh has written a TPM device driver for that purpose.

Uses for this, Singh said, could include tying data to one machine by encrypting it so that only the machine with the users unique TPM can decrypt it.

Or the machines owner can encrypt the hard drive so that it only decrypts when connected to the owners computer. Both of these could be useful, or even mandated, in certain government or military situations.

Some other researchers agree that the TPM is not in use now, but wonder about the future.

"The question is of course this: Why is Apple putting the chip into its products if theres no plan to use it?" said Ross Anderson, a professor of security engineering at the Computer Laboratory at the University of Cambridge.

Next Page: Pondering possible motives.