> It seems odd for the TPM of all devices to be put on a pluggable module as 
> shown here.  The whole point of the chip is to be bound tightly to the 
> motherboard and to observe the boot and initial program load sequence.

Maybe I am showing my eternal optimist side here, but to me, this is how TPM's 
should be used, as opposed to the way their
backers originally wanted them used.  A removable module whose connection to a 
device I establish (and can de-establish,
assuming the presence of a tamper-respondent barrier such as a sensor-enabled 
computer case to legitimize that activity) is a
very useful thing to me, as it facilitates all sorts of useful applications.  
The utility of the original intent has already
been widely criticised, so I won't repeat that here.  :)

It also shows those interesting economics at work.  The added utility of the 
TPM module (from the PoV of the user) was marginal
at best despite all claims, yet it facilitated functionality which was contrary 
to most user's interests.  The content industry
tried to claim that the TPM module would facilitate the availability of 
compelling content - which they tried to sell as it's
user utility - but like most of their claims it was a smoke and mirrors trick.

Consequently, the razor-edged economics of the motherboard and desktop industry 
has comprehensively rejected TPM except in
certain specialized marketplaces where higher profit margins are available (eg. 
Servers, corporate desktops).  The chipset
manufacturers have also failed to add this functionality to their offerings to 

Now Vista has added Bitlocker, which arguably adds a user valuable feature for 
which a TPM module is needed (yes, you can run it
without TPM, but it's painful).  I wonder if we'll start to see more "TPM 
connectors" appearing, or even full TPM modules on
motherboards and cores on south bridge dies?

Personally, I'd like to see a TPM implemented as a tamper-respondent (ie. 
Self-powered) module mounted on the motherboard in a
socket which allows removal detection.  That way you get the flexibility of 
moving the module, with the safety of a programmed
response to an unauthorized removal.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to