San Francisco (CA) – Intel’s next-generation Conroe, Merom, and Woodcrest processors are likely to feature optional components for supporting the Trusted Computing Group’s TPM 1.2 specification. To that end, Intel announced today at IDF, the company’s LaGrande Technology (LT) specification has been finalized, and was officially published by Intel this morning.
Up until recently, LT has been mentioned in the same breath as Microsoft’s Next Generation Secure Computing Base, formerly code-named “Palladium” or its chemical element symbol, “Pd,” for short. But a first read of Intel’s new LaGrande specifications may thoroughly surprise those who had been foreseeing a kind of digital rights management lockdown technology being built into future CPUs. This morning’s documents clearly specify LT as a systems protection platform, using virtualization technology coupled with cryptographic hashing as a way of assuring platform safety, especially to other components that require assurances that a system is indeed what it claims to be.
While conceivably, a system based on Intel’s LT may be leveraged by DRM components in order to ensure that, for instance, components in a home theatre system are indeed what they claim to be and not surreptitious recording devices, LT’s basic premise is to be able to assure other components in a system or network that the integrity of an active element, such as the operating environment of a CPU, have not been compromised.
The big surprise is how LT classifies the operating system, the component which Microsoft had previously described as nothing short of the cornerstone of any rights protection system. According to Intel’s documents released today, LT enables a BIOS to launch a new class of control program for a computer, called a virtual machine monitor (VMM). This new class runs the principal operating environment within the CPU, taking over from the operating system. The OS, whose job is to run applications and to present the user with a front end, becomes sublimated. “An OS executing in a virtual machine,” reads Intel’s LT specification, “operates with reduced privilege because the VMM retains control of processor and platform resources.”
While Intel and Microsoft did announce a joint venture today on virtualization technology, this is not at all the area that their venture covers. Under the LT scheme, all operating systems plus the software run by them, including DRM software, would run in a world of reduced privilege, separated from the physical world by an impenetrable boundary of virtualization. The OS would literally “think” it’s being run on a completely separate machine.
The way LT will work, the VMM will provide a partitioned environment in system memory, where the virtual system will run. But because the VMM is completely made of software, its core image – the part of itself that represents the hardware it virtualizes – is comprised of code. This code can be continually evaluated, or “measured” using a cryptographic hash table, to determine that its contents are precisely the same as with prior measurements. If a single bit has been changed, the integrity of the entire system is compromised; at which point, the VMM takes over and decides what it wants to do, which could mean a system shutdown for safety’s sake.
Notice we’re not talking about making copies of CDs or DVDs or streaming content over the Internet, because that’s not what this is about, and Intel has made great strides today in separating LT from this other side of the “trust” issue. Conceivably, a computer running LT could protect itself from any kind of malicious damage that an outside entity could make to a computer, first of all by presenting the face of a completely non-real computer to the outside world, and second by introducing a monitoring mechanism that runs beneath the operating system level, where antivirus software simply cannot peer.
However, the revelations from today’s released documents do open up a world of completely new and perhaps unexplored questions dealing with the realm of virtualization, which could at some point play a role in how DRM schemes try to take advantage of trusted platforms. For example, since LT enables a VMM to create and monitor a completely virtual machine, exactly what is it within this or future renditions of the LT specification that would prevent engineers from virtualizing different classes of machines – such as a Cell processor environment – that aren’t tied to x86 architecture whatsoever? Certainly, such a feat of programming could not be pulled off by an average hacker; and even then, it would have to be embedded in the microcode or firmware of systems, not racing through the Internet. But why must an x86 platform necessarily virtualize something that pretends to be an x86 platform, other than, for the benefit of Windows and other operating systems for which it’s too late to make tectonic-shift-level changes?
Here’s a realistic hypothesis: The manufacturers of set-top boxes (STBs) for digital TVs might appreciate a single virtualization standard, that would enable every compliant STB to run the same class of software, even when the underlying hardware is made up of any number of non-standardized processors and memory components. Suppose an LT-like structure were put in place to enable every STB to put forth the face of a single class of set-top component. It would follow the technical goals of LT to the letter (except not in the PC realm). However, it would fail the Trusted Platform’s prime objective: to enable a component to be relied upon as being what it claims to be. In such a situation, you could actually be assured that a component was not what it claimed to be, which would disqualify it from being “trusted” by the TCG’s definition.
So going forward, all hypotheticals aside, the only real assuredness a TPM-compliant system might have that another TPM-compliant LT system is what it says it is, will come from the fact that Intel isn’t likely to create a VMM that makes it behave like any other kind of system. Still, the power of virtualization may completely redefine the “chain of trust” upon which trusted platforms rely, to the degree that the weak link in the chain, once again, becomes the one that inevitably becomes most exploited.