Trusted Computing platform, DRM coming to hard drives


San Jose (CA) - As part of a series of announcements made this week at the annual RSA security conference, the Trusted Computing Group announced it will be publishing a specification that extends the reach of devices covered by the so-called Trusted Platform to the realm of the hard disk drive. With the advent of TCG's Storage Work Group's implementation of the Trusted Platform Module version 1.2, comes at least the technical possibility that a fixed, single industry standard could emerge for digital rights management at the storage device level.

Last October, the TCG announced its Mobile Work Group would be publishing a similar implementation of TPM for cell phones and handsets. This week's announcement from the Storage group is similar in scope, but could have much farther reaching consequences. With hard disk drives not only the principal data storage devices for PCs, but also DV-Rs such as TiVo, new home media center computers, and a multitude of small handheld devices including iPod, the possibility exists for a new breed of storage devices with rights management built in. Such devices could, in effect, relieve operating systems and set-top box firmware of the responsibility for implementing DRM, at the very time when the consumer electronics industry remains at loggerheads over standards for adapting system firmware for evolving DRM specifications.

"In any content protection system, it's that last little inch that's always the sensitive area," Michael Willett, senior director of research at Seagate Technologies, and co-chair of the TCG's Storage Work Group, told TG Daily. Already, he argued, we know how to communicate content, such as streaming media, across a network from point to point, but those points have historically been processors. There's a mechanism that exists in an HDD between the I/O processor and the read/write head, and unless that's secured, that small distance becomes the weak link in the chain. "It's that last inch, or half-inch, of movement and manipulation that's always been the sensitive aspect of some of these control systems. Now that you've got the sensitive and secure computation right on the drive media itself, you maybe are closing that little half-inch."

The objective of the Trusted Computing Platform is to specify at least one element of a computing system that cannot be changed by the outside world. In that element, TC architecture would embed a program that could generate authentication code that could be used to exclusively identify the system. This immutable code, to use the TC term, could then utilize the system identity as a key for encrypting all data communications between itself any any other device that identifies itself in the same manner. This way, no communication from the outside world could interfere with the interaction between two devices, and successfully report itself as one or the other device. All communication over such a channel would be trusted because the identity of its sources could always be ascertained and verified.

It is one of the most laudable ideas ever to emerge from the field of computing; but partly because of the way it has been implemented, and partly due to its own destined-to-be-Orwellian title, Trusted Computing has drawn considerable skepticism, much of it from very reputable sources. Much of the argument against TC architecture boils down to a notion that the Trusted channel of communication, due to its own impenetrability, creates a kind of back-alleyway within people's own PCs where undetectable programs may lurk, placed there by any number of Powers That Be.

But this week's development could actually change that worst-case landscape...perhaps, some would argue, for better or worse. Seagate's Willett makes a very compelling case for distributing TPM 1.2 resources, with the possible effect of neutralizing some worst-case scenarios. Up to this point in the history of computer architecture, he said, the PC motherboard has been considered the most trustworthy device in the system, because it contains a degree of immutable hardware, and immutability is the essence of technological trust. But there's another immutable element in the system, he points out, and that's the class of product his company produces: "The drive has always had a full-blown processor," Willett told TG Daily. "There's a computer in there that has its own software, which is the firmware. It's loaded at the factory, and traditionally, we don't allow that to be changed in the field." In other words, you can't flash the ROMs of a hard drive through a network utility - at least not yet.

Furthermore, Willett argued, an HDD has its own internal memory, which cannot be addressed by the CPU of a PC. Its typical use, he rexplained, is for the drive to keep track of its own mapping, and the locations of its bad sectors. "So one of the cornerstones of the architecture we've done in the Storage Workgroup [is], we have partitioned that hidden memory in what are called security partitions. For each security partition, you can define a set of functions that are all part of the architecture, like cryptographic functions, storage functions, administrative functions, that you can bundle [together]." From there, an API can be utilized to make that bundled set of cryptographic functions addressable from an operating system, but only through a level of indirection - that is, utilizing the API as a go-between, so that it never breaches the immutable regions of the HDD's firmware.

As a result of this, Willett proposes, a hard drive controller has every right to be considered a root of trust in the TC scheme, as the TPM module on the motherboard. "The two basic characteristics of the TPM, he said, "[are] the ability to do signing, and the ability to be non-changing. We're mimicking those characteristics in the hard drive. We'll have a root of trust [there], so certain parts of the hard drive will be immutable, non-changing, [including] certain aspects of the firmware...And the minimal implementable complement of security functions - like digital signing, random number generation, hashing, secure storage, those sorts of things - will be in the hard drive."