Journal Réponse de AMI à mon mail concernant leur Bios supportant TCPA

Posté par  .
Étiquettes :
0
13
jan.
2003
Suite à la news http://linuxfr.org/2003/01/10/10927.html j'avais envoyé un mail à AMI pour leur faire part de mon opinion ( négative ;) ).

Ils m'ont répondu (ainsi qu'à quelques milliers de Slashdotteurs, apparemment.).

Voila leur réponse (type):



Hello Emmanuel,

Thank you for taking time to contact us here at AMI. We respect your your
opinion and would like to underline some relevant points about our
announcement that were not adequately conveyed in the "article" posted on
Slashdot. We urge you to please give us a minute of your time to fully
understand what AMI is offering and thus be able to make a fully informed
decision.

It must be noted that AMI has not announced support for Palladium. Palladium
is an initiative by an OS entity that is slated for the future. To be
honest, though we do know about it, AMI has not begun any development
related to it. At this point we have not made any decisions on support
either.

TCPA does not equal Palladium. While certainly there is some future
development overlap between the two, TCPA is being introduced by OEM's as a
security option to protect systems through hardware and firmware. This
feature is completely optional to our customers (OEM's, ODM's, CM's and
other system builders) that they may choose to make it available or not
depending on the needs of their market. We have had requests from a number
of customers for this technology.

Depending from the motherboard manufacturer, you will continue to find
motherboard enabled by AMIBIOS that do not feature TCPA. I must also add
that AMIBIOS is not the first to offer this feature - There are already PCs
featuring this technology.

Regarding the limitations of a system with TCPA I would offer the link below
to the public specification for further information on compatibility with
different OS's, and hardware. Based on that spec we can tell you that it
does not limit the ability to run Linux (or any other open source solution).

As a smaller company itself, AMI has always supported innovation and
creativity as these have been our main tools in competing against much
larger companies in our industry. We would not do anything that in our
minds would damage our credibility or reputation for world class BIOS
solutions and will carefully evaluate this type of feedback when it does
come time to examine any future technologies. We would also like to
recommend that anyone who is opposed to a Palladium-type solution in the
future, please make that known to OEM's and system builders. As they are
our customers, we definitely listen to them in terms of what they (and
hopefully their customers) will want in future BIOS.

Thank you again for your time in contacting us and we hope that this and
some of the links below will shed some light on AMI's plans.



LINKS

Original Articles on theinquirer.net

http://www.theinquirer.net/?article=7089
http://www.theinquirer.net/?article=7103

AMI TCPA module Whitepaper
http://www.ami.com/support/doc/TCPA_whitepaper.pdf

TCPA Website
http://www.trustedcomputing.org/

  • # Re: Réponse de AMI à mon mail concernant leur Bios supportant TCPA

    Posté par  (site web personnel) . Évalué à 1.

    C'est tout simplemment une réponse-type qu'ils transmettent a tout ceux qui ont du leur érire suite a la news sur Slashdot...

    Cela dit, ils nous donnent un bon conseil :
    We would also like to
    recommend that anyone who is opposed to a Palladium-type solution in the
    future, please make that known to OEM's and system builders. As they are
    our customers, we definitely listen to them in terms of what they (and
    hopefully their customers) will want in future BIOS.

    Dès qu'un constructeur annoncera sa décision de fabriquer de telles cartes mères, je crois qu'il ne faudra pas hésiter... puisqu'ils disent fabriquer ce qu'on leur demande (et je pense qu'ont peut les croire quand ils disent ca).

  • # Re: Réponse de AMI à mon mail concernant leur Bios supportant TCPA

    Posté par  (site web personnel) . Évalué à 3.

    J'ai reçu le même mail suite à un premier message, donc c'est bien un mail type. J'ai aussitôt répondu par un long mail auquel ils ont répondu. Le voici :



    Hello [nom de la personne],


    First of all, I would like to thank you for your quick answer. Indeed, not all companies take time to answer.

    I must admit I made a little confuse between TCPA and Palladium at the time of writing the mail you received. I have readen several documents since that time.

    TCPA != Palladium ok

    But, I do NOT change my opnion and I want to explain why (perhaps I can make mistakes again, so do not hesitate correct me).

    TCPA itself is not bad. Indeed, with TCPA I can be sure that my operating system was not modified by someone (a cracker for example). The company which sells this OS has given a sort of certificate. The bios verifies if the OS valids the certificate. If not, the computer stop the boot process (ok, not for the moment, but in some time it will be the case). If everything is ok, the boot process continues.
    The OS integrity is verified, no crackers has modified it --> I'm happy :)
    The OS can rely on itself, that's a good thing. The OS can verify the applications' certificates. As the bios, the OS can stop the launch of an application if its certificate is not valid.
    Palladium will not do that, applications without certificates or with invalid certificates will be able to be launched. For a moment only : next releases will certainly stop the launches of these applications.

    Here is the problem. Little devloppers, like me, will not be able to afford such a certificate. Companies will be able to afford these certificates, but not independent programmers. It's the death of some freedom, isn't it ?

    Another problem is the certificates for music or books. Majors will be able to sell music or book for 1 to x uses. After these x uses, you will have to buy again an authorisation to hear or read (see "the right to read" and "the right to hear" links in my last mail). Personnaly, I can't accept this.

    Another one is the document created with an application. You can have problem reading them in a later time if you stop pay for the software. That is not acceptable not t be able reading them.

    Worst, if a company sell a new and incompatible (with the old one) release of its product, it can decide to stop the support of the old one and abort certificates for the old one. Doing that, it forces its customers to buy new release of the product. They have to buy the new release if they want to hear next songs, next books, etc.
    OSes like Palladium are dangerous because they give too much power to companies. Customers can't decide anymore. Some people can say : "they have choice, they can decide not to buy the new release". These people are wrong. Indeed, it isn't a TRUE choice, is it ?
    To cut short a long story, OSes like Palladium must not be accepted by customers. Do you agree with me ?

    The second problem is that Microsoft ownes 95% of the public OS market. Each time Microsoft released a new version of Windows, customers used to buy (with their new computer for example or they use a pirated version) the new one. So why won't they buy Palladium version ?
    Some people can say : "Customers are not stupid. They will see the limitation of their freedom and they won't buy it". But, do they complain about Windows XP's activation ? no.
    And people wanting to react will have so little choice : keeping their old version or install another less restrictive OS. Keeping their old version is not a real solution : they won't be able to install new software which will work only under Palladium. Switching to another OS is not an easy solution : I like GNU/Linux but I can't say everyone can install and use it. And under GNU/Linux, you won't be able to play songs or read your books because the OS has not a valid certificate.

    So, we have seen that OSes like Palladium will be bad for customers' freedom and that customers won't be able to avoid Palladium. Isn't it frightening ?


    Now, let's go back to TCPA. We can avoid Palladium in one way : no TCPA = no Palladium (remember the beginning of my text: "because Palladium depends on TCPA".


    Have you all this readen ? (if yes, thank you!) Have you seen mistakes ? If not, you must admit that TCPA will introduce Palladium in our lifes and that, in this case, TCPA is bad.

    Now, I _really_ would like to show me that I'm wrong and that TCPA is a great thing. It will be great, but I think it can't be.


    Yours sincerely,

    Didier <xxxxx@xxxxxx.xxx>



    et voici leur réponse :


    Didier, I do appreciate your text. It expresses Ross Anderson's opinions,
    But it gives us some interesting info, we will keep that in mind.


    au moins ce n'est pas un mail type :)
    ont-ils répondu ça pour que je les laisse tranquille ou bien est-ce une réponse honnête, difficile de le dire...

Suivre le flux des commentaires

Note : les commentaires appartiennent à celles et ceux qui les ont postés. Nous n’en sommes pas responsables.