Hardware restriction

Last updated

A hardware restriction (sometimes called hardware DRM) [1] is low-level protection enforced by electronic components. The hardware restriction scheme may protect against physical or malware attacks or complement a digital rights management system implemented in software. Some examples of hardware restriction information appliances are video game consoles, smartphones, [2] tablet computers, Macintosh computers [3] and personal computers that implement secure boot.

Contents

Instances of hardware restriction

Upgradeable processors

Some Intel processors are sold with some features "locked", that can later be unlocked after payment. [4] [5]

Note that this is not unique to Intel. Some models of IBM's System/370 mainframe computer had additional hardware included, that if the customer paid the additional charge, IBM would send out a service engineer to enable it, typically by cutting a resistor in the machine.

Trusted execution environment

Vendor exploits its privileged position as a maker of devices and embeds into the device unextractable private key coupled to the public key in an own database and a hash of own public key. Vendor also adds a privileged mode to the device which can protect the data processed in it (including program code) from OS and hardware via encryption of memory. Vendor adds an additional privileged mode allowing software run in that mode to control access of other software to that mode and secrets stored in it and restricts this mode only to software signed by own public key. Vendor implements software controlling access to that mode only to parties signed business agreement to the vendor and controlling access to the data by creating a proof that the software is untampered using the fact that the key embedded into the hardware cannot be accessed with reasonable cost for anyone except the vendor. Then a vendor sells access to usage of this mode in devices of consumers to parties interested in deprivation of device owners of ownership. These parties implement own software as 2 (or more) modules and ship it to users' machines. Generic module loads a trusted module and calls for trusted privileged vendor software to activate the protection and create the cryptographic proof that developer's software is in the state it intends to be, not replaced by some other software. The generic module sends this proof over the network to its developer, who checks the proof. Sometimes this can be done using vendor's internet service. Then the developer either sends the data he wants to prevent computer owners to have access to. Hardware vendor itself can have access to the data by issuing a modified version of privileged software controlling access, enabling it to create fake proofs, or if the verifications of the proof are done using internet service, modifying the service to falsely claim that a proof is valid. Data in TEEs can also be accessed exploiting various side channels or by reverse engineering a specific chip and extracting the key from it, if it is possible, but costs a lot. So the data processed this way should have low enough value, such as malware and proprietary content. Since some vendors disable TEEs if system firmware is tampered (sometimes permanently damaging a chip by blowing a e-fuse), using TEE proofs can be used by software and service vendors to prevent reverse engineering their software and/or accessing their services from a tampered device even if the software itself doesn't use TEE for storing any secrets.

Intel Insider

Intel Insider, a technology that provides a "protected path" for digital content, [6] can be considered a form of DRM. [7] [8] [9]

Verified/trusted boot

Some devices implement a feature called "verified boot", "trusted boot" or "secure boot", which will only allow signed software to run on the device, usually from the device manufacturer. This is considered a restriction unless users either have the ability to disable it or have the ability to sign the software.

Android devices

Many modern Android devices, such as Huawei [10] and Nokia [11] phones come with the bootloader locked.

Apple devices

Apple's iOS devices (iPhone, iPad, iPod Touch, and Apple TV) require signatures for firmware installation, intended to verify that only the latest official firmware can be installed on those devices. Official firmware allows third-party software to be installed only from the App Store.

TiVo

If a device only runs software approved by the hardware vendor, and only a certain version of a free software program is allowed to run on the device, the user cannot exercise the rights they theoretically have, because they cannot install modified versions.

OLPC

Another case of trusted boot is the One Laptop per Child XO laptop which will only boot from software signed by a private cryptographic key known only to the OLPC non-profit organisation and the respective deployment authorities such as Education Ministries. Laptops distributed directly by the OLPC organisation provide a way to disable the restrictions, by requesting a "developer key" unique to that laptop, over the Internet, waiting 24 hours to receive it, installing it, and running the firmware command "disable-security". However some deployments such as Uruguay [12] deny requests for such keys. The stated goal is to deter mass theft of laptops from children or via distribution channels, by making the laptops refuse to boot, making it hard to reprogram them so they will boot and delaying the issuance of developer keys to allow time to check whether a key-requesting laptop had been stolen.

Secure boot

Certified Windows 8 hardware requires secure boot. Soon after the feature was announced in September 2011, it caused widespread fear it would lock-out alternative operating systems. [13] [14] [15] [16] In January 2012, Microsoft confirmed it would require hardware manufacturers to enable secure boot on Windows 8 devices, and that x86/64 devices must provide the option to turn it off while ARM-based devices must not provide the option to turn it off. [17] According to Glyn Moody, at ComputerWorld, this "approach seems to be making it hard if not impossible to install Linux on hardware systems certified for Windows 8". [17] Reality has shown that on x86_64 platforms, Secure Boot being available has not hindered installing Linux and most distributions support it in order to harden the system against attacks. [18] [19] [20] [21]

Solaris Verified Boot

Oracle Solaris 11.2 has a Verified Boot feature, which checks the signatures of the boot block and kernel modules. By default it is disabled. If enabled, it can be set to "warning" mode where only a warning message is logged on signature failures or to "enforce" mode where the module is not loaded. The Solaris elfsign(1) command inserts a signature into kernel modules. All kernel modules distributed by Oracle have a signature. Third-party kernel modules are allowed, providing the public key certificate is installed in firmware (to establish a root of trust). [22]

See also

Related Research Articles

<span class="mw-page-title-main">Rootkit</span> Software designed to enable access to unauthorized locations in a computer

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">UEFI</span> Operating system and firmware specification

UEFI is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of firmware that implement these specifications are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the BIOS which was present in the boot ROM of all personal computers that are IBM PC-compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specifications. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10.

The Advanced Host Controller Interface (AHCI) is a technical standard defined by Intel that specifies the register-level interface of Serial ATA (SATA) host controllers in a non-implementation-specific manner in its motherboard chipsets.

The Direct Rendering Manager (DRM) is a subsystem of the Linux kernel responsible for interfacing with GPUs of modern video cards. DRM exposes an API that user-space programs can use to send commands and data to the GPU and perform operations such as configuring the mode setting of the display. DRM was first developed as the kernel-space component of the X Server Direct Rendering Infrastructure, but since then it has been used by other graphic stack alternatives such as Wayland and standalone applications and libraries such as SDL2 and Kodi.

coreboot Open-source computer firmware

coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.

<span class="mw-page-title-main">Free and open-source graphics device driver</span> Software that controls computer-graphics hardware

A free and open-source graphics device driver is a software stack which controls computer-graphics hardware and supports graphics-rendering application programming interfaces (APIs) and is released under a free and open-source software license. Graphics device drivers are written for specific hardware to work within a specific operating system kernel and to support a range of APIs used by applications to access the graphics hardware. They may also control output to the display if the display driver is part of the graphics hardware. Most free and open-source graphics device drivers are developed by the Mesa project. The driver is made up of a compiler, a rendering API, and software which manages access to the graphics hardware.

<span class="mw-page-title-main">Hackintosh</span> Non-Apple computer running macOS

A Hackintosh is a computer that runs Apple's Macintosh operating system macOS on computer hardware not authorized for the purpose by Apple. This can also include running Macintosh software on hardware it is not originally authorized for. "Hackintoshing" began as a result of Apple's 2005 transition to Intel processors, away from PowerPC. Since 2005, Mac computers use the same x86-64 computer architecture as many other desktop PCs, laptops, and servers, meaning that in principle, the code making up macOS systems and software can be run on alternative platforms with minimal compatibility issues. Benefits cited for "Hackintoshing" can include cost, ease of repair and piecemeal upgrade, and freedom to use customized choices of components that are not available in the branded Apple products. macOS can also be run on several non-Apple virtualization platforms, although such systems are not usually described as Hackintoshes. Hackintosh laptops are sometimes referred to as "Hackbooks".

<span class="mw-page-title-main">Apple–Intel architecture</span> Unofficial name used for Macintosh models that use Intel x86 processors

The Apple–Intel architecture, or Mactel, is an unofficial name used for Macintosh personal computers developed and manufactured by Apple Inc. that use Intel x86 processors, rather than the PowerPC and Motorola 68000 ("68k") series processors used in their predecessors or the ARM-based Apple silicon SoCs used in their successors. With the change in architecture, a change in firmware became necessary; Apple selected the Intel-designed Extensible Firmware Interface (EFI) as its comparable component to the Open Firmware used on its PowerPC architectures, and as the firmware-based replacement for the PC BIOS from Intel. With the change in processor architecture to x86, Macs gained the ability to boot into x86-native operating systems, while Intel VT-x brought near-native virtualization with macOS as the host OS.

<span class="mw-page-title-main">EFI system partition</span> Partition used by Unified Extensible Firmware Interface

The EFIsystem partition or ESP is a partition on a data storage device that is used by computers having the Unified Extensible Firmware Interface (UEFI). When a computer is booted, UEFI firmware loads files stored on the ESP to start installing operating systems and various utilities.

In the context of free and open-source software, proprietary software only available as a binary executable is referred to as a blob or binary blob. The term usually refers to a device driver module loaded into the kernel of an open-source operating system, and is sometimes also applied to code running outside the kernel, such as system firmware images, microcode updates, or userland programs. The term blob was first used in database management systems to describe a collection of binary data stored as a single entity.

<span class="mw-page-title-main">Intel Active Management Technology</span> Out-of-band management platform

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitoring, maintenance, updating, and repairing systems. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

Pre-boot authentication (PBA) or power-on authentication (POA) serves as an extension of the BIOS, UEFI or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed they have the correct password or other credentials including multi-factor authentication.

Rooting is the process by which users of Android devices can attain privileged control over various subsystems of the device, usually smartphones. Because Android is based on a modified version of the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.

<span class="mw-page-title-main">Hacking of consumer electronics</span>

The hacking of consumer electronics is an increasingly common practice which users perform in order to customize and modify their devices beyond what is typically possible. This activity has a long history, dating from the days of early computer, programming, and electronics hobbyists.

A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

InstantGo or InstantOn or Modern Standby is a Microsoft specification for Windows 8 hardware and software that aims to bring smartphone-type power management capabilities to the PC platform, as well as increasing physical security.

<span class="mw-page-title-main">Intel Management Engine</span> Autonomous computer subsystem

The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.

Custom firmware, also known as aftermarket firmware, is an unofficial new or modified version of firmware created by third parties on devices such as video game consoles and various embedded device types to provide new features or to unlock hidden functionality. In the video game console community, the term is often written as custom firmware or simply CFW, referring to an altered version of the original system software inside a video game console such as the PlayStation Portable, PlayStation 3, PlayStation Vita/PlayStation TV, PlayStation 4, Nintendo 3DS and Nintendo Switch. Installing custom firmware typically requires bootloader unlocking. The process of installing custom firmware is commonly referred to as "jailbreaking".

<span class="mw-page-title-main">Librem</span> Computer line by Purism featuring free software

Librem is a line of computers manufactured by Purism, SPC featuring free (libre) software. The laptop line is designed to protect privacy and freedom by providing no non-free (proprietary) software in the operating system or kernel, avoiding the Intel Active Management Technology, and gradually freeing and securing firmware. Librem laptops feature hardware kill switches for the microphone, webcam, Bluetooth and Wi-Fi.

<span class="mw-page-title-main">Bootloader unlocking</span> Process of disabling secure device booting

Bootloader unlocking is the process of disabling the bootloader security that makes secure boot possible. It can make advanced customizations possible, such as installing a custom firmware. On smartphones this can be a custom Android distribution or another mobile operating system. Some bootloaders are not locked at all, others can be unlocked using a standard command, others need assistance from the manufacturer. Some do not include an unlocking method and can only be unlocked through a software exploit.

References

  1. http://www.hpl.hp.com/techreports//2003/HPL-2003-110.pdf Archived 2015-09-24 at the Wayback Machine HP Laboratories
  2. Stross, Randall (14 January 2007). "Want an iPhone? Beware the iHandcuffs". The New York Times. Archived from the original on 2016-11-01. Retrieved 2017-02-22.
  3. "Apple brings HDCP to a new aluminum MacBook near you". arstechnica.com. 17 November 2008.
  4. "Intel wants to charge $50 to unlock stuff your CPU can already do". engadget.com. Archived from the original on 2017-07-21. Retrieved 2017-08-29.
  5. "Intel + DRM: a crippled processor that you have to pay extra to unlock / Boing Boing". boingboing.net. 18 September 2010. Archived from the original on 2011-08-25. Retrieved 2011-07-12.
  6. Shah, Agam (6 January 2011). "Intel: Sandy Bridge's Insider is not DRM". computerworld.com. Archived from the original on 2011-12-04. Retrieved 2011-07-12.
  7. "Intel Claims DRM'd Chip Is Not DRM, It's Just Copy Protection". techdirt.com. 7 January 2011. Archived from the original on 2011-12-25. Retrieved 2011-07-12.
  8. "Is Intel Insider Code for DRM in Sandy Bridge?". pcmag.com. Archived from the original on 2017-02-10. Retrieved 2017-08-29.
  9. "Intel's Sandy Bridge sucks up to Hollywood with DRM - TheINQUIRER". theinquirer.net. Archived from the original on 2011-06-15. Retrieved 2011-07-12.{{cite web}}: CS1 maint: unfit URL (link)
  10. "Huawei will stop providing bootloader unlocking for all new devices". xda-developers. 2018-05-24. Retrieved 2020-03-20.
  11. "August security update on Nokia phones blocks bootloader unlock methods". xda-developers. 2018-08-22. Retrieved 2020-03-20.
  12. "[Sugar-devel] Is Project Ceibal violating the GNU General Public License?". lists.sugarlabs.org. Archived from the original on 2016-03-03. Retrieved 2016-09-24.
  13. Hacking; Security; Cybercrime; Vulnerability; Malware; Lacoon, Check Point snaps up mobile security outfit; users, Fake Pirate Bay site pushes banking Trojan to WordPress; Lebanon, Mystery 'Explosive' cyber-spy campaign traced back to. "Windows 8 secure boot would 'exclude' Linux". The Register . Archived from the original on 2016-07-11. Retrieved 2016-09-24.
  14. "Windows 8 secure boot could complicate Linux installs". arstechnica.com. 21 September 2011. Archived from the original on 2012-05-01. Retrieved 2017-06-14.
  15. "Windows 8 secure boot to block Linux". ZDNet. Archived from the original on 2011-09-23. Retrieved 2011-09-28.
  16. Staff, OSNews. "Windows 8 Requires Secure Boot, May Hinder Other Software". www.osnews.com. Archived from the original on 2016-09-27. Retrieved 2016-09-24.
  17. 1 2 Is Microsoft Blocking Linux Booting on ARM Hardware? - Open Enterprise Archived 2012-03-09 at the Wayback Machine
  18. HowTos/UEFI - CentOS Wiki
  19. Larabel, Michael (30 April 2018). "Debian Making Progress on UEFI SecureBoot Support in 2018". Phoronix. Phoronix Media. Retrieved 23 May 2018.
  20. "Unified Extensible Firmware Interface/Secure Boot". wiki.archlinux.org.
  21. "SecureBoot". FreeBSD Wiki. FreeBSD. Retrieved 16 June 2015.
  22. Anderson, Dan. "Solaris Verified Boot". oracle.com. Archived from the original on 2014-05-02. Retrieved 2014-05-01.