Don't let paranoia over the NSA and TPM weaken your security
The unintended by-product of Edward Snowden’s NSA document dump is a bull market in paranoid conspiracy theories.
The latest example is the breathless report out of Germany that Microsoft and the NSA have conspired to give American spies access to every copy of Windows 8, enforced by a mysterious chip called the Trusted Platform Module, or TPM. “It’s a backdoor!” scream the conspiracy theorists.
Apparently, Microsoft is so powerful that it is able to influence even its most bitter enemies. Consider this graphic, from a whitepaper commissioned by the Trusted Computing Group, which manages the TPM standard. It explains how the TPM chip uses cryptographic keys to verify that an operating system hasn’t been tampered with:
Image credit: SANS whitepaper, “Hardware Trust and TPM.”
Notice anything off about that graphic? Yeah, that’s a Chromebook logo. If you buy a Chromebook, powered by Google’s operating system without a hint of Windows 8 anywhere in it, it will be protected by a Verified Boot process, enforced by the same TPM chip used in Windows devices.
Here’s Google’s explanation:
The goal of Verified Boot is to provide cryptographic assurances that the system code hasn’t been modified by an attacker on the Chromebook. Additionally, we use lockable, non-volatile memory (NVRAM) in the TPM to ensure that outdated signatures won’t be accepted. To put this into perspective, the system does all this in about 8 seconds.
If you don't want to boot Google-verified software — let's say you built your own version of Chromium OS — no problem. You can flip the developer switch on your device and use the Chromebook however you'd like. It’s yours, after all!
You can do the same thing on a Windows device by disabling the Secure Boot option. That option is on by default, to prevent rootkits from being able to compromise a machine. But if you have physical access to the machine, you can go into its settings and disable that option, at which point you are free to do whatever you like.
The point is, a TPM is a platform-neutral device. It provides a secure way to encrypt data so that it can't be accessed by anyone except you, and it protects your device from being tampered with. Both of those features are highly desirable these days.
But who knows what’s going on in that chip? I mean, they say it's just a secure place to store encrypted keys, but who knows what else it can do? Obviously the American government or maybe the Chinese have intimidated the chip’s manufacturer, right?
Uh, maybe not. The most popular maker of TPM technology is Infineon Technologies AG, which is based in … Neubiberg, Germany. Perhaps those intrepid German journalists could, you know, hop on a train and head down to Infineon to see for themselves.
Look, we’re well into the 21st Century. Devices and operating systems are tightly integrated because they have to be, for common-sense reasons of reliability and security. Strong encryption, supported by dedicated hardware built according to standards hashed out in public by the technology industry, is a crucial part of protecting both the privacy of your personal data and the integrity of your device.
The irony is that conspiracy theorists who can convince you to avoid using the TPM because it’s somehow evil will actually make it easier for spies and criminals to access your secrets.
Well played, my paranoid friends. Well played.