Disabling TPM chip?

Simple question, is there any way to disable the TPM chip that is eventually going to be in all computer systems? Has anyone found a work around or is it still too early in its infancy? Having something like that in my system is extremely unnerving, given the current political agenda. Any insight on this would be appreciated.

 

I've always had to turn ON a TPM in BIOS. Some day that option might not be available, but all you'd have to do is just not run the software in the OS that interfaces with the TPM.

Political agenda? What? You sound like a Doomsayer !

 

There may be away, but given their purpose, I doubt that the design would intentionally leave a hole for people to disable them.

 

what's a TPM chip?

 

Trusted Platform Module
From Wikipedia, the free encyclopedia

In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store secured information, as well as the general name of implementations of that specification, often called "TPM chip", "Fritz chip" or "TPM Security Device" (Dell). The TPM specification is the work of the Trusted Computing Group. The current version of the TPM specification is 1.2 Revision 103, published on July 9, 2007.

A Trusted Platform Module offers facilities for secure generation of cryptographic keys, the ability to limit the use of cryptographic keys, as well as a hardware random number generator. It also includes capabilities such as remote attestation and sealed storage. Remote attestation creates a nearly unforgeable hash key-summary of the hardware and software. To what extent the software is being summarized is decided by the software that is encrypting the data . This allows a third party to verify that the software has not been changed. Sealing encrypts data in such a way that it may be decrypted only if the TPM release the right decryption key, which it only does if the exact same software is present as when it encrypted the data. Binding encrypts data using the TPM's endorsement key, a unique RSA key burned into the chip during its production, or another trusted key.

A Trusted Platform Module can be used to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in during the production, it is capable of performing platform authentication. For example, it can be used to verify that the system seeking the access is the expected system.

Microsoft's new desktop operating system Windows Vista uses this technology as part of the feature BitLocker Drive Encryption. Available only in the Ultimate and Enterprise editions of Windows Vista[2], BitLocker encrypts the computer's boot volume and provides integrity authentication for a trusted boot pathway (i.e. BIOS, boot sector, etc.) Other volumes can be encrypted using built-in command-line tools (although not via the GUI currently). Future Windows versions are expected to have increased TPM and BitLocker support for additional cryptographic features and expanded volume encryption. BitLocker requires two NTFS-formatted drive volumes, one for Windows boot code and BitLocker operational code, and the other containing the boot volume (i.e. the volume where the operating system is stored). It should also be noted that, contrary to common misconception, the official name Full Volume Encryption (FVE) does not mean BitLocker encrypts entire drives; rather, it acts on logical volumes, which may or may not take up the entire drive.

Generally, pushing the security down to the hardware level in conjunction with software provides more avenues for protection than a software-only solution that can be compromised by an attacker. Starting in 2006, many new laptop computers have been sold with a Trusted Platform Module chip built-in. In the future, this concept could be co-located on an existing motherboard chip in computers, or any other device where a TPM's facilities could be employed, such as a cell phone. Intel is planning to integrate the TPM capabilities into the southbridge chipset in 2008.

You asked!

 

I should have just gone there and looked :laugh:

would you be so kind to tell me how exactly this can be used against the end user negatively in some way?

 

DRM, tracking, and usage monitoring. Essentially a 'phone home' device.

 

You are now asking me to think! I am not sure, will read and get back.

 

I can smell the smoke already...

 

In any case, I wouldn't expect a device with such purposes to have a simple (or possibly legal) method of circumvention.