Np5792 Bios

For all of you NP5792 users:

I just called SAGER concerning my BIOS statng "No TPM or TPM has a problem." I was told that when the BIOS was written, the TPM section was not taken out. I was told this will not affect the computer in any way.


Rebel

 

Trusted Platform Module

http://64.233.167.104/search?q=cach.../TPM_WP.pdf+bios+TPM&hl=en&ct=clnk&cd=2&gl=us

 

Well, that opens a whole kettle of (potentially smelly) fish. The white paper linked by DJDave presents a fairly innocuous view of the TPM; however, TPM appears to present a significant number of not-so-innocuous opportunities to system builders to further limit the end-user's ability to fully control her/his own computer, as discussed in this wikipedia article: http://en.wikipedia.org/wiki/Trusted_Computing

To date it appears to be the case that most OEMs have avoided taking full advantage of the opportunities afforded them by TPM; however, I for one would not be inclined to wager on such reticence lasting forever. HP already plays stupid games with wireles modules by using BIOS routines to render an HP system useless if the end-user replaces the original wireless module with one that hasn't been pre-approved by HP; since several understandably irritated HP owners have already begun to hack the HP BIOS or find other work-arounds, including a rather creative use of soldering skills, see http://64.233.169.104/search?q=cach...s+module+BIOS+solder&hl=en&ct=clnk&cd=1&gl=us (not for the faint-hearted ), the pessimist in me thinks that it's only a matter of time before HP starts using TPM offensively to lock end-users into one hardware configuration that cannot be changed without the prior permission of HP - after all, since the core purpose of TPM is to stop unauthorized use (aka hacking), an integrated TPM would, by its very nature, be almost impervious to the hacking work-arounds that are currently used against HP's BIOS locking.

All in all, it would have been preferable if Clevo had rendered the TPM inert in the first place, rather than leaving it susceptible to being turned on later - if all it takes is a tweak to the BIOS to turn the TPM on, all I need is a successful BIOS virus to permanently steal your computer from you.

 

Quite the contrary...the TPM (emphasis on "Module") is not in the NP5791/92 or the NP9261/62 while it was in the NP5790 and NP9260. However when re-writing the BIOS for the new models, Clevo simply did not remove the TPM portion.

There is no way to activate what isn't there.

 

To say nothing of the fact that there would most likely be all kinds of anti-trust lawsuits if a system builder tried to use the TPM like you describe, Shyster. I'm sure it's doable, but it's a lot like Sony using a malicious rootkit as DRM protection . . . it would be difficult to come up with a legal basis for employing a TPM module in that manner

 

Ah, thank-you for the clarification, that's good to know (my experience thus far with Sony, HP, Gateway, and MS and their fetishistic approach to "proprietary" has me to the point where TPM seems sort of like a dual-use technology akin to providing North Korea with uranium for its civilian nuclear program).

 

Unfortunately I cannot be as sanguine as you. I am no expert on antitrust law, but I just do not see the use of TPM ala HP's current BIOS whitelist for wireless cards giving rise to any successful antitrust claims, with the single exception for the case where Intel used TPM to enforce tying with another product sold by Intel (e.g., Intel using TPM so that, whenever an Intel cpu/chipset is used, an Intel wireless card must also be used). For example, if HP were to implement its wireless card whitelist via TPM, I seriously doubt if HP would be found to have the sort of "economic power" required for such activity to constitute illegal tying (see, e.g., http://en.wikipedia.org/wiki/Tying_(commerce) ).

Second, using TPM in this manner would be fundamentally different from Sony's use of a rootkit to implement DRM because it would be part and parcel of the system you purchased as received from HP, not an after-the-fact hack of the systems, including systems neither produced, sold, nor serviced by HP without any forewarning of any sort to the system owner (at the most, HP in my hypothetical would need to do nothing more than provide a footnote in the fine print stating that, for the purpose of protecting the consumer's investment, the system has been engineered so that it cannot be operated if a component is installed that has not been previously verified to work without harming the HP system in question).

Third, again, I'm no expert, but in this case a simple enough basis for using TPM to shut out unauthorized modules is the ever-present problem of heat - the fact that excess heat from one component may cause latent damage to other components that may not show up until much later, and possibly after the offending component has been removed and replaced with a conforming module, and in addition, that such latent damage may result in HP having to repair under its warranty damages that it really should not have been required to repair, should be enough of a basis to justify preventing the use of components that HP itself has not verified will, in fact, not cause latent damage to any other component in an HP system.

The point to keep in mind here is that, in contrast to the DRM affair, which is really basically just a software/IP issue, the sort of use for TPM I'm contemplating sits at the confluence of hardware and software, and makes much more likely (and less objectionable) physical restrictions that, mirabile dictu, just happen to have restrictive software/IP consequences as well.

At any rate, that's just my personal paranoia.:twitcy:

 

Nothing wrong with a little healthy paranoia .

I don't think we've quite hit that "Big Brother" level of hardware "protection" yet. Keep in mind that most companies won't warrant damages they deem to be caused by an unauthorized upgrade, anyway. Besides, as long as they provide a footnote if/when they start using TPM so intrusively, the kind of consumer who might want to modify his/her notebook is smart enough to check that footnote, and the mass-market user that makes up the majority of HP's install-base probably wouldn't care that his or her system has been locked on the hardware level (since their last computer is probably still infected with Sony's Rootkit, anyway).

 

Agreed. BTW, isn't "Sony" Japanese for "rootkit" :wink: ?

 

No, I think it's actually Japanese for, "All your wallet are belong to us."