German Agency Sees Security Issues with Windows 8 and TPM 2.0
A German government agency indicated yesterday that is it investigating issues associated with using Windows 8 and the Trusted Platform Module (TPM) 2.0.
An announcement (translation) was issued by the BSI (Germany's federal office for security in information technology) in reaction to an August 21 Zeit Online article (translation), among others, that cites "internal documents" obtained from Germany's Ministry of Economic Affairs. Those documents suggest that "the use of 'Trusted Computing' technique in this form...is unacceptable for the federal administration and the operators of critical infrastructure," according to Zeit Online's account.
The BSI's announcement explained that "from the perspective of the BSI, the use of Windows 8 in combination with a TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used" (per the translation). It suggested that the combination of Windows 8 and TPM 2.0 could enable "sabotage" by third parties.
TPM 2.0 is the latest version of a hardware chip based on the Trusted Computing Group's open standards for protecting data in organizations. The chip stores credentials information, such as certificates, encryption keys and passwords, but it gets controlled by a machine's operating system, according to a Trusted Computing Group summary. The Trusted Computing Group is led by a board that includes Microsoft, Advanced Micro Devices, Cisco Systems, Fujitsu, Hewlett-Packard, IBM, Infineon Technologies, Intel, Juniper Networks, Lenovo and Wave Systems.
Microsoft is backing TPM 2.0 as a component of its Trustworthy Computing Initiative. TPM chips are currently shipping with all business-grade Windows RT tablets and Windows 8 Pro tablets, according to a February interview with Brian Berger, executive vice president at Wave Systems. The TPM component gets added by equipment manufacturers to a device's motherboard in some systems.
In response to questions about whether Windows 8 use in conjunction with TPM 2.0 leads to a lack of control and potential sabotage, as described by BSI, a Microsoft spokesperson sent the following comments:
Since the adoption of the Trustworthy Computing Initiative over 10 years ago, Microsoft has focused relentlessly on the security and privacy of IT users. Indeed, we are committed to building products that are SD3 (Secure by Design, Secure by Default, and Secure in Deployment) and PD3 (Privacy by Design, Privacy by Default, and Privacy in Deployment). It is also important to remember that one cannot have privacy without good security.
In support of these efforts, Windows has made a fundamental bet on trustworthy hardware and TPM 2.0 is a key component. Based in no small part on lessons learned in the TPM 1.2 timeframe, TPM 2.0 is designed to be on by default with no user interaction required. Since most users accept defaults, requiring the user to enable the TPM will lead to IT users being less secure by default and increase the risk that their privacy will be violated. We believe that government policies promoting this result are ill-advised.
It is also important to note that any user concerns about TPM 2.0 are addressable. The first concern, generally expressed as "lack of user control," is not correct as OEMs have the ability to turn off the TPM in x86 machines; thus, purchasers can purchase machines with TPMs disabled (of course, they will also be unable to utilize the security features enabled by the technology). The second concern, generally expressed as "lack of user control over choice of operating system," is also incorrect. In fact, Windows has been designed so that users can clear/reset the TPM for ownership by another OS of they wish. Many TPM functions can also be used by multiple OSes (including Linux) concurrently.
Trusted Computing Group Response
A Trusted Computing Group spokesperson replied as follows:
The specifications, including those for the TPM, have been developed over a long period of time with input from companies and governments worldwide. Some implementations of the TPM have been certified by third parties that have closely evaluated the specification and some companies' implementations of it as well. Info here.
The TPM specifications do not limit any applications nor dictate which or what kinds of applications can be used with it. The TPM has long been supported by various open source implementations. For example, the Google Chromebook uses the TPM with an open source operating system as do many other implementations.
Opt in and opt out have always been included in the TPM specifications.
The Zeit Online article cites an interview (in German) with Dr. Rüdiger Weis of the Beuth Hochschule für Technik Berlin institution who said that "together with the procedures implemented by Microsoft within Windows 8 (particularly secure boot) the control over its own hardware and software is removed from largely the user" (Bing translation). Weis added that "the TPM chip for the NSA is a dream" (translation), in the wake of Edward Snowden's disclosures about broad U.S. National Security Administration spying.
Microsoft has embraced the "secure boot" security procedure, which is part of the Unified Extensible Firmware (UEFI) specification. Secure boot is a protection scheme that works with Windows 8 to sign bootloaders with a certificate before the operating system loads to protect against rootkits that currently go undetected. Secure boot can be disabled in x86 Windows 8 systems, but it can't be disabled in Windows RT systems, Berger explained, in another interview. In addition, there is collaboration between Microsoft and antimalware software vendors at an "early launch antimalware" (ELAM) stage of the boot process that enables antimalware vendors to check the boot loader firmware.
Microsoft has denied that it provides back-door access to the U.S. government via its software. It claims to only respond to requests for specific data via legal demand. However, Snowden has asserted that NSA analysts require no legal process to tap Internet traffic using PRISM, contradicting Microsoft's claims. Snowden's leaked documents showed that Microsoft was the very first service provider to sign up for participation in the NSA's PRISM program.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.