I don't understand all the fuzz about having a serial number in the chip
set. Many machines have de-facto already various serial numbers in the
BIOS and in the PROMS on various peripheral devices that a relatively
simple routine can hash together to a unique PC ID with similar
properties as the Pentium serial number. Microsoft Windows installations
have a serial number that is accessible to applications and that can
already be used together with ROM and peripheral serial numbers to
detect unauthorized copying of software.
CPU serial numbers identify CPUs and *NOT* people. People use many CPUs
and do change CPUs every few years, so the usefulness of a CPU ID for
privacy violation is rather limited and certainly not much better than
the existing identification methods.
Intel has gone anyway only half the way towards a CPU that offers really
significant new security functionality. Once they add a tamper-resistant
cryptographic firmware onto the CPU with a manufacturer certified
asymmetric key pair to which no software, not even even the OS has
uncontrolled access, then you can do many additional exciting things
that can only be circumvented using very sophisticated hardware attacks
on the CPU itself and not using software patches any more. For a few
example ideas of what Intel is going to ship in 2005, see for instance
http://www.cl.cam.ac.uk/~mgk25/trustno1.pdf
These features provide for instance excellent protection against
intellectual property violation (piracy, unauthorized disassembly,
etc.). I feel that this is an honourable cause, because if you don't
like this, then just use open source software instead, for which these
security features are irrelevant for policy reasons anyway. It also
provides for a high degree of tamper-manipulation. People with temporary
access to your PC can't easily manipulate your harddisc encryption
software to leak out the keys once you enter the passwords, because this
software has then to be authenticated at installation time by the CPU
firmware and only those who know the CPU password can install new
software on your system. Cryptographic firmware and secure key storage
inside a CPU can offer many levels of currently unavailable manipulation
resistance for your system.
Markus
--
Markus G. Kuhn, Computer Laboratory, University of Cambridge, UK
Email: mkuhn at acm.org, WWW: <http://www.cl.cam.ac.uk/~mgk25/>
