[108051] in Cypherpunks
Intel's Master Plan - 'Wired for Management'
daemon@ATHENA.MIT.EDU (Richard Hornbeck)
Tue Feb 2 16:52:27 1999
From: "Richard Hornbeck" <rhornbec@counsel.com>
To: <cypherpunks@cyberpass.net>
Date: Tue, 2 Feb 1999 08:30:58 -0600
Reply-To: "Richard Hornbeck" <rhornbec@counsel.com>
Following is my take on Intel's PSN technology within the context of its
overall 'Wired for Management' marketing strategy.
================
Intel's release of PSN technology in its Pentium III chips represents a
single, yet essential component of a much more elaborate, long-range
program, which it calls 'Wired for Management.'
(http://developer.intel.com/ial/WfM/wfmover.htm)
Intel, (not unlike Microsoft), has a vision of the future that consists of a
billion connected computers doing electronic commerce and other forms of
communication, and all running Intel (Wintel) technology.
Craig Barrett, in his first-day keynote address at the Intel Developer Forum
in Palm Springs in September 1998, said the billion-connected-computer level
will come "in six, eight or 10 years." There are about 150 million computers
in operation today, 300 million will be in use by the end of the century and
by 2005 a billion may be "interacting in an instant fashion," Barrett said.
The CDSA (common data-security architecture), and hardware support for data
encryption, are needed to keep momentum going in the industry.
"We want the industry to move toward three things: easy to use; instantly
available; and always connected," Barrett said.
One would be hard pressed to claim that Intel's goal is world domination;
but less hard pressed to recognize that its goal is domination over the
world's computer market. Faced with increasing competition, falling prices,
and several technical missteps, Intel was forced to raise the bar on feature
robustness, and try to leap frog into a position as permanent market share
leader. Over a year ago, it set out to accomplish this ambitious goal
through a program called 'Wired for Management.' (WfM)
Briefly, the program seeks to accomplish this objective by embedding into
Intel processors the necessary features that enable remote management,
support, and upgrading of any computer's software and hardware (BIOS
Flashing). In other words, by providing the capability within its chips to
enable secure communications between a 'master' computer and its various
nodes, the master could perform any management functions necessary to
support the remote computer, among other things.
Needless to say, any individual company or entity has the authority and
responsibility to implement whatever technology it needs on its own internal
corporate computers and networks, to enable it to manage its computer
resources cost-effectively and securely. However, one of the potential
threats to the private citizen is the reality that this same technology
which Intel intends to offer for commercial use, may become ubiquitous, and
extend into the private individual's computer. Because this technology can
be readily circumvented, and fraudulently manipulated, not only will
corporate assets be at risk, but the private individual could be vulnerable
to remote abuse by hackers, criminals, and others, without their knowledge.
Intel proposes to make these same WfM features available for mobile
platforms, such as laptops, via modem. For example, if an employee is in the
field, and the network manager needs to upgrade one of the software
components on the laptop, then the next time the employee dials in to the
corporate Intranet, the 'master' server will take control of the laptop,
through Intel's technology, and load the necessary software.
In an excellent article, 'Intel's security plans raise fear from PC
builders' by Rick Boyd-Merritt and Mark Carroll, in the December 12, 1998
issue of 'EE Times,' (www.eetimes.com) concerns were raised by 'software,
semiconductor and systems companies that fear the processor giant could wind
up encroaching on their markets, extending its own reach deeper into the PC
architecture.'
The article goes on to describe the reasons behind these other companies
concerns:
Quoted excerpt begins:
'Intel's plans center around a so-called firmware hub, essentially a flash
memory with key BIOS functions, which will be part of its Camino, Carmel and
Whitney chip sets. Those products will accompany next year's Katmai [Pentium
III] processors and are expected to be used in the Merced line too. "This is
an example of Intel taking in one more piece of the PC architecture," said a
senior R&D manager with a major PC company who asked not to be named.
Intel would not comment on its unannounced products. However, the key
features of the chip are beginning to come to light based on reports from
multiple sources. The firmware hub is "basically a flash chip with locks on
its read and write capabilities that can be opened using a cryptographic
protocol," said another source briefed by Intel.
Hardware security functions include a cryptographic engine to authenticate
"digital certificates" that Intel or a third party could load in. The chip
could hold multiple certificates, each with permission to grant specific
features, such as to permit an operating system or an MPEG player to run.
They would also ensure that a software program licensed to one user was not
copied and run on another machine, a common practice. In addition, the
certificates will act like unique serial numbers, identifying a given
machine in any Internet or corporate network transaction, sources said.
The hub may also include a random-number generator to create public keys for
encryption and help enable encrypted transmissions between PCs. That would
provide security for electronic commerce and software downloads, possibly
including software modules for host-based modems, MPEG players or audio
codecs that are housed in the firmware hub and run on the CPU.
Another feature sources have mentioned is physical security, linking sensors
to the hub so that it may report problems to a central network administrator
if the case is tampered with or peripherals are removed.
Even though the firmware-and the chip sets it is part of-are not due for
production until at least mid-1999, samples have been available in Taiwan
for some time. "We have had samples of the firmware hub for a while," said a
project manager for First International Computer Inc. "We really haven't
done too much with [it] yet. It is still not quite clear when it will be
used and what its full functions will be."'
Sources close to Intel suggested the company would be leery of entering a
new PC-related market while under the shadow of a Federal Trade Commission
investigation. The company's motive is simply to bring new features to the
PC, enhancing sales for corporate and consumer users, these sources said.
Still, "If Intel controls what and how stuff gets put in the BIOS, that's
really significant," said one analyst. "That's a wonderful control choke
point."
End Quote.
Another article in EE Times, 'Security tops Intel's priority list,' by David
Lammers, 9/18/98, discusses how Intel has already received approval by both
the U.S. and Japanese governments to implement this technology in pursuit of
both countries digital-transmission-content-protection (DTCP) initiative,
and that licensing to OEMs is ready to begin. The approach ensures that
digital content which moves from one piece of hardware to another is
copy-protected, and complements the content-scrambling approach adopted by
the DVD industry.
Quoted excerpt:
Digital content protection is key to moving the 1394 interface forward,
first in digital-consumer products and later in 1394-enabled personal
computers, Intel said. Intel will build 1394 support into its chip sets
within the next 18 months, Gelsinger said in a keynote address at IDF on
Thursday.
Building in 1394, and convincing desktop OEMs to build out the ISA bus and
internal PCI slots, is central to Intel's vision of where the PC industry
needs to go to improve ease of use. Dan Russell, director of platform
marketing, claimed that the cost of implementing the 1394 bus - in terms of
gates, board space and dollars - is about equal to today's cost of adding in
the legacy ISA bus.
Next year, Intel intends to build hardware support for data security into
its CPUs and chip sets - including flash-based BIOS chips. Random-number
generators, digital signatures, monotonic counters and other hardware-based
security measures will be supported in logic primitives on silicon.
A senior design manager at Dell Computer Corp. (Austin, Texas) said the
Intel approach to security has been discussed for the past year, but "things
have gotten bogged down over the past few months. You have to bring together
the content providers, the applications, so many different elements. It just
takes a lot of time."
Bringing together disparate interest groups to rally around Intel's approach
to the desktop is what IDF is all about. Gelsinger said, "we either
cooperate or die," and no issues have been more contentious than
digital-content protection and data encryption.
End quote.
See http://developer.intel.com/ial/WfM/ for details of WfM.
===============
Richard Hornbeck
www.primenet.com/~hornbeck
Hornbeck@primenet.com
"The most important step in arriving at the right answer, is asking the
right question." Albert Einstein ("Al").
