Question about TPM(trusted platform module) in intel macs ._.?

[plasmacutter]

So, i've been reading reports of intel macs shipping with the much dreaded and despised "trusted platform modules" (TPM's) installed and active by default.

So far reports have shown their use has only been to keep MacOS on mac hardware only, but I have more in depth questions regarding this situation.

I'm interested in how apple hardware/software integrates with these chips, how the chips' implementation and/or integration may or may not differ from standard pc hardware and the goals of microsoft and the trusted computing group (tcpa, or insert any other names here).

specifically of concern to me are attestation features which, under current plans by the trusted computing group, would not be user controllable/falsifiable. (e.g. the tpm would say youre running safari and changing user agent with debug no longer stops "IE only" browser blocking, "encrypted/tamper proof processes", harder emulation, etc)..

Friends of mine who use mac say they will be purchasing new intel lines eventually under the notion that they trust apple, but quite frankly i'm still sceptical on this regard considering the research i've done on this and related subjects.

if anyone knows a great deal about this as it applies to apple and feels like filling me in it would be helpful for this confused and rather bewildered fan of osX and the mac platform in general.

I'm not here trying to troll with this topic, i'm trying to figure out how concerned I should be from someone who is informed enough to offer more than speculation.

 

[symphonix]

Frankly I would trust Apple on this one. In Steve's keynote address at WWDC the other day, he made it clear that they will be sticking by their policy of not "locking down" the OS with serial numbers and so on. He was saying this mostly as a dig at Microsoft, who seem determined to treat their users like thieves and scoundrels, while Apple has a policy of just making the rules clear and then trusting people to use their own judgement.

However they will use TPM to ensure that only Apple computers can run Mac OS X. TPM's limited space means it is not likely to be made accessible to third party processes, so it won't be used by application developers, but by the OS only. TPM will probably be supported at the kernel level, and not in the published API.

Attestation is one of the worrying ideas that the TPM group have come up with that will probably never come to anything. It will only work if it is implemented in the OS, and I can't picture Apple really doing anything with it.

Frankly, TPM is a security worry in the same way that RFID tags are: some cause for concern, but it comes down to how it is used. In the end, if Apple really wanted to screw us over, there are a thousand other ways they could do it that don't use TPM. It doesn't take TPM to remove the "change user agent" feature from Safari for instance, and yet they haven't done that. It wouldn't take TPM technology to have your computer automatically send out your personal information on demand, and yet they haven't done that either. Privacy and security are two of Apple's biggest selling points, and they're not going to jeopardise that image.