Intel's security plans raise fear from PC builders (related to digital copy protection for DVDs and other content)
eet.com
By Rick Boyd-Merritt and Mark Carroll
EE Times
(12/12/98, 11:22 a.m. EDT)
SANTA CLARA, Calif. — Intel Corp. will add new security and software
functions to future chip sets in a move that will boost the profile of its
upcoming Katmai processors as key silicon for multimedia and electronic
commerce. But the plan is raising concerns among software, semiconductor
and systems companies that fear the processor giant could wind up
encroaching on their markets, extending its own reach deeper into the PC
architecture.
Intel's plans center around a so-called firmware hub, essentially a flash
memory with key BIOS functions, which will be part of its Camino, Carmel
and Whitney chip sets. Those products will accompany next year's Katmai
processors and are expected to be used in the Merced line too. "This is an
example of Intel taking in one more piece of the PC architecture," said a
senior R&D manager with a major PC company who asked not to be named.
Intel would not comment on its unannounced products. However, the key
features of the chip are beginning to come to light based on reports from
multiple sources. The firmware hub is "basically a flash chip with locks on its
read and write capabilities that can be opened using a cryptographic
protocol," said another source briefed by Intel.
Hardware security functions
include a cryptographic engine to
authenticate "digital certificates"
that Intel or a third party could load
in. The chip could hold multiple
certificates, each with permission
to grant specific features, such as
to permit an operating system or
an MPEG player to run. They
would also ensure that a software
program licensed to one user was
not copied and run on another
machine, a common practice. In
addition, the certificates will act
like unique serial numbers, identifying a given machine in any Internet or
corporate network transaction, sources said.
The hub may also include a random-number generator to create public keys
for encryption and help enable encrypted transmissions between PCs. That
would provide security for electronic commerce and software downloads,
possibly including software modules for host-based modems, MPEG players
or audio codecs that are housed in the firmware hub and run on the CPU.
Another feature sources have mentioned is physical security, linking sensors
to the hub so that it may report problems to a central network administrator if
the case is tampered with or peripherals are removed.
Even though the firmware-and the chip sets it is part of-are not due for
production until at least mid-1999, samples have been available in Taiwan for
some time. "We have had samples of the firmware hub for a while," said a
project manager for First International Computer Inc. "We really haven't
done too much with [it] yet. It is still not quite clear when it will be used and
what its full functions will be."
The hub chip is designed to incorporate new features into the PC upon
startup, the manager said, not to replace the standard BIOS, the key
software that controls system I/O peripherals software.
"After a PC is turned on, the firmware hub will be accessed and then the
regular BIOS," said a BIOS engineer with another Taiwanese company.
"The hub will affect the standard BIOS architecture, but it certainly won't
replace it. That's not its purpose."
Yet the prospect of a possible Intel incursion into BIOS is giving some
industry observers the willies. Adding to their concern is the fact that Intel
has not provided technical details about its implementation yet. One analyst
said the hub will act as a BIOS registry, a place from which software
emulation and upgrades can be controlled.
Sources close to Intel suggested the company would be leery of entering a
new PC-related market while under the shadow of a Federal Trade
Commission investigation. The company's motive is simply to bring new
features to the PC, enhancing sales for corporate and consumer users, these
sources said.
Still, "If Intel controls what and how stuff gets put in the BIOS, that's really
significant," said one analyst. "That's a wonderful control choke point."
The hub also may come with anti-viral protection. "It seems that even though
the hub will be made using flash-memory technology, the actual program will
be burned in as a kind of ROM," said the BIOS engineer. "This is for
protection against certain viruses that go into the BIOS and rewrite it."
The Taiwanese BIOS engineer believes Intel's aim is to make it easier "to
change their memory-controller initiation in the future." Instead of having to
change the huge north-bridge chips of today, "only the much smaller hub chip
will need to be changed."
At least one of Taiwan's core logic vendors is already contemplating a clone.
"We have no worries about being able to offer a similar product," said Tzu
mu Lin, senior vice president for Via Technologies Inc. "We have already
lined up technology partners that will allow us to offer a product that has
even more solutions and is more open than Intel's hub."
The feature set for the Intel hub is still up in the air, Lin added. "There are
some issues as to how it will relate to traditional BIOS," said Lin.
Len Galasso, a security engineer in the Irvine, Calif., office of Phoenix
Technology Ltd., said he believes the architecture will be flexible, letting the
chip handle all BIOS functions or work with a more traditional standalone
flash BIOS. But, he added, with some trepidation, "I think Intel wants to
control the BIOS."
Galasso and at least one semiconductor executive said they are concerned
the move could lock them out of design wins for BIOS, keyboard controllers
or flash chips. A diagram of the firmware hub shows it is linked to a "south
bridge" I/O controller in the chip set with what appears to be a unique 4-bit
serial bus. At least one keyboard-controller maker is concerned about a
proprietary interface. His device links to flash BIOS for scratchpad RAM
space, a configuration that would be impossible with the firmware hub, since
Intel has refused to detail the interface to his company.
Galasso said he doubted Intel would try to use a proprietary interface. "The
industry will reject anything exotic at that level," he said. "It would be an
obvious ploy to lock people in."
Others cite more generic concerns that security features often bring. "This
business about having a unique serial number or digital certificate has a few
civil libertarians-including myself-freaked, but the good news is you can turn
it off," said one analyst familiar with the initiative.
"In fact, it's not clear if Intel's firmware hub will be proprietary or not," said
Shing Wong, senior vice president of Silicon Integrated Systems Inc. in
Taiwan. "The BIOS companies will still be in business even if the hub goes
completely Intel's way. The catch is that [the hub] will make them more
beholden to Intel than they are now.
"The hub is in its early stages now," said Wong. "It will happen, but Intel's
idea of how it will be implemented may have to change." He cited, especially,
"a problem with the compatibility of certain registers. There are very real
issues between Microsoft and Intel with the firmware hub." |
