它开始于一个论坛帖子和以下的头版模糊OSX86, a site produced by people attempting to crack the Intel version of Mac OS X to get it to run on non-Apple computers:

We’ve discovered that Rosetta usesTCPA / TPM DRMSome parts of the GUI like ATSServer are still not native to x86 — meaning that Rosetta is required by the GUI, which in turn requires TPM请参阅论坛主题这里

“TPM” stands for Trusted Platform Module, an industry standard hardware chip that provides for “trusted computing”There’s an industry consortium, the可信计算组,谁的主要推动者are AMD, HP, IBM, Intel, Microsoft, Sony, and Sun.

整个“可信计算”的事情引起极大争议The Wikipedia, as usual, has a fine overview,covering both what trusted computing is, and why it’s controversial

值得信赖的计算is a term coined by the TCPA referring to the goal of their family of open specifications to make computers more secure through the use of dedicated hardware. Critics, including academics, security experts, and users of free and open source software, contend, however, that the overall effect (and perhaps intent) of trusted computing is to impose unreasonable restrictions on how people can use their computers.


The gist of the situation, reportedly, is that at least some portions of the Intel Developer Transition Kit version of Mac OS X are strung up in such a way that depends upon the TPM module on the Transition Kit motherboardI say “reportedly” because I can’t say for certain there is in fact such a module on the motherboard, because I don’t have a Developer Transition Kit, and even if I did, I’d be under an NDA that would prevent me from discussing itBut I think it’s safe to assume these reports are true.

The effect of this, surprise surprise, is that the version of Mac OS X that ships with the Developer Kit hardware only runs on Apple’s Developer Kit HardwareWhich state of affairs is exactly what Apple stated, clearly and publicly, when they announced the transition at WWDC in JuneApple没有公开声明的是怎么样, technically, they were going to keep Mac OS X compiled for x86 from running on non-Apple x86 computersThe TPM chip is, apparently, at least part of the answer.

很难看出这个消息对任何人来说都是令人惊讶的Given (a) that Apple has stated, adamantly, that Mac OS X will only run on Apple hardware; and (b) that despite a lot of effort and a lot of interest, no one has been able to get the Developer Kit Mac OS X release to run on non-Apple hardware; it seems rather obvious that the Developer Kit boxes contain some sort of hardware that the software is tied toThis affects no one other than those who hope to install bootleg copies of Mac OS X on their x86 PCs.1



星期一,Slashdot收集了这个故事, with the following submission blurb:

有几个人发现that the new Intel kernel Apple has included with the开发工具包DVD使用TCPA / TPM DRMMore specifically, it includes “a TCPA/Palladium implementation that uses a英飞凌1.1chip which will prevent certain parts of the OS from working unless authorized.

From here, we go to Cory Doctorow, who, after reading the “news” on Slashdot, penned a scathing diatribe on Boing Boing, titled, “Apple to add Trusted Computing to the new kernel?”开始:

People working with early versions of the forthcoming Intel-based MacOS X operating system have discovered that Apple’s new kernel makes use of Intel’s Trusted Computing hardwareIf this “feature” appears in a commercial, shipping version of Apple’s OS, they’ll lose me as a customer — I’ve used Apple computers since 1979 and have a Mac tattooed on my right bicep, but this is a deal-breaker.

First, it seems a bit euphemistic to describe people trying to crack Mac OS X to run on non-Apple x86 hardware as “people working with early versions of the forthcoming Intel-based MacOS [SIC] X operating system”“People working with” creates the impression that these are legitimate developers, expressing legitimate concerns.


I travel in the kinds of circles where many people use GNU/Linux on their computers — and not only use it, but actually call it GNU/Linux instead of just “Linux,” in the fashion called for by Richard StallmanSome of these people give me grief over the fact that I use Mac OS X instead of GNU/Linux on my Powerbook, because the MacOS is proprietary.

There is a word for these people那个词是混蛋不,等等狂热者好的,这些人有两个字。

When my free software companions give me grief over this, I tell them that I’m using an OS built on a free flavor of Unix, and that most of the apps I use are likewise free — such as Firefox, my terminal app, etc.

Here’s the important part though: when I use apps that aren’t free, like Apple’s Mail.app, BBEdit, NetNewsWire, etc, I do so comfortable in the fact that they save their data-files in free格式, open file-formats that can be read by free or proprietary applicationsThat means that I always retain the power to switch apps when I need to.

至少在这里,多克托罗完全有道理Indeed, open, interchangeable file formats are much more important than free software.2Best are apps that directly read and write to open formats; good enough are apps that import from and export to open formats.3


The point of Trusted Computing is to make it hard — impossible, if you believe the snake-oil salesmen from the Trusted Computing world — to open a document in a player other than the one that wrote it in the first place, unless the application vendor authorizes itIt’s like a blender that will only chop the food that Cuisinart says you’re allowed to chopIt’s like a car that will only take the brand of gas that Ford will let you fill it withIt’s like a web-site that you can only load in the browser that the author intended it to be seen in.

当然这样的场景是一个potential use of Trusted Computing DRM mechanisms — and such a scenario would indeed be dreadful — but it’s a far stretch to call it“可信计算点”In the actual case here, Apple’s Developer Transition Kits — which, I’ll remind you,可能会承受相似, internally or externally, to the actual Intel-powered computers Apple will eventually ship to real customers — are (reportedly) using TPM for one and only one purpose: to prevent the OS from being run on non-Apple hardware.

There is no indication, none, zero, not even a whiff, that Apple intends to enable, let alone encourage, developers to create software with the TPM file-access authorization-locking described by Doctorow above没有。

这与第三方软件开发人员限制访问权限无关您的数据这是关于Apple限制访问operating system.

即使你忽略了没有任何证据的事实,也只是认为关于它What motivation would Apple have for allowing or encouraging this sort of lock-in? Ever since the transition to Mac OS X, Apple has been moving in the direction of openness, releasing the entire low-level OS core as open source, bending over backwards for compatibility with Windows wherever possible — and but now they’re going to allow for this? It boggles the mind.

Or consider iTunes, the most prominent software from Apple that makes use of DRMThe DRM in iTunes doesn’t add any restrictions to music you already own苹果去蝙蝠对于users’ rights with the ITMS, getting better rights and lower pricing (for hit singles at least) than what the record labels wanted to offerAnd if you still don’t like the ITMS DRM policies — which is a perfectly reasonable stance — you can simply not use the ITMS and still be a happy iTunes / iPod user.


What this means is that “open formats” is no longer meaningful. An application can write documents in “open formats” but use Trusted Computing to prevent competing applications from reading them.

这是完全错误的The existence of a TPM chip on the motherboard does not mean that application developers will be able to create apps which can produce files which can only be opened in the app that created the fileYou’d need operating system support for that, including a way to prevent files from being copied to other computers, and adding a feature like this to the OS would be suicidal. In what way could such a capability possibly be construed as beneficial to users? And, I repeat, there is no evidence whatsoever that Apple plans to do this.

If a file is written to disk in an open format, no TPM chip can prevent you from opening it in another programAnd if your data is written to disk in an encrypted format, with the decryption keys tied TPM hardware outside your control — then your software is clearly not writing to an “open format”.

Apple may never implement this in their own apps (though I’ll be shocked silly if it isn’t used in iTunes and the DVD player), but Trusted Computing in the kernel is like a rifle on the mantelpiece: if it’s present in act one, it’ll go off by act three.

No one has ever claimed that copy-protected DVDs are an “open format”, nor has Apple ever claimed that DRM-protected music from ITMS is an “open format”DRM的重点在于格式打开These restrictions aren’t from Apple, they’re from the entertainment industryEven if they wanted to, Apple couldn’t sell non-DRM protected major-record-label music from the ITMS, nor could they ship a version of DVD Player which allowed you to, say, export video from a commercial DVD to an unprotected QuickTime movie.

If you’re not happy with these restrictions in iTunes and DVD Player, blame the entertainment industryAgain, I see no reason to believe that Apple is interested in making these restrictions even more onerous than they already are.

So that means that if Apple carries on down this path, I’m going to exercise my market power and switch away, and, for the first time since 1979, I won’t use an Apple product as my main computer我甚至可能已经纹身了。

什么path, though? Down the path where individual Mac apps start using TPM-enabled DRM to prevent you from opening your files with other applications? Well, duh, if Apple does that, nearly一切Mac用户将排队购买新品牌的电脑。

Or is the mere presence of a bogeyman TPM chip on the motherboard, which chip is used as nothing more than a dongle that ties Mac OS X to Apple-sanctioned hardware, enough to count as “carr[ying] on down this path”? If that’s the case, Doctorow might as well start packing his bag.

It’ll be interesting to see what platform Doctorow switches to. Windows is seemingly out of the question, considering that Windows Vista is slated to contain众多基于TPM的安全功能

But he can always switch to GNU/Linux, right? Actually, wrong — because theLinux内核也有TPM的驱动程序支持Go ahead and look at the源代码司机/炭/ TPM / tpm_infineon.c,开始:

 * Description:
 * Device Driver for the Infineon Technologies
 * SLD 9630 TT Trusted Platform Module
 * Specifications at www.trustedcomputinggroup.org

I suppose he could compile his own version of the Linux kernel minus any support for TPM, but the wiser course would be to realize that TPM support, in and of itself, is no more or less evil than support for any other chips on a motherboard.


When I told a few friends this week that I planned to write about Doctorow’s outburst, several indicated that I shouldn’t bother, more or less on the grounds that Doctorow deserves to be cut a bit of slack because his heart is in the right place这个想法是,OK, sure, he’s out of line in complaining about this, but at least he’s just looking out for users’ rights.

But the fact that his intentions are good doesn’t make it right to let this passDoctorow is clearly ascribing deviousness onto Apple, without a single shred of evidence to back it upBut anyone who knows him as both an Apple aficionado and a champion of users’s rights, and who trusts his opinions on such matters, is going to take away from this the idea that Apple is doing something malicious, and that bad things are likely to start happening with users’ data on Intel-powered Mac systems.

The idea that Doctorow’s critique, despite being unfounded, was good for the community simply because of its anti-DRM slant is like saying McCarthyism was good for the country simply because of its anti-Communist slant.

然而,我们在这里Tim O’Reilly calling Doctorow’s post “a great rant”

In his usual lucid way, Cory goes on to explain why open data is more important than free software, and how the proposed DRM cuts to the heart of the essential freedom to switch to another program, or another computer非常值得一读。

Except that the only “proposed DRM” that would get in the way of any “freedom to switch” exists only in completely fabricated scenarios from Doctorow himself.

  1. 这并不是说Mac OS X的Developer Kit版本是不可破解的没有软件是不可破解的但我们所知道的是,它不容易破解。

  2. 虽然Apple Mail的新.emlx文件格式是否算作“开放”是有争议的它是一种纯文本格式 - 或多或少是RFC822邮件消息,后跟plist格式的XML数据 - 但是plist数据中的标志没有记录

  3. This is one of several reasons why few people are shedding tears over the continuing demise of StuffIt — the .sit and .sitx file formats are completely proprietary; no software other than StuffIt can unpack a .sit archive.

以前: 关于笔记的说明
下一个: 明星