Intel Updates vPro Platform and Features

MojoKid writes "Intel's has certified the Core 2 Duo E6550, E6750, and E6850 processors for vPro, and is releasing the new low-power Q35 Express chipset with a companion ICH9-DO Southbridge, and 82566DM Gigabit Network controller. With these new chispets and technologies, the vPro platform offers next-generation Intel Active Management Technology, enhanced Intel Virtualization Technology, and Intel Trusted Execution Technology (aka Intel TXT). vPro also supports next-generation management standards like WS-MAN and DASH (draft 1.0 spec) and v1.2 of the Trusted Platform Module. Intel has plans to provide continual updates to the vPro platform and will likely enhance vPro further after the launch of their 'Montevina' platform in the first half on 2008."

v1.2 of the Trusted Platform Module

[Anonymous Coward]

Do not want!

Re:

[Solra Bizna]

So having a TPM in my box magically means my vendor wants to eat me, and I'm a stooge for wanting the virtually undefeatable security it would offer should I use it properly.

Even if an attacker physically stole my TPM-enabled computer and applied NSA-level secret awesome techniques to it, they could not get the keys I stored with the TPM. Which is the entire POINT of the module according to the spec [trustedcom...ggroup.org].

No matter how many times I tell this to my friends who have the deep, unwavering belief that TPM = evil,

Re:v1.2 of the Trusted Platform Module

[Andreaskem]

Just to clarify: Read this [arstechnica.com] Ars Technica article about how the new trusted computing technology introduces the kind of DRM geeks have been rebelling against for years.

Re:

[smilindog2000]

So, TXT in short is hardware DRM, right? Will it do more? I'd love to know that my Linux kernel has been compiled signed by the vendor, and not hacked by any virus. Will TXT significantly mitigate viruses, worms, spy-ware, and the like? Will it allow vendor signed Linux kernels to be trusted to play DVDs out-of-the-box in the US? Will it help commercial companies port their products to Linux without fear of hacking? Will it allow FlexLM to finally be semi-secure? Will it get the damned bot-hackers of

Re:

[bhima]

Ain't that a great idea? OR even signed as compiled on that CPU/Motherboard/TCM and only signed executable run?

I'll bet money neither will ever get into widespread use. Pity.

As far as FlexLM goes, that is the single most annoying product that I come into contact with. Several of the software packages I use, use it and I hates it.

Re:

[clydemaxwell]

You..you WANT your CPU to only run signed and trusted code? Mind you, 'trusted' doesn't mean anything about trusted by YOU. I pray you are confused and do not actually think discouraging hacking is a good thing.

Re:

[bhima]

Yes, I want some my CPUs to only run code signed and trusted by me. Mind you, 'Trusted' doesn't necessarily mean only trusted by Intel, Microsoft, or some other untrustworthy corporation. 'Trusted' can mean trusted by me and only me and only on this server. You sound like you are confused and have never read any technical documentation on Trusted Computing and don't have a firm idea about the capabilities of the platform.

And I absolutely think discouraging hacking on my servers is a good thing. I've you

Re:

[Mad Merlin]

Will TXT significantly mitigate viruses, worms, spy-ware, and the like?

Doubtful.

Will it allow vendor signed Linux kernels to be trusted to play DVDs out-of-the-box in the US?

No.

Will it help commercial companies port their products to Linux without fear of hacking?

Probably not.

Will it allow FlexLM to finally be semi-secure?

Probably not, but I'm not familiar with FlexLM.

Will it get the damned bot-hackers off the gaming networks?

No.

Re:

[PitaBred]

Will you be able to listen to any music you want, or will it all have to be signed? What about that local band that gave you a home-burned CD? How about movies? Will I now have to sit through ads for movies released years ago at the beginning of my movies on my computer as well as with my DVD player? Will it enforce content protection on Youtube? Homebrew games? Network access only for signed applications? (who is doing the authentication of the software/content being "good" anyway?)

It has some good

And the very same thing RMS warned us about...

[Max Romantschuk]

Interestingly, Richard Stallman warned us about "Treacherous computing" [gnu.org] years ago. It's sad that these things are becoming reality.

Re:

[morgan_greywolf]

Interestingly, Richard Stallman warned us about "Treacherous computing" years ago. It's sad that these things are becoming reality.

Call him a zealot, call him an idealist, call him a communist if you want, but if there's one thing you positively can't call Richard M. Stallman, it's stupid.

But if you think Stallman was smart in 2002, when Trusted Computing was a brand new buzzword, remember that he actually predicted DRM before there was such a word as DRM -- he used the term 'copyright monitor code'. The Right to Read [gnu.org] was written in 1996, more than 10 years ago. I remember reading it in a copy of Communications of the ACM early in 1

Re:

[DaveWick79]

Call it hardware DRM, call it Trusted Computing - but this is exactly what corporate and even small business is looking for, and vPro 1.2 delivers. You've got to be able to manage your risks before they turn into an expensive problem. And vPro makes remote management a snap to boot and has for quite some time now, if implemented.

Even if you buy a vPro board and use it at home, which there's no reason you'd really ever do anyway, it's probably not going to come out of the box configured to block anything y

Re:

[rubycodez]

You've got to be able to manage your risks before they turn into an expensive problem. that sentence sounds like a load of marketing BS - this will get cracked, probably by subverting microsoft's crapware so the hardware doesn't even think a new app is installing.

Re:

[DaveWick79]

Yes, there's always the possibility of either a hardware or software based agent being cracked. But it's not marketing BS, it's business reality. Businesses can't afford to not keep track of what is being put on their workstations and monitor their security.

Re:v1.2 of the Trusted Platform Module

[Technician]

Do not want!

As a home user you maybe right. This is not aimed at the home user. Have you seen the demo? This platform has an IT departments dream, a firmware OS wrapped around the end user's OS. In the demo, they demonstrated live the corruption of Windows which crashed it to BSOD. Remotely they patched Windows and rebooted it all while Windows was crashed.

A powered off machine needing a scheduled backup or critical software rollout is no problem. The machine can be remotely turned on, patched, rebooted, configured, and tested without disturbing users while they are home.

Demos are here.
http://video.google.com/videosearch?q=Intel+V-Pro+ demo [google.com]

As an end user, it means installing Party Poker or Tor on the corporate machine may result in immediate application removal. The same goes for SONY rootkits and keystroke loggers. So yes for the end user, they have less ability to hose the configuration.

This is bad and the RIAA and MPAA is on the other end. This is good if your company supplied PC refuses malware. For its corporate target, this provides strong immunity to a BSA, RIAA, MPAA, etc, audit. Unauthorised stuff can't be stuck on the machine.

Re:

[Technician]

I've got a better solution, comprised from best practice security and PXE [wikipedia.org].


As far as I can tell, PXE has a new revision. It has the trademark VPro. I looked at the PXE link you provided. It credits Intel. Vpro is from the same company. VPro has a black mark on Slashdot simply because someone called it Trusted Computing.

Trusted computing on the other hand is defined by a chip that stores a security hash. Trusted Computing is more of a secure DRM platform than it is remote management. Thi

Re:

[KiloByte]

The IT department??? Or perhaps anyone who actually owns the hardware (ie, the company for corporate machines or you in your home)? No goddamn way.

I somehow cannot see our friends at Microsoft relinquishing such a juicy opportunity for control. And you mentioned this as something to give an immunity to BSA/RIAA/MPAA... The latter two are in good relations with MS, the first for all practical reasons is MS.

Also, I would be surprised if a future version of Windows didn't require the TPM. It's signed by I

Re:

[MobyDisk]

You could do that without trusted computing. Many machines today have boot ROM's and/or special boot partitions on the hard drive. You would just need a small bit of code to let you remotely send a signal to boot from that partition/boot rom. None of this has anything to do with trusted computing - this "feature" they demonstrated is just a side effect that they choose to demonstrate to hide what Trusted Computing is really used for.

Intel offers same MBs with / without TPM

[AHumbleOpinion]

Do not want!

No problem, Intel has motherboards for you too. I was specing out a quad core and noticed Intel has TPM and non-TPM versions of the same motherboard, for example the D975XBX2.

http://www.intel.com/design/motherbd/bx2/bx2_avai l able.htm [intel.com]

The non-TPM version seems to have more features too, digital audio out, 8 SATA instead of 4, IEE1394/Firewire, 3 year warranty rather than 1 year.

Trust Not

[Anonymous Coward]

"Intel Trusted Execution Technology". Way to sound ominous.

Naming

[weicco]

What's with this naming practice that seems to be going on in every god damn company? I can't even start a fricking sentence with name like vPro, iTunes, iFolder, omgXIITLOL since first letter should be in CAPS. Well, I'm not sure about english grammar but at least finnish grammar forces capitals.

Re:Naming

[Kelz]

Its the current wave of marketing. They're trying to establish brands that sound cool that people can remember when they shop for a computer.

Unless you're talking about chipset/product line codenames (Kentsfield, etc etc) which are geographical locations, since they can't be trademarked.

Re:

[weicco]

Yes I understand it is k00l to toss away grammar and write 1337 :) but that should be left to IRC chats and such. And if I'm being pedantic vPro can't be written at all if you are following grammatic rules since proper names must start with capital letter.

I strongly detest spoken language in books also even if it's in conversations. I tried to read Harry Potter in english and I couldn't figure out what the heck characters were talking about from time to time!

Dang! My nick name starts with a non-capital le

Re:

[daeg]

Just refuse to follow their retarded naming conventions. Call it an Ipod. An Imac. An Iphone. Call it Vpro.

Re:

[IBBoard]

But then the vPro being a Vpro doesn't emphasise the fact that it's a "Pro" something (assumedly) with added 'v'. Similarly the iPod being an Ipod doesn't do such a good job as a name of emphasising that it is some form of pod with added 'i'.

Re:

[IBBoard]

Those Finnish books must be quite boring if they don't contain any spoken language - how do the characters communicate? ;)

I think a lot of non-Brits have problems with Harry Potter as it uses a lot of Briticisms. My fiancee runs a website to help fanfiction authors improve their writing (and some of them need help - a lot of help!) and one of the main issues tends to be Americans getting confused by the Briticisms, or asking what the British way of doing/saying something would be.

Also, if you've got a perso

Re:

[TeknoHog]

Well, I'm not sure about English grammar but at least Finnish grammar forces capitals.

Corrected those capitals for you ;)

Anyway, it's great that the Finnish grammar forces certain things. Otherwise we'd have crap like TeliaSonera, TietoEnator, Sampo Pankki... oh, wait..

Re:

[weicco]

Yes, you are absolutely right. They are crap :P

much...

[cosmocain]

...more interesting than a link to a marketing blurb would be a link to the TPM-specifications. [trustedcom...ggroup.org] Actually, i do trust a platform - until it's "tpm-enabled".

Re:

[TofuMatt]

Err, the Linux kernel, Mac OS X, and Windows all have support for TPM. Still using AmigaOS then?

Re:

[julesh]

You do know that TPM does _nothing_ unless you actually, you know, use it, don't you?

So by disabling it in your kernel config, the only thing you achieve is making your system incompatible with any software that requires it.

Re:

[Anonymous Coward]

You also make your system "untrusted". Which means, that,among other things, large software companies will no longer talk to you because your system cannot be trusted by them -- and in a few years, neither will your ISP, since there is already moves to ensure that only TPM equipped PCs will be sold and used on the internet.

Is Intel a friend of Open Source?

[jkrise]

All new initiatives and 'innovations' from Intel have been closed source, secretive and the technology is available to a few limited US h/w mfrs. The reason Linux became so successful is because of Intel's low-cost, standards-compliant, open-source hardware; but with initiatives like virtualisation, vPro, multi-threaded compilers etc. the balance gets tilted further in favour of TCPA and DRM partners; and puts Linux at a disadvantage in the Enterprise.

Re:

[Anonymous Coward]

I am not aware of a single hardware company that is as open with their specifications and hardware documentation as Intel. Their chipsets are open and documented, the audio, network and disk controllers are open and documented, their video hardware is open and documented (Who else can you say that about?). They have a great developer relations program, although you can download a lot of their documentation without even joining it.

So what's all this secretive technology you think Intel have been producing?

Re:Is Intel a friend of Open Source?

[RAMMS+EIN]

``The reason Linux became so successful is because of Intel's low-cost, standards-compliant, open-source hardware; but with initiatives like virtualisation, vPro, multi-threaded compilers etc. the balance gets tilted further in favour of TCPA and DRM partners;''

Err, I have no idea what you mean. Intel's hardware used to be standard-compliant and open-source? What standards? Which source? How does virtualization (and I do believe they published specs on how to use it) tilt the balance in favor of DRM? What do multi-threaded compilers have to do with anything?

Now to look at some other aspects, Intel hosts and supports a number of open-source projects [intel.com], among them open source drivers for certain Intel graphics and WLAN cards. These are recent efforts, as well.

All in all, I don't think I can agree with your suggestion of Intel moving away from being supportive of open-source and towards being one of the forerunners of DRM.

Re:

[Anonymous Coward]

Now to look at some other aspects, Intel hosts and supports a number of open-source projects, among them open source drivers for certain Intel graphics and WLAN cards. These are recent efforts, as well.

Intel's efforts in video cards are meaningless because with vPro/LaGrande/Trusted Computing their control has moved from the source, to the binary.

All in all, I don't think I can agree with your suggestion of Intel moving away from being supportive of open-source and towards being one of the forerunners

Re:

[RAMMS+EIN]

``Oh, and BTW, I'm sure Intel supports "open source"... since that's a watered down meaningless term.''

Not as long as software controls the hardware. Which I believe is still the case; there may be a TPM chip in my computer, but it's not doing anything unless I actually use software that activates it. That doesn't mean I'm happy it's there, but it does mean it's Mostly Harmless.

Re:Is Intel a friend of Open Source?

[bealzabobs_youruncle]

That is quite a load of mis-information you are hauling there. Intel is far more open with their hardware specs, are providing lots of open source driver support and porting many of their development apps to Linux (and either giving away or open sourcing many of them as well). You can actually go to Intel's site and find a list of which boards they actively support Linux on and find drivers for older RedHat 4 and SLES builds. Additionally, BIOS updates are now provided via ISO image so Linux users (or any platform really, but we are the targeted group) can update their BIOS without jumping through hoops. I won't even get into your whole "technology is available to a few limited US h/w mfrs" as it makes no sense when you consider that outside of BFG (maker of nVidia based video cards and a smathering of motherboards) there are no U.S.hardware makers any longer (and all BFG does is assemble over here, the parts are still off-shored).

By way of comparison, AMD/ATi have yet to provide any really decent drivers, little in the way of documentation and have offered virtually zero F/OSS developer support. Via has been slightly better but hardly a font of knowledge. For desktop computing (and including Via was a stretch) Intel is probably the most supportive and easiest to deal with hardware make for a Linux workstation.

Re:

[AHumbleOpinion]

Intel is even friendlier than you suggest. They offer the same MB in TPM and non-TPM versions, and the non-TPM seems to have more features as well. To avoid a redundant thread see: http://slashdot.org/comments.pl?sid=281229&cid=203 85475 [slashdot.org]

Here's your source

[Wesley Felter]

Open Source Intel AMT Drivers and Tools. [openamt.org] (the part that runs on the PC), Intel Active Management Technology Reference Design Kit [intel.com] (the part that runs on a server and remotely takes over the PC).

Intel Updates vPro Platform and Features..

[tthedford]

Intel Updates vPro Platform and Features.. ..in their continuing efforts to help Microsoft mutate the personal computer into the final planned state of being essentially a tamper-proof remote contolled type-writer and entertainment vending machine for the masses.

No modding needed, Intel offers non-TPM MBs

[AHumbleOpinion]

How difficult would it be to mod a mobo, removing the TPM? Is TET (because Execution begins with the letter E) done in Microcode or is it all in silicon?

Why mod when you can buy a motherboard without it? When I went shopping for Intel motherboards a few weeks ago I noticed TPM and non-TPM versions of the same motherboard.

Before someone out there decides to write "But what about buying from Dell, HP, etc?" note we are discussing modding. Someone who is going to mod a motherboard should be able to oper

Chispets

[Life700MB]

Aaah what I really want to know is about those "chispets", are they some kind of pokemon from intel or something?

--
Great hosting [dreamhost.com] 200GB Storage, 2_TB_ bandwidth, php, mysql, ssh, $7.95

Re:

[ragefan]

Aaah what I really want to know is about those "chispets", are they some kind of pokemon from intel or something?

It's obviously a typo for Chiapets!

Looks like Lights-Out Management + IPMI

[Morgaine]

Others have commented on the TPM and DRM aspects of vPro, but the part that interests me most is the remote access functionality. Is this coming to desktops now?

Most modern servers have remote management capability these days, through some kind of Lights-Out Management (LOM) [wikipedia.org] system that works even when the operating system is dead or when the host CPU is powered off. It's not just the high profile Sun/HP/IBM brands that have such capability --- even Dell servers have BMC hardware (a small embedded microcontroller) running a LOM and providing access through IPMI [wikipedia.org], and have had it for many years. I've found all these LOM systems extremely useful, even without the more recent remote KVM features.

I'd love this kind of functionality independent of the running O/S to appear on desktop motherboards too, but motherboard manufacturers have traditionally kept server and desktop markets separate. Is there any sign that the new vPro chipsets could start moving such functionality towards the desktop too?

From the videos, it doesn't seem so, as they're targetted at corporates. But the worries that people have expressed about the TPM/DRM side of vPro suggest that the desktop isn't far away ... which on the positive side could mean that we get BMC/LOM capabilities soon on normal home machines as well.

As always, a powerful tool can be used both for good and for bad, and a BMC could do unwanted things as well as providing a very useful LOM. However, if it can be controlled by the end user, this sounds like useful technology.

Re:

[DaveWick79]

Yes it is coming and it has been around for quite some time now, at least a year or so. It's basically using a hardware agent instead of having a separate software agent loaded into memory.

WS-MAN

[xswl0931]

WS-Management (look it up on dmtf.org) is the protocol being used for remote hardware (BMC) management.

Re:

[onescomplement]

You're correct. It is basically IPMI and OOB, but apparently without requiring a separate LAN port for OOB (out of band, sorry) communications.

I install this on all servers I install and it's wild greatness. When I figure out how to deploy Mindstorms (tm) robot to do parts swap, I need never leave the house except to market myself. :->

The concern I have about vPro is that it seems tied into Intel's LANdesk product, which is proprietary and IMHO expensive for what you get.

As a person who works small IT

Adblock

[pseudorand]

I think my Adblock is broken because there's this Intel advertisement at the top of slashdot where I usually expect to see the first article.

Seriously though, adblock should just automatically block anything with the text "next-generation".

Why no uproar?

[Joseph_Daniel_Zukige]

Because it's already cracked.

They think it allows them to observe unobtrusively.

What really happens is it allows us to observe them thinking they are observing us unobtrusively. Stupid bunch of scriptkiddies.

Heh. Honeypot, anyone?

Number one, managing access on a per-page basis couldn't be done on iNTEL until now?

We knew that Microsoft has made their place by selling unsafe software for all these years. Now we see that iNTEL has done the same. And we see that, just like Microsoft, when the power of CPUs actu