[Python-ideas] [Python-Dev] Proposal : Python Trusted Computing API

Guido van Rossum guido at python.org
Mon Oct 19 21:35:59 CEST 2009

On Sun, Oct 18, 2009 at 11:29 PM, Abhiram Kasina
<abhiram.casina at gmail.com> wrote:
> Trusted Computing (TC) is a technology developed and promoted by the Trusted
> Computing Group (TCG)[3]. So, basically the group came up with these chips
> called TPM chips which are present on most motherboards nowadays. The main
> purpose of it is to enhance security so that infected executables don't run.
> It also provides memory curtaining such that cryptographic keys won't be
> accessible and many other features. There was a criticism on this from the
> FOSS community as well that it enables DRM. No wonder, it is being pushed by
> Intel, Microsoft, AMD, etc.. But personally I think its a good idea from
> security point of view.

Hm... Given that most infections these days are JavaScript based and
run in the browser, how does this provide any protection? I'm
presuming you're going to say that it doesn't but that there are other
use cases where it *does* provide protection; but most likely those
use cases are only relevant for Windows (since that's what most
attackers attack anyway).

> So, currently there is an TSS (TCG Software Stack)[1] API written in C. And
> TrustedJava[2] is a project which ported it to Java and is going to be
> included in the standard API of Java soon. They have 2 versions of it. One
> is a simple wrapper on top of the API and the other is a whole
> implementation of the stack in Java.

Since this intefaces with the hardware, doesn't it require some kind
of cooperation from the Linux kernel? And wouldn't it be better if
Python was never allowed access to any of the protected resources in
the first place?

> My proposal is we create an API for it in python.
> Reason: I am a developer in Umit

Where/what is Umit? (Google gives several meanings but it's unclear
which you might mean.)

> and I think Python is a very good platform
> for developing applications. So, why not create an API which helps in
> developing secure applications?

You'd first have to tell us more about the security model. What is a
"secure application" and what does it protect against? And how?

> I would love to learn more and provide you with any more information. Please
> let me know what you guys think of it?

This is better directed at python-ideas, so I've redirected this reply
there and Bcc'ed the python-dev list.

> Thanks in advance
> Cheers
> Abhiram
> [1]
> http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_specification
> [2] http://trustedjava.sourceforge.net/index.php?item=jtss/about
> [3] http://www.trustedcomputinggroup.org/
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> http://mail.python.org/mailman/options/python-dev/guido%40python.org

--Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the Python-ideas mailing list