LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

TPM and GPL(v2)

TPM and GPL(v2)

Posted Jun 18, 2006 16:48 UTC (Sun) by tialaramex (subscriber, #21167)
In reply to: TPM and GPL(v2) by simlo
Parent article: Interview: Harald Welte (part 1)

The legal requirement for radio transmission is that the user cannot /normally/ tweak the radio parameters outside those licensed. That means the manual shouldn't explain how to do it, and no amount of twiddling with the knobs, changing preference settings or other "user-type activity" can be permitted to exceed the licensed specifications - But it /doesn't/ mean you need to seal the entire product in resin, or that you must keep the source code secret. It should suffice to ensure that anyone modifying the system to exceed licensed specifications must be aware of their actions.

We /already know/ that people hack the existing binary-only firmware for 802.11 devices to uprate their power, and the relevant government agencies haven't done anything to punish the manufacturers because they quite reasonably blame the /users/ not the manufacturers for this unlicensed use.

Therefore the argument that software needs TPM to obey legal restrictions is a bogus one.

(Log in to post comments)

TPM and GPL(v2)

Posted Jun 19, 2006 13:24 UTC (Mon) by sepreece (subscriber, #19270) [Link]

I think this substantially understates the legal requirements that radio manufacturers (for radios that transmit) must meet.

It also totally ignores the question of network operator requirements. Neither the network operator or you, as a customer, would be happy if it were easy for another user to initiate a denial-of-service attack by modifying her phone to transmit continuously on the paging channel or to repeatedly place emergency calls in a tight, infinite loop. Manufacturers who build phones that allowed such modifications to be easy would find themselves unable to sell to network operators.

One way to balance things might be to have a hard separation between the radio-control software and the user environment. Most Linux-based phones today do have such a divide, including the ones Welte is working with, but it has typically been designed that way for engineering reasons (separating real-time from non-real-time concerns), and without any attention to protecting the radio side from malicious user-side software.

For further thought, here's an excerpt from the FCC regulations on SDR; note that paragraph (b) says that unless that division between domains is hard, the manufacturer MUST take steps to assure that only trusted software is used:

2.944 Software defined radios.

(a) Manufacturers must take steps to ensure that only software that
has been approved with a software defined radio can be loaded into the
radio. The software must not allow the user to operate the transmitter
with operating frequencies, output power, modulation types or other
radio frequency parameters outside those that were
approved. Manufacturers may use means including, but not limited to
the use of a private network that allows only authenticated users to
download software, electronic signatures in software or coding in
hardware that is decoded by software to verify that new software can
be legally loaded into a device to meet these requirements and must
describe the methods in their application for equipment authorization.

(b) Any radio in which the software is designed or expected to be
modified by a party other than the manufacturer and would affect the
operating parameters of frequency range, modulation type or maximum
output power (either radiated or conducted), or the circumstances
under which the transmitter operates in accordance with Commission
rules, must comply with the requirements in paragraph (a) of this
section and must be certified as a software defined radio.

(c) Applications for certification of software defined radios must
include a high level operational description or flow diagram of the
software that controls the radio frequency operating parameters

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds