TPM and GPL(v2)
Posted Jun 19, 2006 13:24 UTC (Mon) by sepreece
In reply to: TPM and GPL(v2)
Parent article: Interview: Harald Welte (part 1)
I think this substantially understates the legal requirements that radio manufacturers (for radios that transmit) must meet.
It also totally ignores the question of network operator requirements. Neither the network operator or you, as a customer, would be happy if it were easy for another user to initiate a denial-of-service attack by modifying her phone to transmit continuously on the paging channel or to repeatedly place emergency calls in a tight, infinite loop. Manufacturers who build phones that allowed such modifications to be easy would find themselves unable to sell to network operators.
One way to balance things might be to have a hard separation between the radio-control software and the user environment. Most Linux-based phones today do have such a divide, including the ones Welte is working with, but it has typically been designed that way for engineering reasons (separating real-time from non-real-time concerns), and without any attention to protecting the radio side from malicious user-side software.
For further thought, here's an excerpt from the FCC regulations on SDR; note that paragraph (b) says that unless that division between domains is hard, the manufacturer MUST take steps to assure that only trusted software is used:
2.944 Software defined radios.
(a) Manufacturers must take steps to ensure that only software that
has been approved with a software defined radio can be loaded into the
radio. The software must not allow the user to operate the transmitter
with operating frequencies, output power, modulation types or other
radio frequency parameters outside those that were
approved. Manufacturers may use means including, but not limited to
the use of a private network that allows only authenticated users to
download software, electronic signatures in software or coding in
hardware that is decoded by software to verify that new software can
be legally loaded into a device to meet these requirements and must
describe the methods in their application for equipment authorization.
(b) Any radio in which the software is designed or expected to be
modified by a party other than the manufacturer and would affect the
operating parameters of frequency range, modulation type or maximum
output power (either radiated or conducted), or the circumstances
under which the transmitter operates in accordance with Commission
rules, must comply with the requirements in paragraph (a) of this
section and must be certified as a software defined radio.
(c) Applications for certification of software defined radios must
include a high level operational description or flow diagram of the
software that controls the radio frequency operating parameters
to post comments)