| |||||||||||||
|
| |||||||||||||
Linux: GPLv3, DRM, and Exceptions (KernelTrap.org)Linux: GPLv3, DRM, and Exceptions (KernelTrap.org)Posted Oct 24, 2006 21:26 UTC (Tue) by jzbiciak (✭ supporter ✭, #5246)In reply to: Linux: GPLv3, DRM, and Exceptions (KernelTrap.org) by bojan Parent article: Linux: GPLv3, DRM, and Exceptions (KernelTrap.org)
TC is not entirely incompatible with GPL v3. For instance, suppose I have a machine-specific secret key and a notion of "secure level." I, the user, have to perform some action to unlock the system--that is, lower the secure level. When it's unlocked, I can add/remove/change software and then re-lock it. (The lock could even have a physical aspect, such as a jumper or switch.)
When re-locking, the machine then signs each of the added/changed software using its secret, machine-specific key, and subsequently refuses to run any software with invalid signatures. That is, until it's unlocked.
This seems like a great way to harden servers.
It should be possible to run GPL v3 software on such a system. Making a key available doesn't mean telling the person what the key is.
(Log in to post comments)
Linux: GPLv3, DRM, and Exceptions (KernelTrap.org) Posted Oct 24, 2006 22:11 UTC (Tue) by bojan (subscriber, #14302) [Link] > I, the user, have to perform some action to unlock the system--that is, lower the secure level.
TC relies on the machine (i.e. hardware) to do this. The machine doesn't trust you to do it, but only itself. Letting users unlock anything defeats the purpose of TC immediately.
You are just replacing one secret with another here and this is explicitly not how TC platforms are designed to work.
Linux: GPLv3, DRM, and Exceptions (KernelTrap.org) Posted Oct 24, 2006 22:39 UTC (Tue) by jzbiciak (✭ supporter ✭, #5246) [Link] The TPM technology underlying TC does not rule out owner-override. Unfortunately, no TC stack provider wants to provide it. I was speaking from this technical aspect. GPL v3 software should be just fine on a TC box with owner-override. You STILL don't get to see the key with owner-override, which was my main point. But you do get (indirect) access to it.
Linux: GPLv3, DRM, and Exceptions (KernelTrap.org) Posted Oct 24, 2006 23:43 UTC (Tue) by bojan (subscriber, #14302) [Link] > Unfortunately, no TC stack provider wants to provide it.
Yeah, that's the key here (excuse the pun). They don't want to trust users - that's why they are keen to implement TC in the first place.
A consumer device manufacturer or service provider that starts shipping TC on their devices is unlikely to give users the power to override anything, as it would defeat the purpose of having TC on the platform (i.e. they want to ensure that only software approved by *them* runs there). I know, that's bad and all, but that's what they want. I think in such a scenario, they are very unlikely to ship GPLv3 software on such hardware, as it would defeat the purpose of building such a platform.
Basically, FSF may as well have specified in the GPLv3 draft that you are not allowed to ship signed binaries that would run only on designated hardware. The whole thing with "you can do it, but you have to give away the keys" is a bit silly (an attempt at sarcasam by FSF? :-). Not many are going to take "advantage" of that.
Linux: GPLv3, DRM, and Exceptions (KernelTrap.org) Posted Oct 26, 2006 9:59 UTC (Thu) by nim-nim (subscriber, #34454) [Link] So they won't ship GPLv3 software. Or more accurately they will have to think about the consequences of blanket DRM (I'm not at all convinced all of them will rather get in bed with a difficult parter like MS just to avoid following the GPLv3 license)
Right now they can eat their cake and keep it too - but it's no entitlement
|
|
||||||||||||