LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux: GPLv3, DRM, and Exceptions (KernelTrap.org)

Linux: GPLv3, DRM, and Exceptions (KernelTrap.org)

Posted Oct 25, 2006 8:14 UTC (Wed) by farnz (guest, #17727)
In reply to: Linux: GPLv3, DRM, and Exceptions (KernelTrap.org) by bojan
Parent article: Linux: GPLv3, DRM, and Exceptions (KernelTrap.org)

Not quite; the hardware must trust the user's key enough to let the GPLv3 software behave identically whether it's signed with the user's key or signed with the vendor's key.

Thus, TC becomes useful for enforcing a warranty (for example), since you can confirm that the device is running your authorised software before you agree to take the device back. It's not useful for (e.g.) preventing the user from watching movies unless they're running your authorised software.

(Log in to post comments)

Linux: GPLv3, DRM, and Exceptions (KernelTrap.org)

Posted Oct 25, 2006 21:20 UTC (Wed) by bojan (subscriber, #14302) [Link]

> Not quite; the hardware must trust the user's key enough to let the GPLv3 software behave identically whether it's signed with the user's key or signed with the vendor's key.

And there lies the problem - this will never happen. The whole idea of TC is that you only trust things sign with vendor's keys. The user is by definition an untrusted party.

> Thus, TC becomes useful for enforcing a warranty (for example), since you can confirm that the device is running your authorised software before you agree to take the device back.

Or, you can just run a quick md5sum/sha1sum against the binaries and find out the same.

Linux: GPLv3, DRM, and Exceptions (KernelTrap.org)

Posted Oct 26, 2006 8:34 UTC (Thu) by farnz (guest, #17727) [Link]

In other words, TC means that the vendor doesn't want the user to be free to exercise the four freedoms that Stallman wants all users to have. No wonder the GPLv3 stops this.

And how exactly do you get a trustworthy md5sum/sha1sum from a device in a user's hands without TC? I was thinking in terms of a mobile phone or ADSL modem, where you might well want to not offer support if you can't confirm that the right software's running on the device; being able to check this from the other end of a phone line or e-mail conversation quickly, and avoid wasting 10 minutes while you try and support a user who's changed the software. In the TC case, you can just insist that they boot with your software before they get support.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds