LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Bitfrost: the OLPC security model

Bitfrost: the OLPC security model

Posted Feb 8, 2007 6:35 UTC (Thu) by drag (subscriber, #31333)
In reply to: Bitfrost: the OLPC security model by bronson
Parent article: Bitfrost: the OLPC security model

""I don't think so... I remember the FSF shooting this down a few months ago. The example used was, what if Tivo releases a developer key as a substitute for releasing their private key? Without the same key, there's no guarantee of the same rights. I did some googling but can't come up with the article so take this with a grain of salt.""

I beleive that is a bogus arguement. It either gives you the ability to run modified code with no loss of functionality or it doesn't. As long as it does, then that's it as far as the GPLv3 is concerned. There is absolutely no requirement in the GPLv3 for developers to release any private keys, they just have to provide the ability to allow users to run modified code with no loss in functionality if the original makers themselves can do so also.

Garrentees be damned. If there is a question of violation then obtaining a "developer's key" and using it to load modified code and testing the functionality is all that would be needed to prove compliance.

Plus with this design even the BIOS can be swapped out with the developer's key, so the BIOS itself could be licensed GPLv3 if you felt like it.

(Log in to post comments)

Bitfrost: the OLPC security model

Posted Feb 8, 2007 14:13 UTC (Thu) by NAR (subscriber, #1313) [Link]

There is absolutely no requirement in the GPLv3 for developers to release any private keys, they just have to provide the ability to allow users to run modified code with no loss in functionality if the original makers themselves can do so also.

So the developers would have to give me a key, which enables me to run the modified code - even if the modification means that I've removed the anti-theft features like the "calling home" thing. Which would brake the whole anti-theft concept. Or is there something I'm missing?

Bye,NAR

Bitfrost: the OLPC security model

Posted Feb 8, 2007 16:07 UTC (Thu) by nix (subscriber, #2304) [Link]

I see what you mean: what stops thieves contacting the developers and asking for a developer's key? (Equally, what stops crooked bureaucrats diverting the identity USB keys at the same time as they divert a bunch of laptops?)

Bitfrost: the OLPC security model

Posted Feb 8, 2007 16:11 UTC (Thu) by corbet (editor, #1) [Link]

There is a delay built into the developer key mechanism; if the laptop is reported stolen during the wait, no key is issued.

Bitfrost: the OLPC security model

Posted Feb 8, 2007 23:03 UTC (Thu) by drag (subscriber, #31333) [Link]

Also I presume that they would take steps to confirm your identity so that they are issuing a key to a laptop to the person that is actually suppose to have the laptop. (I don't think 'theft' would constitute 'distribution' under the GPL)

Sort of like how if you work in a corporate setting and somebody calls you up asking for (or to reset and replace) a password they 'forgot' you would want to take a bit of time to try to confirm the identity of the person on the other side of the phone before issuing the password.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds