The Linux kernel and digital rights management [LWN.net]

The entertainment industry is certain to continue its attempts to obtain the protection it wants from the Congress and the courts. But the industry is also very interested in technical means of enforcing limited access to its products. As Lawrence Lessig pointed out years ago, the software running on our systems is the other component of the code which constrains our actions. There's no shortage of people, governments, and corporations who would like to use that code to control (and monitor) what we can do with our systems and the products we purchase.

In most Linux users' view, there is little intersection between this sort of digital rights management (DRM) code and free software. After all, what's to keep us from simply yanking out any code which gets in the way of what we want to do? So some people were surprised when Linus Torvalds posted a message stating "I want to make it clear that DRM is perfectly ok with Linux!"

There is, you see, a scenario where DRM software can be embedded within the Linux kernel, and there is very little that can be done about it. It is not that hard to build hardware that refuses to boot a kernel which has not been signed with a particular private key. That kernel could restrict access to devices, or refuse outright to run applications which have not also been signed with a given key. Such a kernel could take away all of the control we would otherwise have over our systems whether we like it or not. Yes, whoever distributes the kernel must provide source, but, without the private key (and, thus, the ability to create a signed, binary kernel), a Linux user cannot make changes and get them to run on the target system.

Linus gives two reasons for his position: distributing signed binaries is acceptable under the GPL, and he does not want to be in a position of saying what can or cannot be done with the Linux kernel.

The GPL argument is interesting. Anybody who distributes a GPL-licensed program in binary form must make the associated source available. That source is defined by the GPL as:

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

One could well question whether a private key used to sign the binary is covered by this language. Most commenters seem to think that it is not. If the GPL has nothing to say about keys, then the distribution of signed binaries (without the associated private keys) is clearly within the bounds of the license.

If a private key is considered part of the program's installation scripts, there could be a problem. Linus has stated his opinion, but he cannot speak for the others who hold copyrights on code in the kernel. One of those people could conceivably mount a legal challenge should he or she object to the signed binary distribution. Kernel hackers in general seem uninclined to make this sort of challenge, but one never knows.

Linus's other reason - not wanting to regulate what others can do with Linux - goes to the core of the philosophy of free software. Any free (or open source) software definition will include a statement that the license cannot discriminate based on the use of the software. The purpose is to exclude licenses that, say, prohibit use by the military, by people with the wrong religion, citizens of certain countries, or drinkers of light beer. Similarly, Linus does not want to discriminate against those who would only allow certain software to run on their systems.

Besides, the techniques which implement DRM can also be used to implement a higher level of security for Linux users. A system that can only run signed executables is certainly going to be more secure than one which will run any binary presented to it. Some users may well want that kind of security, and they should be able to have it. It would be difficult to allow this sort of use while simultaneously forbidding DRM uses.

Ultimately, it comes down to what people are willing to buy. In an ideal world, Linux-based systems which implement oppressive DRM schemes would languish on the shelves, while those which are better suited to the needs and wishes of their users will succeed. The sad fact is that things often do not work that way; when products like DVD players, the Xbox, or Tivo are what's available, that is what people will buy. The marketplace does not work as well as one would like in this regard. But the GPL is not the tool that can fix it.

(Log in to post comments)

The Linux kernel and digital rights management

Posted May 1, 2003 3:09 UTC (Thu) by proski (subscriber, #104) [Link]

Today, if somebody reports a bug in an old version of software I maintain, I can ask that person to try the latest version. If people start using my program on systems crippled by DRM, they won't be able to upgrade, and I won't be able to help them even though they would have access to the source code.

To give those users the latest version, somebody (possibly the maintainer) would have to go through the certification process with the hardware vendor. The worst thing is that the certificate issuer would be completely within their rights to remove features from my software before generating the key. They would be able to tell me what I can and what I cannot do if I want my free software to reach users of their platform.

My motivation for writing software is giving other people more choice, more freedom and advancing the progress. DRM could be used to take users' choice, users' freedom, and prevent their access to the new versions of the software, even if the new features were suggested and implemented by those users.

Vendors of DRM systems could be within the rights granted to them by GPL, but they would be in violation of the spirit of free software. If GPL is insufficient to prevent the freedom loss through DRM, another license should be developed that would prevent the use of free software in DRM systems, just like GPL prevents linking free and non-free code for the purpose of redistribution.

The "spirit of free software" and the GPL

Posted May 1, 2003 8:48 UTC (Thu) by ronaldcole (guest, #1462) [Link]

I've harped on this for many years... The GPL just does not embody the "spirit" of Stallman's Manifesto. I've pointed out to him that the freedom to give away the software is only half-implementing the Manifesto "spec". In order for software to be freely available, like air, you need to be able to ask for it and get it. But Stallman doesn't want to turn free software developers into distributors. And now it's no surprise that DRM seeks to exploit that very hole in the GPL.

The Linux kernel and digital rights management

Posted May 1, 2003 14:32 UTC (Thu) by mrshiny (subscriber, #4266) [Link]

You are right; in one aspect the DRM features will limit users. In order to sign a kernel with a key that is trusted by a copyright-holder you will need to have the kernel certified. But what about just signing a kernel to enable things like virus protection? Maybe you can't give your users a DRM-enabled kernel that lets them download mp3s, but you can give them a signed kernel that is free from trojans.

The Linux kernel and digital rights management

Posted May 1, 2003 15:38 UTC (Thu) by proski (subscriber, #104) [Link]

Why do you think that the copyright holder will do the signing? If the Xbox Linux team wants to run Linux on Xbox, are they asking Linus to sign it? No! They are asking Microsoft, because only Microsoft can put the signature that would allow Xbox to run the kernel.

Linus "does not want to be in a position of saying what can or cannot be done with the Linux kernel", but he could end up in the position when he is told what he can or cannot do with the kernel in order to get certified and enable running Linux on DRM-crippled platforms.

There are better ways to protect software from trojans. I have nothing against warning users that the software has no signature, but I'm against forcing them to use signed software, especially if I wrote the software in the hope that the users will improve it and enjoy the software freedom.

The Linux kernel and digital rights management

Posted May 1, 2003 4:41 UTC (Thu) by piman (subscriber, #8957) [Link]

I can't fault MS for restricting what boots on "their" hardware - that is, the hardware inside their offices, owned by Microsoft. But if I buy a computer, I want to be able to do whatever I want with that computer. If everything has insane PKI limitations, we have a state where only the extremely wealthy or corporations can own anything; everyone else is just licensing - software, hardware, or otherwise.

The Linux kernel and digital rights management

Posted May 1, 2003 7:05 UTC (Thu) by error27 (subscriber, #8346) [Link]

Until you buy the hardware, it belongs to Microsoft, and they should be allowed to cripple it however they want to. After you should be able to take it apart and do whatever you want with it.

The real problem is the laws which say you can't take apart hardware you own.

The Linux kernel and digital rights management

Posted May 1, 2003 13:08 UTC (Thu) by smoogen (subscriber, #97) [Link]

I think the way the laws are being interpreted, you do not own the hardware. The best it can be said is that you have a long term lease on it, but you do not OWN it. Sad.

The Linux kernel and digital rights management

Posted May 2, 2003 4:04 UTC (Fri) by error27 (subscriber, #8346) [Link]

I see it a little bit differently. The way the laws are being interpreted, there are certain things you are not allowed to think about or discuss.

And hey, that's perfectly reasonable if you live in communist Russia.

So you don't own it? So what?

Posted May 3, 2003 2:30 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

Why is that sad? Isn't this just a wording issue? If we didn't say that customer "owns the xbox" or "bought the xbox," doesn't your whole argument just evaporate? If we keep everything the same except the words and say you purchased the right to do certain things involving a certain hunk of xbox hardware, then is there an issue? If we say MS owns the xbox, like my bank says it owns the credit card in my wallet, does that solve the problem?

Or are you just concerned that someone unwittingly bought these limited rights to use an xbox when he thought he was buying the xbox in the simple sense? We can fix that with publicity.

The Linux kernel and digital rights management

Posted May 2, 2003 20:53 UTC (Fri) by Baylink (subscriber, #755) [Link]

If you've been following the technical press, though, on topics like the trend of hardware manufacturers towards things like hard drives with encrypted *interfaces* (for which {you don't have,only Micro$oft has} the keys, then the idea won't surprise you that Microsoft will be able to swing *the entire industry* towards crap like this...

The Linux kernel and digital rights management

Posted May 1, 2003 11:00 UTC (Thu) by bockman (subscriber, #3650) [Link]

One potential DRM problem for Linux users is to make the market even less friendly to us. Nowadays it is already difficult buy a PC for installing Linux on it. In many places you are forced to buy one with a pre-installed Microsoft OS - paying for something that you don't use. Moreover, it is likely that the PC includes some windows-only hardware that you are forced to buy anyway.

If future PCs will only boot DRM-enabled kernels, installing Linux will only be possible by people capable to build their own PC, including burning a DRM-free BIOS chip with something downloaded from the Net. And good-bye to the already extremely small Linux 'market'. Not mentioning that building DRM-free PC could become illegal in countries with DMCA-like legislation.

And if you wonder why a linux user should care about running a DRM-enabled kernel (after all, it is only there to prevent piracy, is'n it?), consider that it would make not possible to do a lot of things that we currently do (and which are perfectly legal), like recompiling the kernel to fit it to your machine, or downloading, compiling and trying out a new software package not yet in your 'signed' distribution.

The Linux kernel and digital rights management

Posted May 2, 2003 13:52 UTC (Fri) by ptr (guest, #5885) [Link]

I think that the real problem is that Microsoft is in the position of holding several quasi-monopolies (Windows, Office). Thus it looks quite outrageous to me, if they sell subventioned hardware which restricts the customer to choices they decide upon.

I agree that it would be a valid business model in general. The questions is whether you accept the spirit of anti-trust laws or not.

RPM and deb package signing

Posted May 1, 2003 15:45 UTC (Thu) by proski (subscriber, #104) [Link]

I think nobody is saying that "putting DRM in the kernel would be a violation of the GPL". It's a strawman argument. And by the way, there is a world of difference between mandatory and optional signatures.

The Linux kernel and digital rights management

Posted May 1, 2003 21:27 UTC (Thu) by iabervon (subscriber, #722) [Link]

It would probably violate the GPL to embed in the kernel a signature by a key not available to recipients. But that would be a silly idea anyway. A better idea would be to compile the kernel without the use of a private key, and distribute it. Then someone, either the same company or a different company, could examine the kernel binary and decide to sign it. The hardware then checks that a signature is available (not linked into the kernel, which doesn't have any reason to check its own authenticity), and loads the kernel if a suitable signature is found.

The question, then, is whether a signature is a work derived from the work it is a signature for, in which case it would seem to fall under the GPL, requiring that the key used to create the signature itself be made available. But this is unlikely; signing a work probably falls under fair use, in which case the people compiling and shipping the kernel are following the GPL, and the people signing the image and checking the signature aren't bound by it.

The Linux kernel and digital rights management

Posted May 8, 2003 12:03 UTC (Thu) by scharkalvin (guest, #7372) [Link]

There are two reasons to run a 'signed' kernel, and to have the hardware force you to ONLY run a signed kernel. Both reasons involve trust, but from different points of view. In one case, it protects the computer user (and the computer) from running software obtained from an untrusted source, software that might contain viri and due damage to the user. In this case if I compile my own kernel, I need the key for my computer so I can run linux. I could see the maker of the computer suppling the owner with the binary key so he could sign his own kernel. It would be unique to each computer, and only allow me to run the kernel I built on a single computer, the one whose Key I know.

The second reason for the signed kernel is trust for the providers of any software content I might wish to view on my computer. With this key my kernel could use DRM hardware to unlock content to view on my computer. This is the dark side that worries us, because we see being locked out of using our OWN content as the DRM hardware/software bytes back at NON-PIRATE uses of the machine.

The Linux kernel and digital rights management

Posted May 16, 2003 19:19 UTC (Fri) by iabervon (subscriber, #722) [Link]

Experts generally feel that the second use won't actually work, because it's too hard to protect the chain of trust from the computer manufacturer to the content provider, to manage trust of the software involved, and to manage security of the key over its potential lifetime.

There's a third use, as well: hardware vendors who want to use the flexibility of a general purpose computer in their device without giving that flexibility to the end user. Consider a car manufacturer who uses an embedded processor to control the car, rather than using a PIC or an FPGA, so that it is easier to write the firmware and deploy changes. The manufacturer doesn't want to let the user modify the firmware arbitrarily, because it opens up all kinds of liability problems. They could build a car with a public key embedded in it, and only allow kernels signed with the corresponding private key; these kernels being the ones they are willing to be liable for.

So it makes sense to have DRM in cases where it limits the risk of embedding a general computer in something which does not need to be a general computer.