User: Password:
|
|
Subscribe / Log in / New account

Details on Ubuntu's UEFI secure boot plan

Details on Ubuntu's UEFI secure boot plan

Posted Jun 23, 2012 21:22 UTC (Sat) by rich0 (guest, #55509)
In reply to: Details on Ubuntu's UEFI secure boot plan by cjb
Parent article: Details on Ubuntu's UEFI secure boot plan

The GPL does not require anybody to provide the sources of anything to anybody they didn't distribute GPL code to.

If Ubuntu doesn't distribute GPL code to end users then they don't have to provide source, keys, etc to them. Whoever does distributed GPL code to end users does have to do this, and anybody with a copyright to the code can sue them if they fail to do so.

Now, if one of the hardware vendors were to ask Ubuntu for their signing key, then they'd have to provide it to them. So, this isn't going to be of much help...


(Log in to post comments)

Details on Ubuntu's UEFI secure boot plan

Posted Jun 23, 2012 22:23 UTC (Sat) by anselm (subscriber, #2796) [Link]

The GPL does not require anybody to provide the sources of anything to anybody they didn't distribute GPL code to.

That's if they give the recipient the sources (keys, etc.) along with the executables.

If instead they offer to provide the sources upon request, they have to do that for »any third party«. At least that's what the GPLv2 says, which is the version the Linux kernel uses.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 23, 2012 23:17 UTC (Sat) by mjg59 (subscriber, #23239) [Link]

GPLv3 makes a distinction between source and "Installation Information" (keys and so on). You only have to distribute the latter if you distributed a User Product. If Canonical don't sell hardware themselves then that shouldn't trigger.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 25, 2012 17:56 UTC (Mon) by hamjudo (guest, #363) [Link]

Certain classes of configuration errors would cause the GPLv3 clause to trigger on companies selling hardware preloaded with the GPL software.

Canonical is trying to write software that hardware selling companies will be willing to use. Even if Canonical itself isn't liable, they won't be able to get their customers, the hardware vendors, to ship the software if it is perceived to be a legal minefield.

Hardware vendors with significant per unit profit margins can absorb the cost, if a fraction of systems need to be RMA'd. The business model does not work for hardware vendors with small margins if there is a significant chance of RMA expenses.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 25, 2012 18:43 UTC (Mon) by raven667 (subscriber, #5198) [Link]

You probably know more than I do about it but I don't think the GPLv3 demands the release of private key material, it is only concerned with the owners practical ability to load their own modified software on the device, which is far more easily serviced by providing a mechanism to manage keys local or to disable signature checking on boot. In any case I'm sure someone could crate a contrived example where the only way to comply with the GPLv3 is to disclose signing keys but I don't think that is how it works in practice.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds