CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
Posted Jan 29, 2018 21:44 UTC (Mon) by thestinger (guest, #91827)In reply to: CopperheadOS: Security features, installing apps, and more (opensource.com) by jebba
Parent article: CopperheadOS: Security features, installing apps, and more (opensource.com)
The source isn't simply available for viewing so it's not sensible to describe it as 'source available'. It can be modified and redistributed, but not commercially (other than only the GPL2/GPL3 subset) without paying for a commercial license. FSF is clear to make a distinction between 'free' / 'libre' and 'open' because 'open source' says nothing about freedom to use it for any purpose (although GPL2 / GPL3 don't permit that, FSF just defines their set of restrictions as acceptable, and projects like OpenBSD consider them non-free). I don't think "OSI approved" defines what open source means. Another example is the JSON / JSLint license:
https://www.json.org/license.html
The Software shall be used for Good, not Evil.
Posted Jan 30, 2018 2:30 UTC (Tue)
by pabs (subscriber, #43278)
[Link] (4 responses)
Uh...
Posted Jan 30, 2018 2:59 UTC (Tue)
by thestinger (guest, #91827)
[Link] (3 responses)
I don't think it makes any sense to say a project with a clause like the JSON / JSLint licenses is "not open source" and the same goes for a commercial usage clause. I'll buy into the idea that it makes it non-free/non-libre.
On that note, GPL3 forbids mixing the code with the Linux kernel (GPL2) or making an immutable hardware chain of trust for verified boot which both sound like usage restrictions to me. The *BSDs seeing GPL as non-free isn't without merit. This is something subjective, not at all objective.
Posted Jan 30, 2018 10:55 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (2 responses)
This is one of the reasons that "open source" is a bad term. It makes absolute sense to say that - it's the literal definition of the term, but it's a term that can be easily misunderstood.
> GPL3 forbids mixing the code with the Linux kernel (GPL2)
Plenty of licenses are incompatible with each other - GPL3 is not unique in this respect.
> The *BSDs seeing GPL as non-free isn't without merit.
OpenBSD considers copyleft licenses to be less free than BSD licenses, but does not assert that they're non-free.
Posted Jan 30, 2018 12:39 UTC (Tue)
by thestinger (guest, #91827)
[Link] (1 responses)
Licenses placing significant restrictions on usage of the code compared to permissive ones.
> OpenBSD considers copyleft licenses to be less free than BSD licenses, but does not assert that they're non-free.
They consider them less free to the point that OpenBSD and FreeBSD are very actively purging GPL code even when it means doing a lot of work or accepting compromises. I do think they get commonly referred to as not free nowadays.
Posted Jan 30, 2018 13:46 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link]
I have never seen any of the BSD developers claim that GPL is non-free. It is merely not a permissive license and it is fair for them to want to remove it from their base OS because of licensing ideology
Posted Jan 30, 2018 10:48 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (9 responses)
Uh. The FSF do not make that distinction. https://www.gnu.org/philosophy/free-software-for-freedom.... makes it clear that the terms are technically synonymous, but reflect a difference in ideology. Since its first use, open source has always included the freedom to use it for any purpose.
Posted Jan 30, 2018 12:12 UTC (Tue)
by sampablokuper (guest, #53150)
[Link] (2 responses)
Correct me if I'm wrong, but isn't "synonymous" maybe a bit strong, even in the case of the OSI interpretation of "open source"?
Cf. DFSG vs GFDL: https://en.wikipedia.org/w/index.php?title=Debian_Free_So...
(If using the naive interpretation of "open source" rather than the OSI definition, then the difference is even starker because some proprietary software is "open source" only in that the source code is available for review. I.e. such software meets Freedom 1 but few or none of the other Four Freedoms. This Euler diagram illustrates that situation: https://en.wikipedia.org/wiki/File:Categories_of_free_and... .)
> Since its first use, open source has always included the freedom to use it for any purpose.
"Always" is, again, maybe a bit strong? Compare:
https://lwn.net/1999/0318/a/raymond.html
vs
Posted Jan 30, 2018 19:17 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (1 responses)
I don't think so - it's more about different interpretations of the same thing in a small number of cases (and I don't think the FSF would argue that the DFSG is a free *software* license). The DFSG and the Open Source Definition are basically identical but one refers to free software and the other to open source.
> "Always" is, again, maybe a bit strong? Compare:
The FSF position on this seems a bit inconsistent - the privacy requirement is violated by other licenses that the FSF consider free. I think the termination clause was sufficient to make it non-free and that it was a mistake for OSI to have ever approved it, but I don't think it tells us much about whether there's a difference in how freedom to use is treated by the two terms.
Posted Jan 31, 2018 0:36 UTC (Wed)
by sampablokuper (guest, #53150)
[Link]
I wouldn't previously have used as strong a term as "(technically) synonymous". I would have said they are "similar but not the same", or suchlike.
But you have a track record of being well-informed about free and open source software licensing, so I will reconsider my view in the light of this comment of yours and the one above, and will re-read and re-think a few FSF essays when I get the chance. Thanks for the reply :)
> I don't think it tells us much about whether there's a difference in how freedom to use is treated by the two terms.
Again, your take on the matter is different to mine. And again, I'll consider revising my view in the light of yours; thanks :)
> (and I don't think the FSF would argue that the DFSG is a free *software* license). The DFSG and the Open Source Definition are basically identical but one refers to free software and the other to open source.
Sorry, I should have written with more clarity on several fronts here.
I was not suggesting that the DFSG is a license of any kind: it isn't. Apologies for the misinterpretability of my remark.
Rather, I was emphasising that the DFSG (which closely resembles the OSD, as is probably so widely understood by LWN readers that I didn't think it bore mentioning) precludes the GFDL. Which is *almost* as if the OSD precluded the GFDL. Which illustrates the point I was trying to make that "open", even under something very much like the OSI's definition, is technically *not* synonymous with "free" under the FSF's definition.
This is the closest thing to a counter-example to your claim that I could come up with. I admit the reasoning is slightly tortuous. Perhaps better counter-examples exist, but if not, then that fact speaks well of your claim :)
Posted Jan 30, 2018 12:18 UTC (Tue)
by thestinger (guest, #91827)
[Link] (5 responses)
Per your source, they consider 'open source' to be too ambiguous and generic. They also state that they don't agree with the OSI on all the details about which restrictions go too far. It's incredibly subjective, and while they mostly agree that doesn't mean that the subjectively ends with the range of FSF <-> OSI opinions on it.
> Since its first use
It was definitely used before the OSI took ownership of it and made it a much more popular term.
> open source has always included the freedom to use it for any purpose.
That would mean the GPL licenses aren't open source licenses because they contain a bunch of usage restrictions. The restrictions that you as an individual happen to think are ethical still count as usage restrictions. If there weren't usage restrictions, license compatibility wouldn't be an issue.
Lots of the *BSD world often considers GPL to be non-free because of the restrictions it imposes. They see projects like the Linux kernel taking their code and mixing it with GPL code to be an example of exactly what the GPL claims to defend against.
GPL2 forbids the restrictions in GPL3 which is a clear example of it being a subjective, moving target. An unbroken, immutable root of trust for verified boot has value and yet they decided to restrict that with GPL3. That's hardly different from "may only be used for good, not evil" or "no commercial usage". In the GPL2 era, that was a non-free restriction, until they decided it wasn't. Pixel phones go through a lot of effort to implement verified boot with rollback protection in a way that doesn't lock out other operating systems but it still has a security cost. Having a hard-wired key would be more secure than having it enforced via the Replay Protection Memory Block and the same goes for using qfuses instead of having the rollback indexes in RPMB. GPL3 *forbids* making a device taking that hardening further. That's a pretty relevant restriction. It'd be unacceptable to ever consider any GPL3 code for the base OS without having ownership over it.
Before using Attribution-NonCommercial-ShareAlike 4.0, the CopperheadOS userspace code was relicensed from permissive licensing to GPL3. In hindsight, it's quite possible that GPL3 forbid anyone else from redistributing a build of the OS thanks to license incompatibilities in certain repositories. The whole point of GPL3 was trying to make a viable business model but it didn't accomplish that at all and companies were quite willing to violate it anyway, unlike a very clear cut non-commercial usage clause where they can't play any games.
Posted Jan 30, 2018 16:11 UTC (Tue)
by spaetz (guest, #32870)
[Link] (2 responses)
No, it does not include any _usage_ restrictions, the GPL is extremly user friendly. It includes _distribution_ restrictions. You can very much mix GPL and proprietary software for your inhouse projects.
Posted Jan 30, 2018 19:00 UTC (Tue)
by thestinger (guest, #91827)
[Link] (1 responses)
https://www.gnu.org/philosophy/free-sw.en.html
> The freedom to redistribute copies must include binary or executable forms of the program, as well as source code, for both modified and unmodified versions. (Distributing programs in runnable form is necessary for conveniently installable free operating systems.) It is OK if there is no way to produce a binary or executable form for a certain program (since some languages don't support that feature), but you must have the freedom to redistribute such forms should you find or develop a way to make them.
If developers can't distribute their modified versions, users are close to forbidden from using modified versions. Few people have the capability and hardware to build this kind of software, especially regularly to keep up with security updates, while securing their own signing keys and not ever losing access to them. Fewer still have the capability to make changes to it on their own.
A non-commercial clause solely for distribution is considered by the FSF to make software non-free and is the clause that's needed for CopperheadOS to have any resemblance of a business model.
Posted Jan 30, 2018 19:09 UTC (Tue)
by pizza (subscriber, #46)
[Link]
Posted Jan 30, 2018 21:43 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (1 responses)
Except that GPL v3 enforces the rule "the user's device belongs to the user".
The GPL2 allows a device vendor (cough cough Tivo) to lock the boot sequence such that the device "owner" can NOT upgrade the software. That is a clear breach of the FSF's ideals, and hence also clearly a bug in the GPL v2.
There's nothing stopping you from providing an unbroken, immutable root of trust for a GPL v3 device - you just need to trust the device OWNER not to abuse it!
(And there's other clear bugs in v2, too ...)
Cheers,
Posted Jan 30, 2018 22:14 UTC (Tue)
by thestinger (guest, #91827)
[Link]
Users should be able to choose to buy a device offering more secure verified boot not relying on state. Ideally, they would be able to order devices with their own public key burned into the hardware, rather than only having the option of buying devices like the Pixel 2 where they can unlock the bootloader, flash their public key to tamper resistant storage, flash their build and then lock the bootloader again to enable verified boot.
> There's nothing stopping you from providing an unbroken, immutable root of trust for a GPL v3 device - you just need to trust the device OWNER not to abuse it!
Immutable means the key has to be hard-wired rather configured as state. The rollback indexes for rollback protection can be irreversible via blowing fuses rather than using state, if it's not necessary to support development or installing other operating systems. A device using state for these is always going to be less secure than it could be without it.
The Pixel 2 / Pixel 2 XL use the Replay Protected Memory Block for storing the configured public key and rollback indexes, which works, but is more vulnerable to exploitation or tampering.
Since GPL3 forbids that, GPL3 code cannot be included in an OS supporting an immutable, unbroken chain of trust from hardware since it would be unusable on some of the device targets.
Even when there's a configurable key, everything leading up to the boot stage supporting configuration of the key needs to be verified from a hard-wired hardware root of trust. The early boot stages cannot permit signing with a custom key since they need to work towards the point where they can load a custom key from state.
CopperheadOS cannot include GPL3 code not owned by Copperhead because it would rule out supporting the most secure verified boot setups. It's not about preventing the device owner from "abusing" the feature. We don't care about that at all. It's an OS focused on hardening to improve privacy and security, and the GPL3 forbids a key part of that hardening by limiting the implementation to the security properties offered by the Pixel 2 approach.
Any partner making or wanting a device meant to be as secure as possible is going to be unwilling to give up some verified boot security to support using GPL3 code when they have other options. It would make CopperheadOS useless for the niches where it's targeting and isn't an option at all.
I think putting a significant limit on verified boot security is quite clearly a major usage restriction. It rules out using GPL3 code in many security-critical niches, especially when anti-tamper is important like many embedded devices.
It's perfectly fine to decide that the ends justify the means but it's disingenuous to pretend that there's no value in an immutable, unbroken chain of trust for verified boot.
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
CopperheadOS: Security features, installing apps, and more (opensource.com)
Wol
CopperheadOS: Security features, installing apps, and more (opensource.com)
