LWN: Comments on "Interview: Harald Welte (part 1)"

TPM and GPL(v2)

sepreece — Mon, 19 Jun 2006 13:24:09 +0000

I think this substantially understates the legal requirements that radio manufacturers (for radios that transmit) must meet.

It also totally ignores the question of network operator requirements. Neither the network operator or you, as a customer, would be happy if it were easy for another user to initiate a denial-of-service attack by modifying her phone to transmit continuously on the paging channel or to repeatedly place emergency calls in a tight, infinite loop. Manufacturers who build phones that allowed such modifications to be easy would find themselves unable to sell to network operators.

One way to balance things might be to have a hard separation between the radio-control software and the user environment. Most Linux-based phones today do have such a divide, including the ones Welte is working with, but it has typically been designed that way for engineering reasons (separating real-time from non-real-time concerns), and without any attention to protecting the radio side from malicious user-side software.

For further thought, here's an excerpt from the FCC regulations on SDR; note that paragraph (b) says that unless that division between domains is hard, the manufacturer MUST take steps to assure that only trusted software is used:

2.944 Software defined radios.

(a) Manufacturers must take steps to ensure that only software that
has been approved with a software defined radio can be loaded into the
radio. The software must not allow the user to operate the transmitter
with operating frequencies, output power, modulation types or other
radio frequency parameters outside those that were
approved. Manufacturers may use means including, but not limited to
the use of a private network that allows only authenticated users to
download software, electronic signatures in software or coding in
hardware that is decoded by software to verify that new software can
be legally loaded into a device to meet these requirements and must
describe the methods in their application for equipment authorization.

(b) Any radio in which the software is designed or expected to be
modified by a party other than the manufacturer and would affect the
operating parameters of frequency range, modulation type or maximum
output power (either radiated or conducted), or the circumstances
under which the transmitter operates in accordance with Commission
rules, must comply with the requirements in paragraph (a) of this
section and must be certified as a software defined radio.

(c) Applications for certification of software defined radios must
include a high level operational description or flow diagram of the
software that controls the radio frequency operating parameters

TPM and GPL(v2)

tialaramex — Sun, 18 Jun 2006 16:48:38 +0000

The legal requirement for radio transmission is that the user cannot /normally/ tweak the radio parameters outside those licensed. That means the manual shouldn't explain how to do it, and no amount of twiddling with the knobs, changing preference settings or other "user-type activity" can be permitted to exceed the licensed specifications - But it /doesn't/ mean you need to seal the entire product in resin, or that you must keep the source code secret. It should suffice to ensure that anyone modifying the system to exceed licensed specifications must be aware of their actions.

We /already know/ that people hack the existing binary-only firmware for 802.11 devices to uprate their power, and the relevant government agencies haven't done anything to punish the manufacturers because they quite reasonably blame the /users/ not the manufacturers for this unlicensed use.

Therefore the argument that software needs TPM to obey legal restrictions is a bogus one.

Interview: Harald Welte (part 1)

anonymous21 — Sat, 17 Jun 2006 13:48:36 +0000

Great work!

Cant wait to see this running on a e680i as well!

Interview: Harald Welte (part 1)

mogul — Fri, 16 Jun 2006 17:39:37 +0000

Nice to see this happening.

I'd also like information on the similar project to get a fully-featured environment Linux running on the Palm Treo 650, which has tons of potential. The Treo has a keyboard, bluetooth, mouse (stylus), IR, and there's even an SD WiFi card available. The existence of Palm emulators for Linux means that in addition to Linux binaries, a hacked Treo can run all the myriad existing Palm software, even stuff sitting in the original firmware, when the need arises. (Oh MetrO, where would I be without you? Probably rotting dead in a London sewer somewhere...)

There's a bunch of info here:
http://www.handhelds.org/moin/moin.cgi/PalmTreo650

...but I'm not seeing a feed or some other way to easily keep up with changes. One thing to note, though, is that this port is already able to dial the phone...!

As it stands, I already use the Treo 650 in place of numerous devices: Phone, USB thumbdrive (via Softick cardexport and bluefiles/obexfs), eBook reader, music player, video player (TCPMP), RSS reader (via Bloglines), etc. Not only does it do these things, but it does them so well that I feel dumb carrying around a PSP, which only does half those things, and rather poorly (the PSP is great at games, which the Treo is not, however).

Things it doesn't do well? The ssh clients out there suck. The only decent XMPP client is proprietary and also fairly suck (Chatopus). The web browser sucks for any but the most basic sites, and half my life is now server-side in Web 2.0 services (del.icio.us, gmail, google calendar, etc). While existing Linux apps for this kind of stuff are not intended for a mobile environment, I'd much rather start hacking there doing things like contributing to Minimo (mobile Firefox) than try to figure out how to write a better-than-stock web browser from scratch for Palm OS.

Joe Bob says check it out...

Interview: Harald Welte (part 1)

pimlott — Fri, 16 Jun 2006 17:25:11 +0000

However, since I'm virtually the only guy working on the -ezx kernel tree, and I have many other projects and real-world issues to take care of, progress is quite slow.
I expect that within one month, we'll have the phone part working, and can work on the remaining sound + camera drivers.

This is sort of like saying, Linux is quite slow, it takes five seconds to run an infinite loop.

TPM and GPL(v2)

simlo — Thu, 15 Jun 2006 10:00:20 +0000

> On the technical front, I've heard some rumors that the A1200 and
> especially the later models will make use of the TPM (yes, the PXA270 has a
> TPM!) in order to ensure nobody boots non-Motorola-signed kernels. To me,
> this would be a clear violation of the intent of even GPLv2, and should
> those rumours become true, I'll certainly do anything to enforce my
> position on this. But as said, all rumours, nothing definitive known yet.

Well, I see nothing in GPLv2 which says you have to be able to run the software on a specific device. You can always build your own hardware or a simulator.

Would it also be against GPL to put the kernel on a ROM? Then you have to solder to update the software. That is doable, but what if that ROM is build into the CPU chip?
Going to the other extreme: Someone gives you a PC with Linux on a CDROM in the CDROM-drive. Oh! That is read-only, you can only change the Linux kernel by changing CDROM, i.e. changing hardware. Is that forbidden too?

I think using TPM technologies are not always evil. Legal requirements might make it illegal to sell phones where the user can manipulate the transmitter. TPM is a way to make it legally possible to use Linux on such phones. The only other alternative would be to use another OS and not publish the source code at all. Then I would prefer a phone running Linux, although I can't change the kernel. (Ofcourse, a good compromise would be if the phone can boot your own kernel, but just wouldn't be able to transmit, if it isn't signed.)
I can come up with other exambles, where having a device running a TPM locked Linux is the most preferable solution. I have before mentioned the idea of having intelligent electricity, water, heat meters running a trusted (by the provider, not the home owner) Linux.

Interview: Harald Welte (part 1)

meyert — Thu, 15 Jun 2006 07:07:02 +0000

Another gadget running linux: http://opentom.org/

Part 2

cventers — Thu, 15 Jun 2006 02:45:45 +0000

I think I find this part just as interesting. I've been interested in
smartphone hacking and this might be a place to tinker.

TPM & GPLv2

coriordan — Wed, 14 Jun 2006 07:47:56 +0000

When DRM prevents users from being able to adapt GPL'd software to suit their needs, it violates the "spirit", the "licensor's intent", and implicit provisions ("complete source code") in GPLv2.

These things have legal value, but GPLv3 makes these things explicit so as to create a more solid base for free software copyright holders to stand on if they should need to enforce their licence. Making things clear and explicit is important because every court case involves a certain amount of chance, and interpretations and precedents may differ around the world.

Also, making things clear and explicit may deter some infringements. People won't base a business model on something that will obviously fail in court.

What does Linus want / not want? I haven't been able to understand his comments.

TPM & GPLv2

wilck — Tue, 13 Jun 2006 16:19:08 +0000

> To me, this would be a clear violation of the intent of even GPLv2

I thought that forbidding this was one of the main innovations og GPLv3, and (part of) the reason why Linus wants to stick with v2 ... did I get that wrong?

Part 2

corbet — Tue, 13 Jun 2006 03:47:40 +0000

We save the best for last...:)

We'll probably run it in about a week, I think it will be worth the wait.

Interview: Harald Welte (part 1)

wilreichert — Tue, 13 Jun 2006 01:53:47 +0000

Same here.

Interview: Harald Welte (part 1)

ksoonson — Tue, 13 Jun 2006 01:08:24 +0000

I am more interested in part II :-)