LWN: Comments on "The Linux kernel and digital rights management"

The Linux kernel and digital rights management

iabervon — Fri, 16 May 2003 19:19:11 +0000

Experts generally feel that the second use won't actually work, because it's too hard to protect the chain of trust from the computer manufacturer to the content provider, to manage trust of the software involved, and to manage security of the key over its potential lifetime.

There's a third use, as well: hardware vendors who want to use the flexibility of a general purpose computer in their device without giving that flexibility to the end user. Consider a car manufacturer who uses an embedded processor to control the car, rather than using a PIC or an FPGA, so that it is easier to write the firmware and deploy changes. The manufacturer doesn't want to let the user modify the firmware arbitrarily, because it opens up all kinds of liability problems. They could build a car with a public key embedded in it, and only allow kernels signed with the corresponding private key; these kernels being the ones they are willing to be liable for.

So it makes sense to have DRM in cases where it limits the risk of embedding a general computer in something which does not need to be a general computer.

The Linux kernel and digital rights management

jensend — Thu, 08 May 2003 15:47:04 +0000

The purpose is to exclude licenses that, say, prohibit use by the military, by people with the wrong religion, citizens of certain countries, or drinkers of light beer.

GNOME fan: GREAT TASTE!
KDE fan: LESS FILLING!

The Linux kernel and digital rights management

scharkalvin — Thu, 08 May 2003 12:03:23 +0000

There are two reasons to run a 'signed' kernel, and to have the hardware force you to ONLY run a signed kernel. Both reasons involve trust, but from different points of view. In one case, it protects the computer user (and the computer) from running software obtained from an untrusted source, software that might contain viri and due damage to the user. In this case if I compile my own kernel, I need the key for my computer so I can run linux. I could see the maker of the computer suppling the owner with the binary key so he could sign his own kernel. It would be unique to each computer, and only allow me to run the kernel I built on a single computer, the one whose Key I know.

The second reason for the signed kernel is trust for the providers of any software content I might wish to view on my computer. With this key my kernel could use DRM hardware to unlock content to view on my computer. This is the dark side that worries us, because we see being locked out of using our OWN content as the DRM hardware/software bytes back at NON-PIRATE uses of the machine.

So you don't own it? So what?

giraffedata — Sat, 03 May 2003 02:30:48 +0000

Why is that sad? Isn't this just a wording issue? If we didn't say that customer "owns the xbox" or "bought the xbox," doesn't your whole argument just evaporate? If we keep everything the same except the words and say you purchased the right to do certain things involving a certain hunk of xbox hardware, then is there an issue? If we say MS owns the xbox, like my bank says it owns the credit card in my wallet, does that solve the problem?

Or are you just concerned that someone unwittingly bought these limited rights to use an xbox when he thought he was buying the xbox in the simple sense? We can fix that with publicity.

The Linux kernel and digital rights management

Baylink — Fri, 02 May 2003 20:53:13 +0000

If you've been following the technical press, though, on topics like the trend of hardware manufacturers towards things like hard drives with encrypted *interfaces* (for which {you don't have,only Micro$oft has} the keys, then the idea won't surprise you that Microsoft will be able to swing *the entire industry* towards crap like this...

The Linux kernel and digital rights management

ptr — Fri, 02 May 2003 13:52:46 +0000

I think that the real problem is that Microsoft is in the position of holding several quasi-monopolies (Windows, Office). Thus it looks quite outrageous to me, if they sell subventioned hardware which restricts the customer to choices they decide upon.

I agree that it would be a valid business model in general. The questions is whether you accept the spirit of anti-trust laws or not.

The Linux kernel and digital rights management

error27 — Fri, 02 May 2003 04:04:35 +0000

I see it a little bit differently. The way the laws are being interpreted, there are certain things you are not allowed to think about or discuss.

And hey, that's perfectly reasonable if you live in communist Russia.

The Linux kernel and digital rights management

iabervon — Thu, 01 May 2003 21:27:25 +0000

It would probably violate the GPL to embed in the kernel a signature by a key not available to recipients. But that would be a silly idea anyway. A better idea would be to compile the kernel without the use of a private key, and distribute it. Then someone, either the same company or a different company, could examine the kernel binary and decide to sign it. The hardware then checks that a signature is available (not linked into the kernel, which doesn't have any reason to check its own authenticity), and loads the kernel if a suitable signature is found.

The question, then, is whether a signature is a work derived from the work it is a signature for, in which case it would seem to fall under the GPL, requiring that the key used to create the signature itself be made available. But this is unlikely; signing a work probably falls under fair use, in which case the people compiling and shipping the kernel are following the GPL, and the people signing the image and checking the signature aren't bound by it.

The Linux kernel and digital rights management

southey — Thu, 01 May 2003 17:49:48 +0000

"If a private key is considered part of the program's installation scripts, there could be a problem."

The only so-called problem is that the private key must be provided as well. Thus making it useless as Linus pointed out. So it is problem to the distributor not anyone else. If the binary doesn't impact the GPL then it essentially becomes a license manager to the software or hardware to talks to.

RPM and deb package signing

proski — Thu, 01 May 2003 15:45:13 +0000

I think nobody is saying that "putting DRM in the kernel would be a violation of the GPL". It's a strawman argument. And by the way, there is a world of difference between mandatory and optional signatures.

The Linux kernel and digital rights management

proski — Thu, 01 May 2003 15:38:23 +0000

Why do you think that the copyright holder will do the signing? If the Xbox Linux team wants to run Linux on Xbox, are they asking Linus to sign it? No! They are asking Microsoft, because only Microsoft can put the signature that would allow Xbox to run the kernel.

Linus "does not want to be in a position of saying what can or cannot be done with the Linux kernel", but he could end up in the position when he is told what he can or cannot do with the kernel in order to get certified and enable running Linux on DRM-crippled platforms.

There are better ways to protect software from trojans. I have nothing against warning users that the software has no signature, but I'm against forcing them to use signed software, especially if I wrote the software in the hope that the users will improve it and enjoy the software freedom.

The Linux kernel and digital rights management

mrshiny — Thu, 01 May 2003 14:32:48 +0000

You are right; in one aspect the DRM features will limit users. In order to sign a kernel with a key that is trusted by a copyright-holder you will need to have the kernel certified. But what about just signing a kernel to enable things like virus protection? Maybe you can't give your users a DRM-enabled kernel that lets them download mp3s, but you can give them a signed kernel that is free from trojans.

The Linux kernel and digital rights management

smoogen — Thu, 01 May 2003 13:08:25 +0000

I think the way the laws are being interpreted, you do not own the hardware. The best it can be said is that you have a long term lease on it, but you do not OWN it. Sad.

RPM and deb package signing

rasumner — Thu, 01 May 2003 11:09:54 +0000

If some lawyer were to decide that putting DRM in the kernel would be a violation of the GPL, then I don't see how at the same time you could permit RedHat (and most other distributors) signing the packages that they distribute. I can modify the sources from a RPM received from RedHat and recompile it, but I can't sign it with their key. The difference that I see is that RedHat's tools allow the end user to configure which keys they trust. While that is a significant difference, that isn't really part of the legal question being asked. Changing the keys lets me recreate a package which is in some way equivalent, but it will never be the same as if signed by RedHat's key.

The Linux kernel and digital rights management

bockman — Thu, 01 May 2003 11:00:48 +0000

One potential DRM problem for Linux users is to make the market even less friendly to us. Nowadays it is already difficult buy a PC for installing Linux on it. In many places you are forced to buy one with a pre-installed Microsoft OS - paying for something that you don't use. Moreover, it is likely that the PC includes some windows-only hardware that you are forced to buy anyway.

If future PCs will only boot DRM-enabled kernels, installing Linux will only be possible by people capable to build their own PC, including burning a DRM-free BIOS chip with something downloaded from the Net. And good-bye to the already extremely small Linux 'market'. Not mentioning that building DRM-free PC could become illegal in countries with DMCA-like legislation.

And if you wonder why a linux user should care about running a DRM-enabled kernel (after all, it is only there to prevent piracy, is'n it?), consider that it would make not possible to do a lot of things that we currently do (and which are perfectly legal), like recompiling the kernel to fit it to your machine, or downloading, compiling and trying out a new software package not yet in your 'signed' distribution.

The "spirit of free software" and the GPL

ronaldcole — Thu, 01 May 2003 08:48:39 +0000

I've harped on this for many years... The GPL just does not embody the "spirit" of Stallman's Manifesto. I've pointed out to him that the freedom to give away the software is only half-implementing the Manifesto "spec". In order for software to be freely available, like air, you need to be able to ask for it and get it. But Stallman doesn't want to turn free software developers into distributors. And now it's no surprise that DRM seeks to exploit that very hole in the GPL.

DVD Players and DRM

FoxyCoder — Thu, 01 May 2003 07:17:30 +0000

I find the comment about DVD players interesting. In Europe all DVD players are meant to be restricted to playing region 2 DVDs. However such players do not sell. What people buy are DVD players that are restricted to region 2 but can be easily "hacked" to be multi region DVD players. The "hack" generally consists of entering a 4 or 5 digit number into the remote control.

Hollywood has DRM in DVD players, and it doesn't sell.

The Linux kernel and digital rights management

error27 — Thu, 01 May 2003 07:05:55 +0000

Until you buy the hardware, it belongs to Microsoft, and they should be allowed to cripple it however they want to. After you should be able to take it apart and do whatever you want with it.

The real problem is the laws which say you can't take apart hardware you own.

The Linux kernel and digital rights management

piman — Thu, 01 May 2003 04:41:31 +0000

I can't fault MS for restricting what boots on "their" hardware - that is, the hardware inside their offices, owned by Microsoft. But if I buy a computer, I want to be able to do whatever I want with that computer. If everything has insane PKI limitations, we have a state where only the extremely wealthy or corporations can own anything; everyone else is just licensing - software, hardware, or otherwise.

The Linux kernel and digital rights management

miallen — Thu, 01 May 2003 04:00:24 +0000

I don't get it. What's the problem here? This is no different from the XBox PKI usage. Can you fault MS for restricting what can boot on their hardware? Not that I'm a big fan of MS but if you want to get philosphical about it I think you'll lose.

The only problem I can see with DRM in general is censorship. But that requires a monopoly on the forum which isn't easy to come by. I don't think even MS can pull that off. There are plenty of ways to watch video and listen to audio using something other than MS products and I think they're in for a hard sell if they try to lock down WMP.

If I'm wrong, by all means educate me...

Mike

The Linux kernel and digital rights management

proski — Thu, 01 May 2003 03:09:45 +0000

Today, if somebody reports a bug in an old version of software I maintain, I can ask that person to try the latest version. If people start using my program on systems crippled by DRM, they won't be able to upgrade, and I won't be able to help them even though they would have access to the source code.

To give those users the latest version, somebody (possibly the maintainer) would have to go through the certification process with the hardware vendor. The worst thing is that the certificate issuer would be completely within their rights to remove features from my software before generating the key. They would be able to tell me what I can and what I cannot do if I want my free software to reach users of their platform.

My motivation for writing software is giving other people more choice, more freedom and advancing the progress. DRM could be used to take users' choice, users' freedom, and prevent their access to the new versions of the software, even if the new features were suggested and implemented by those users.

Vendors of DRM systems could be within the rights granted to them by GPL, but they would be in violation of the spirit of free software. If GPL is insufficient to prevent the freedom loss through DRM, another license should be developed that would prevent the use of free software in DRM systems, just like GPL prevents linking free and non-free code for the purpose of redistribution.

The Linux kernel and digital rights management

cpeterso — Thu, 01 May 2003 02:39:44 +0000

I feel the "signed kernel" problem is something for the FSF lawyers to worry about, not Linus. What technically can Linus add to Linux that would prevent a signed kernel? And even if there was some prevent-signed-kernel code in Linus' tree, there is nothing preventing a hardware vendor from forking their own tree and removing just that anti-DRM code.

I think all we can do is vote with our dollars. Donate to the FSF and support only non-DRM hardware vendors.