EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.03.09

Linux is Getting ‘Built-in’ Tivoization Equivalent

Posted in GNU/Linux, IBM, Kernel, Tivoization, Videos at 5:44 am by Dr. Roy Schestowitz

Could this have played a role in Linus’ decision regarding GPLv3?

Richard Stallman and the GPLv3
GPLv3 launch

Summary: TPM in Linux raises important questions about Freedom

A COUPLE of years ago Linus Torvalds wrote “I think Tivoization is *good*,” which led to lengthy discussions.

Yesterday in the IRC channel a fascinating tidbit resurfaced as IBM’s Trusted Computing ambitions for Linux reared their ugly head again. The idea of embedding ‘trusted’ computing in Linux (it is the very opposite of trust) probably involved work from IBM, at least based on some prior reports and the Linux Weather Forecast, which has the following for Linux 2.6.30.

Support for integrity management in the kernel has been merged. This code makes use of the trusted platform module (TPM) built into many systems to ensure that the system’s files (including its executable software) have not been corrupted, maliciously or otherwise.

This can be misused to achieve the very opposite, where “corrupted” means benignly hacked. An older article about this seems innocent enough, but questions may arise, such as: could Linus have known something about TPM when rejecting GPLv3?

“What would this mean to Linux as a Free underlying platform?”“It was one of the main reasons for the rejection in the Linux kernel mailing list,” writes oiaohm. If binaries are changed (or their ‘integrity’ not authenticated), then programs won’t run.

“Problem is, there are devices where TiVo style security is needed,” claims oiaohm, “Like you don’t want people tampering with electronic voting systems.

“As I said, there is good and bad to it. Good for very particular uses. You really do want to be able to inspect the source code of a electronic voting machine to make sure it is not stuffed up. You also don’t want people tampering with it. If you look around, you can find other valid uses of the tech.”

What would this mean to Linux as a Free underlying platform? The GNU/Linux operating system could suffer from this. “Problem is, I would bet almost all the money I have that it will be abused to harm users,” concludes oiaohm.

Video on Trusted Computing:

Ogg Theora

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

8 Comments

  1. NotZed said,

    April 3, 2009 at 7:53 am

    Gravatar

    Personality cults are a big problem in the “open sauce” world – what Linus says many people agree with, with no objective reasoning and an almost religious blindness (there are other examples of this fanboyism, although thankfully I think nobody listens to ESR any more). He has his own agenda, but without an underlying ideology it has no decipherable direction behind it; hence, this isn’t something RMS suffers from – he can be held accountable to the standards he sets himself. These other `leading’ individuals set no standards they are expected to abide by.

    The refusal to go to GPL3 is the biggest threat to the future of Linux, but on the other hand it is a fairly insignificant threat to the GNU platform as a whole. I think the kernel developers who keep pushing against it don’t realise what a relatively insignificant (however important) component of an entire operating system their hardware abstraction layer is.

    Of course, all of the ‘proprietary’ GNU/Linux vendors love this ‘validation’ software. They’d hate for any of their users to exercise their legal rights to freely modify the software they own even running on their own property. After all, how could they provide the service of support — what these customers have paid for — if they modified it, especially considering these vendors basically paid nothing in the first place (on average) for the software they *sold* to these customers.

    David Gerard Reply:

    Uh. It’s so insignificant that I’m using Linux instead of FreeBSD right now precisely because I want my damn hardware to work. The kernel is an amazing thing, it really is. Don’t underestimate it because Linus has annoyed you.

    Roy Schestowitz Reply:

    He didn’t annoy me. I even exchanged mail with him.

    The post criticises IBM mostly.

  2. Peter said,

    April 3, 2009 at 8:46 am

    Gravatar

    “Problem is, there are devices where TiVo style security is needed,” claims oiaohm, “Like you don’t want people tampering with electronic voting systems.

    You don’t need to Tivo-ize an e-voting machine. A voter doesn’t walk into a booth and log-in as a root user. Tivo-ization exists to allow a computer user root access yet still prevent them from changing the software installed on the machine.

    Roy Schestowitz Reply:

    Yes, but it only says “TiVo style” or “TiVo equivalent”. It’s the basic idea that there will be restriction on modification of programs.

    oiaohm Reply:

    TiVo style as Roy says to prevent modification. So person transporting machine could not alter it lets say to run a different bit of voting software that was rigged.

    TiVo style can prevent you basically starting anything on the machine bar the intended software. So providing a means of anyone with the machine simply tampering. Normally the voter is not the risk. Its people with more time.

    TiVo-ization a voting machine is still a good move. Since by blocking alteration of software as root you also block anyone using flawed services to do the same.

    Using selinux and other mandatory access controls under linux you can take way root users power to alter the system. Root user on Linux is nothing more than a virtual construct that is optional. TiVo-ization is more than this.

    TPM alteration is basically one more step. TPM protects the boot up process preventing tampering to bypass there. So enabling normal secuirty systems in Linux to be turned into fully TiVo-ization systems with no simple by pass.

    Peter Reply:

    TiVo-ization a voting machine is still a good move.

    Generally, I agree with all you say. My disagreement comes with using the term “TiVo-ization” in such a context. The reason being that an e-voting machine is not consumer-owned and controlled. I think saying something like, “Using a TPM on voting machines is still a good move.” is more accurate. The point of the term “TiVo-ization” is to point out when trusted computing has become treacherous – since the TiVo is a consumer product.

    oiaohm Reply:

    I termed it that way mostly for the simple point the same tech is used to do both.

    You build a TiVo-ization device or a TPM protected voting machine you are using exactly the same tech no difference.

    This is the problem with techs they are double sided. Its making sure they are used for good not evil.

What Else is New


  1. The Linux Foundation is Not About Linux

    Linux Foundation (LF) objectives/missions do not resemble what the Open Source Development Labs, Inc. (OSDL) was founded to accomplish; this puts at grave threat the very raison d'être of both GNU and Linux



  2. Guest Post: The Linux Foundation Needs to Define “Support”

    Part of an ongoing series of articles we do about the Linux Foundation



  3. Dimitris Xenos on Unconstitutional Supranational Arrangements for Patent Law: Leaving Out the Elected Legislators and the People’s Participatory Rights

    A new paper from a British scholar proves to be timely because of the EPO's violations of the European Patent Convention (EPC) and failed push to force-feed Europe with the unconstitutional Unified Patent Court (UPC)



  4. The Campinos-Battistelli Strategy is Working: Patent Trolls Are Coming to Europe!

    It cannot be any less obvious that today's European Patent Organisation (and Office) works for patent offices and for those who pay these patent offices (law firms) rather than for science, technology and the public (including the European public)



  5. Links 25/3/2019: Linux 5.1 RC2, Nano 4.0, PyPy 7.1

    Links for the day



  6. Links 24/3/2019: Microsoft Does Not Change; Lots of FOSS Leftovers

    Links for the day



  7. Just Published: Irrational Ignorance at the Patent Office

    Iancu and his fellow Trump-appointed "swamp" at the USPTO are urged to consult academics rather than law firms in order to improve patent quality in the United States



  8. Microsoft Paid the Open Source Initiative. Now (a Year Later) Microsoft is in the Board of the Open Source Initiative.

    The progression of Microsoft entryism in FOSS-centric institutions (while buying key "assets" such as GitHub) isn't indicative of FOSS "winning" but of FOSS being infiltrated (to be undermined)



  9. Jim Zemlin's Linux Foundation Still Does Not Care About Linux Desktops

    We are saddened to see that the largest body associated with Linux (the kernel and more) is not really eager to see GNU/Linux success; it's mostly concerned about its bottom line (about $100,000,000 per annum)



  10. Links 23/3/2019: Falkon 3.1.0 and Tails 3.13.1

    Links for the day



  11. The Unified Patent Court is Dead, But Doubts Remain Over the EPO's Appeal Boards' Ability to Rule Independently Against Patents on Nature and Code

    Patents used to cover physical inventions (such as engines); nowadays this just isn't the case anymore and judges who can clarify these questions lack the freedom to think outside the box (and disobey patent maximalists' dogma)



  12. Patent Law Firms Still Desperate to Find New Ways to Resurrect Dead Software Patents in the United States

    There's no rebound and no profound changes that favour software patents; in fact, judging by caselaw, there's nothing even remotely like that



  13. Links 22/3/2019: Libinput 1.13 RC2 and Facebook's Latest Security Scandal

    Links for the day



  14. Why the UK Intellectual Property Office (UK-IPO) Cannot Ignore Judges, Whereas the EPO Can (and Does)

    The European Patent Convention (EPC) ceased to matter, judges' interpretation of it no longer matters either; the EPO exploits this to grant hundreds of thousands of dodgy software patents, then trumpet "growth"



  15. The European Patent Office Needs to Put Lives Before Profits

    Patents that pertain to health have always posed an ethical dilemma; the EPO apparently tackled this dilemma by altogether ignoring the rights and needs of patients (in favour of large corporations that benefit financially from poor people's mortality)



  16. “Criminal Organisation”

    Brazil's ex-President, Temer, is arrested (like other former presidents of Brazil); will the EPO's ex-President Battistelli ever be arrested (now that he lacks diplomatic immunity and hides at CEIPI)?



  17. Links 21/3/2019: Wayland 1.17.0, Samba 4.10.0, OpenShot 2.4.4 and Zorin Beta

    Links for the day



  18. Team UPC (Unitary Patent) is a Headless Chicken

    Team UPC's propaganda about the Unified Patent Court (UPC) has become so ridiculous that the pertinent firms do not wish to be identified



  19. António Campinos Makes Up Claims About Patent Quality, Only to be Rebutted by Examiners, Union (Anyone But the 'Puff Pieces' Industry)

    Battistelli's propagandistic style and self-serving 'studies' carry on; the notion of patent quality has been totally discarded and is nowadays lied about as facts get 'manufactured', then disseminated internally and externally



  20. Links 20/3/2019: Google Announces ‘Stadia’, Tails 3.13

    Links for the day



  21. CEN and CENELEC Agreement With the EPO Shows That It's Definitely the European Commission's 'Department'

    With headlines such as “EPO to collaborate on raising SEP awareness” it is clear to see that the Office lacks impartiality and the European Commission cannot pretend that the EPO is “dafür bin ich nicht zuständig” or “da kenne ich mich nicht aus”



  22. Decisions Made Inside the European Patent Organisation (EPO) Lack Credibility Because Examiners and Judges Lack Independence

    The lawless, merciless, Mafia-like culture left by Battistelli continues to haunt judges and examiners; how can one ever trust the Office (or the Organisation at large) to deliver true justice in adherence or compliance with the EPC?



  23. Team UPC Buries Its Credibility Deeper in the Grave

    The three Frenchmen at the top do not mention the UPC anymore; but those who promote it for a living (because they gambled on leveraging it for litigation galore) aren't giving up and in the process they perpetuate falsehoods



  24. The EPO Has Sadly Taken a Side and It's the Patent Trolls' Side

    Abandoning the whole rationale behind patents, the Office now led for almost a year by António Campinos prioritises neither science nor technology; it's all about granting as many patents (European monopolies) as possible for legal activity (applications, litigation and so on)



  25. Where the USPTO Stands on the Subject of Abstract Software Patents

    Not much is changing as we approach Easter and software patents are still fool's gold in the United States, no matter if they get granted or not



  26. Links 19/3/2019: Jetson/JetBot, Linux 5.0.3, Kodi Foundation Joins The Linux Foundation, and Firefox 66

    Links for the day



  27. Links 18/3/2019: Solus 4, Linux 5.1 RC1, Mesa 18.3.5, OSI Individual Member Election Won by Microsoft

    Links for the day



  28. Microsoft and Its Patent Trolls Continue Their Patent War, Including the War on Linux

    Microsoft is still preying on GNU/Linux using patents, notably software patents; it wants billions of dollars served on a silver platter in spite of claims that it reached a “truce” by joining the Open Invention Network and joining the LOT Network



  29. Director Iancu Generally Viewed as a Lapdog of Patent Trolls

    As Director of the Office, Mr. Iancu, a Trump appointee, not only fails to curb patent trolls; he actively defends them and he lowers barriers in order to better equip them with bogus patents that courts would reject (if the targets of extortion could afford a day in court)



  30. Links 17/3/2019: Google Console and IBM-Red Hat Merger Delay?

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts