04.03.09

Gemini version available ♊︎

Linux is Getting ‘Built-in’ Tivoization Equivalent

Posted in GNU/Linux, IBM, Kernel, Tivoization, Videos at 5:44 am by Dr. Roy Schestowitz

Could this have played a role in Linus’ decision regarding GPLv3?

Richard Stallman and the GPLv3
GPLv3 launch

Summary: TPM in Linux raises important questions about Freedom

A COUPLE of years ago Linus Torvalds wrote “I think Tivoization is *good*,” which led to lengthy discussions.

Yesterday in the IRC channel a fascinating tidbit resurfaced as IBM’s Trusted Computing ambitions for Linux reared their ugly head again. The idea of embedding ‘trusted’ computing in Linux (it is the very opposite of trust) probably involved work from IBM, at least based on some prior reports and the Linux Weather Forecast, which has the following for Linux 2.6.30.

Support for integrity management in the kernel has been merged. This code makes use of the trusted platform module (TPM) built into many systems to ensure that the system’s files (including its executable software) have not been corrupted, maliciously or otherwise.

This can be misused to achieve the very opposite, where “corrupted” means benignly hacked. An older article about this seems innocent enough, but questions may arise, such as: could Linus have known something about TPM when rejecting GPLv3?

“What would this mean to Linux as a Free underlying platform?”“It was one of the main reasons for the rejection in the Linux kernel mailing list,” writes oiaohm. If binaries are changed (or their ‘integrity’ not authenticated), then programs won’t run.

“Problem is, there are devices where TiVo style security is needed,” claims oiaohm, “Like you don’t want people tampering with electronic voting systems.

“As I said, there is good and bad to it. Good for very particular uses. You really do want to be able to inspect the source code of a electronic voting machine to make sure it is not stuffed up. You also don’t want people tampering with it. If you look around, you can find other valid uses of the tech.”

What would this mean to Linux as a Free underlying platform? The GNU/Linux operating system could suffer from this. “Problem is, I would bet almost all the money I have that it will be abused to harm users,” concludes oiaohm.

Video on Trusted Computing:

Ogg Theora

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

8 Comments

  1. NotZed said,

    April 3, 2009 at 7:53 am

    Gravatar

    Personality cults are a big problem in the “open sauce” world – what Linus says many people agree with, with no objective reasoning and an almost religious blindness (there are other examples of this fanboyism, although thankfully I think nobody listens to ESR any more). He has his own agenda, but without an underlying ideology it has no decipherable direction behind it; hence, this isn’t something RMS suffers from – he can be held accountable to the standards he sets himself. These other `leading’ individuals set no standards they are expected to abide by.

    The refusal to go to GPL3 is the biggest threat to the future of Linux, but on the other hand it is a fairly insignificant threat to the GNU platform as a whole. I think the kernel developers who keep pushing against it don’t realise what a relatively insignificant (however important) component of an entire operating system their hardware abstraction layer is.

    Of course, all of the ‘proprietary’ GNU/Linux vendors love this ‘validation’ software. They’d hate for any of their users to exercise their legal rights to freely modify the software they own even running on their own property. After all, how could they provide the service of support — what these customers have paid for — if they modified it, especially considering these vendors basically paid nothing in the first place (on average) for the software they *sold* to these customers.

    David Gerard Reply:

    Uh. It’s so insignificant that I’m using Linux instead of FreeBSD right now precisely because I want my damn hardware to work. The kernel is an amazing thing, it really is. Don’t underestimate it because Linus has annoyed you.

    Roy Schestowitz Reply:

    He didn’t annoy me. I even exchanged mail with him.

    The post criticises IBM mostly.

  2. Peter said,

    April 3, 2009 at 8:46 am

    Gravatar

    “Problem is, there are devices where TiVo style security is needed,” claims oiaohm, “Like you don’t want people tampering with electronic voting systems.

    You don’t need to Tivo-ize an e-voting machine. A voter doesn’t walk into a booth and log-in as a root user. Tivo-ization exists to allow a computer user root access yet still prevent them from changing the software installed on the machine.

    Roy Schestowitz Reply:

    Yes, but it only says “TiVo style” or “TiVo equivalent”. It’s the basic idea that there will be restriction on modification of programs.

    oiaohm Reply:

    TiVo style as Roy says to prevent modification. So person transporting machine could not alter it lets say to run a different bit of voting software that was rigged.

    TiVo style can prevent you basically starting anything on the machine bar the intended software. So providing a means of anyone with the machine simply tampering. Normally the voter is not the risk. Its people with more time.

    TiVo-ization a voting machine is still a good move. Since by blocking alteration of software as root you also block anyone using flawed services to do the same.

    Using selinux and other mandatory access controls under linux you can take way root users power to alter the system. Root user on Linux is nothing more than a virtual construct that is optional. TiVo-ization is more than this.

    TPM alteration is basically one more step. TPM protects the boot up process preventing tampering to bypass there. So enabling normal secuirty systems in Linux to be turned into fully TiVo-ization systems with no simple by pass.

    Peter Reply:

    TiVo-ization a voting machine is still a good move.

    Generally, I agree with all you say. My disagreement comes with using the term “TiVo-ization” in such a context. The reason being that an e-voting machine is not consumer-owned and controlled. I think saying something like, “Using a TPM on voting machines is still a good move.” is more accurate. The point of the term “TiVo-ization” is to point out when trusted computing has become treacherous – since the TiVo is a consumer product.

    oiaohm Reply:

    I termed it that way mostly for the simple point the same tech is used to do both.

    You build a TiVo-ization device or a TPM protected voting machine you are using exactly the same tech no difference.

    This is the problem with techs they are double sided. Its making sure they are used for good not evil.

DecorWhat Else is New


  1. When Twitter Protects Abusers and Abuse (and Twitter's Sponsors)

    Twitter is an out-of-control censorship machine and it should be treated accordingly even by those who merely "read" or "follow" Twitter accounts; Twitter is a filter, not a news/media platform or even means of communication



  2. IRC Proceedings: Tuesday, January 18, 2022

    IRC logs for Tuesday, January 18, 2022



  3. Links 19/1/2022: Wine 7.x Era Begins and Istio 1.12.2 is Out

    Links for the day



  4. Another Video IBM Does Not Want You to Watch

    It seems very much possible that IBM (or someone close to IBM) is trying to purge me from Twitter, so let’s examine what they may be trying to distract from. As we put it 2 years ago, "Watson" is a lot more offensive than those supposedly offensive words IBM is working to purge; think about those hundreds of Red Hat workers who are black and were never told about ethnic purges of blacks facilitated by IBM (their new boss).



  5. What IBM Does Not Want You to Watch

    Let's 'Streisand it'...



  6. Good News, Bad News (and Back to Normal)

    When many services are reliant on the integrity of a single, very tiny MicroSD card you're only moments away from 2 days of intensive labour (recovery, investigation, migration, and further coding); we've learned our lessons and took advantage of this incident to upgrade the operating system, double the storage space, even improve the code slightly (for compatibility with newer systems)



  7. Someone Is Very Desperate to Knock My Account Off Twitter

    Many reports against me — some successful — are putting my free speech (and factual statements) at risk



  8. Links 18/1/2022: Deepin 20.4 and Qubes OS 4.1.0 RC4

    Links for the day



  9. Links 18/1/2022: GNOME 42 Alpha and KStars 3.5.7

    Links for the day



  10. IRC Proceedings: Monday, January 17, 2022

    IRC logs for Monday, January 17, 2022



  11. Links 17/1/2022: More Microsoft-Connected FUD Against Linux as Its Share Continues to Fall

    Links for the day



  12. The GUI Challenge

    The latest article from Andy concerns the Command Line Challenge



  13. Links 17/1/2022: digiKam 7.5.0 and GhostBSD 22.01.12 Released

    Links for the day



  14. IRC Proceedings: Sunday, January 16, 2022

    IRC logs for Sunday, January 16, 2022



  15. Links 17/1/2022: postmarketOS 21.12 Service Pack 1 and Mumble 1.4 Released

    Links for the day



  16. [Meme] Gemini Space (or Geminispace): From 441 Working Capsules to 1,600 Working Capsules in Just 12 Months

    Gemini space now boasts 1,600 working capsules, a massive growth compared to last January, as we noted the other day (1,600 is now official)



  17. [Meme] European Patent Office Space

    The EPO maintains a culture of illegal surveillance, inherited from Benoît Battistelli and taken to a whole new level by António Campinos



  18. Gemini Rings (Like Webrings) and Shared Spaces in Geminspace

    Much like the Web of 20+ years ago, Gemini lets online communities — real communities (not abused tenants, groomed to be ‘monetised’ like in Facebook or Flickr) — form networks, guilds, and rings



  19. Links 16/1/2022: Latte Dock 0.11 and librest 0.9.0

    Links for the day



  20. The Corporate Cabal (and Spy Agencies-Enabled Monopolies) Engages in Raiding of the Free Software Community and Hacker Culture

    In an overt attack on the people who actually did all the work — the geeks who built excellent software to be gradually privatised through the Linux Foundation (a sort of price-fixing and openwashing cartel for shared interests of proprietary software firms) — is receiving more widespread condemnation; even the OSI has been bribed to become a part-time Microsoft outsourcer as organisations are easier to corrupt than communities



  21. EPO's Web Site Constantly Spammed by Lies About Privacy While EPO Breaks the Law and Outsources Data to the United States

    The António Campinos-led EPO works for imperialism, it not only protects the rich; sadly, António’s father isn’t alive anymore and surely he would blast his son for doing what he does to progress his career while lying to staff and European citizens



  22. Links 16/1/2022: Tsunami and Patents

    Links for the day



  23. IRC Proceedings: Saturday, January 15, 2022

    IRC logs for Saturday, January 15, 2022



  24. Links 16/1/2022: Year of the GNU/Linux Desktop and Catch-up With Patent Misinformation

    Links for the day



  25. Patrick Breyer, Unlike Most German Politicians, Highlights the Fact That Unified Patent Court (UPC) and Unitary Patent Are Incompatible With EU Law

    A longtime critic of EPO abuses (under both Benoît Battistelli and António Campinos leadership), as well as a vocal critic of software patents, steps in to point out the very obvious



  26. Links 15/1/2022: Flameshot 11.0 and Libvirt 8.0

    Links for the day



  27. Blogging and Microblogging in Geminispace With Gemini Protocol

    Writing one’s thoughts and other things in Geminispace — even without setting up a Gemini server — is totally possible; gateways and services do exist for this purpose



  28. Links 15/1/2022: Raspberry Pi in Business

    Links for the day



  29. IRC Proceedings: Friday, January 14, 2022

    IRC logs for Friday, January 14, 2022



  30. Gemini Clients: Comparing Moonlander, Telescope, Amfora, Kristall, and Lagrange (Newer and Older)

    There are many independent implementations of clients (similar to Web browsers) that deal with Gemini protocol and today we compare them visually, using Techrights as a test case/capsule


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts