Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hypervisors Can Defeat GPLv3's Anti-Tivoization

Posted by kdawson on from the walled-gardens dept.

DeviceGuru writes "A hypervisor can be used to isolate from each other software works released under incompatible licenses, while allowing them to run simultaneously on the same hardware. For example, Linux and Windows CE can run on separate virtual machines on one device, without violating either OS's license. Due to the isolation between multiple VMs running atop a hypervisor, it seems like this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses." Here's a white paper with more details from a commercial hypervisor company.

10 of 377 comments (clear)

  1. No, they can't. by strredwolf · · Score: 3, Informative

    Simply put, if any part of the firmware is GPL 3'ed, even if it's running under a VM, it still requires the ability to replace it by the user w/o authorization from the factory. If I remember the license and discussion about it, it's "if it's in there, it's there for all."

    --

    --
    # Canmephians for a better Linux Kernel
    $Stalag99{"URL"}="http://stalag99.net";
  2. Re:Backfire in responce. by QuoteMstr · · Score: 5, Informative

    The goal of the GPL is to keep software free; the goal of BSD-style licenses is to ensure that high-quality software is used as widely as possible. They're conflicting goals, to an extent, though there's a big overlap.

    The GPLv3's anti-tivoization clause is true to the GPL's goal. When putting software under the GPL license, one accepts that it might not get as much use as BSD-licensed (or, as an intermediate, GPLv2-licensed) software, and that's the price for the code itself remaining free.

  3. Tivoization (n) by the_skywise · · Score: 3, Informative

    To help slashdotters not have to RTFA!
    (from the whitepaper link)
    "Device vendors are also required to provide access to the source code of the GPL programs (see PLv2 ï½3, GPLv3 ï½6), including "the scripts used to control compilation and installation of the executable" [Footnotes 4, 6]. However, the GPLv2 does not require that installed executables must work, which enables a mechanism the Free Software Foundation calls "Tivoization."

    "Tivoization," according to LinuxInfo.org, "refers to the configuring (by the manufacturer or vendor) of a digital electronic product that uses free software, so that the product will operate only with a specific version of such software." Technically, this means that a vendor of a product that uses GPL v2 programs could provide access to the source code, thus being compliant with the software license, but the product would be prevented from working if a modified version is installed, through the checking of the software image's signature."

    1. Re:Tivoization (n) by Todd+Knarr · · Score: 2, Informative

      Not quite. It means a vendor doing that and allowing itself the ability to update and change the software while at the same time preventing the user from doing the same. If the vendor simply made it impossible to change the software, for either the user or the vendor, then that'd be acceptable under the GPL. The GPLv3 is explicit about this: it's not a violation to put the software in ROM or the like that can't be changed, but if the software can be changed then the recipient must be able to change it. TiVo's issue is that they want the right to change GPL'd software themselves but not permit the people they distribute it to to do what TiVo does.

  4. Re:Can it really? by iburrell · · Score: 2, Informative

    The GPLv3 states that you have to be able to use modified versions of the GPLv3 code. It doesn't say that the proprietary code has to work with modified versions of the GPLv3 program. Think of a Tivo which has an open-source kernel, userspace, and proprietary video program. If the video program refuses to work with anything other than a Tivo-provided kernel, then you may be able to upgrade the kernel but it won't be a Tivo just a hackable DVR.

    This can't be achieved when the kernel is running on the bare metal. Any trusted code in the kernel (which must have source code) can be hacked. But the hypervisor can be proprietary and provide trusted verification to the proprietary code. This is the Trusted Computing model. The GPLv3 requires that the GPLv3 code be able to work so there is no locking down the system to only run signed binaries. But it doesn't, and can't, require that other proprietary code work.

  5. Re:Then the Installation Information is insufficie by tepples · · Score: 2, Informative

    That's not quite what I am saying. Basically the hypervisor could limit resources to unsigned code, such that the code will still install and "run", but have such limited resources that it will not function properly. From the GPLv3: "The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made." So if I add a tiny "hello world" style modification and break the digital signature, it had better run and not just "run", or the distributor is in violation of copyright on the GPLv3 covered software he distributes.
  6. Re:Bogus! by cp.tar · · Score: 4, Informative

    Bull.

    The GPL does not restrict usage. It restricts distribution - and in a manner completely opposite to DRM.

    --
    Ignore this signature. By order.
  7. Re:Circumventing? by Chandon+Seldon · · Score: 2, Informative

    Sure, but it violates what the FSF was working towards...

    The single and only purpose of the anti-tivoizaton clause is to allow every user to modify any GPLv3 software they receive and then actually use their modification. It isn't intended to do anything else. Anti-DRM text was considered for GPLv3 and later dropped.

    --
    -- The act of censorship is always worse than whatever is being censored. Always.
  8. Re:So what's the point? by SanityInAnarchy · · Score: 2, Informative

    FOr example, "Yes, there is a spiffy network card. It is an alias for the Loopback Adapter!"
    or
    "There is a TV channel like that. Oops it is all static."

    ...So what?

    Once again, I don't think it defeats the purpose here, which is to prevent them from distributing a GPL'd binary in such a way that I can't upload my own, nearly-identical GPL'd binary and expect it to work.

    To be GPLv3 compliant, I expect they'd have to have that channel exist, and provide exactly the same data to the GPL'd program, no matter what code is actually running inside that program. In other words, the API should be consistent/modular -- if I call 'get_chunk_of_data_from_channel(3, *buffer)' from within any program running on that system, I should get the same result, no matter what the program.

    You're not allowed to take a checksum of the running program, and use that as a basis for deciding if I get static or not. However, if you really want to deliver static to everyone, including your own GPL'd software, go right ahead.

    Or how about hiding specific tools behind or inside the hypervisor so that the code can run unaltered but the code doesn't do as much that is interesting. So instead of storing tv shows, it can only essentially script the storage of the tv show, the rest is handled underneath through encrypted connections, drm, etc. In short, the software is simply not trusted any more than a router on the internet is trusted with your credit card number. No analog hole.

    That is true. It also means they gain less by using GPL'd code -- they now can't use it to handle IO, which Linux is very good at. They also can't use GPL'd decoders, meaning they have to license a proprietary one. And they can't use a GPL'd network stack, they need a BSD one.

    Eventually, it means that they can only use GPL'd code for the UI; they have to implement the equivalent of a kernel underneath it. At this point, I don't think there's really any point to doing the hypervisor -- just do some BSD-derived kernel and run your GPL code under that.

    --
    Don't thank God, thank a doctor!
  9. Re:Bogus! by Knuckles · · Score: 2, Informative

    Anyone who works in the software industry, other than those who get to work on FOSS thanks to charity handouts, has a stake in proprietary software.

    Um, no, you just fell for MS's propaganda. First of all, more than 80% of software is written for other purposes than shrink-wrapped sale. People who write this stuff have less need for restrictive licenses in any case.

    Second, it may be hard to live off free software right now, in a proprietary software world. I have no doubt whatsoever that it would work just as well or better in a free software world. Sure it would be different, but it would work. YMMV

    Third, not that many people work in the software industry, and those who don't do not generally have big stakes in software property.

    agreeing with RMS and agreeing with the freedom to do whatever you want with your computer are NOT the same thing

    In the tivoization question, it is.

    --
    "When I first heard Daydream Nation it quite frankly scared the living shit out of me." -- Matthew Stearns