Hypervisors Can Defeat GPLv3's Anti-Tivoization

DeviceGuru writes "A hypervisor can be used to isolate from each other software works released under incompatible licenses, while allowing them to run simultaneously on the same hardware. For example, Linux and Windows CE can run on separate virtual machines on one device, without violating either OS's license. Due to the isolation between multiple VMs running atop a hypervisor, it seems like this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses." Here's a white paper with more details from a commercial hypervisor company.

Can it really?

[realdodgeman]

GPLv3 states that you have to be able to use modified versions of the code on consumer devices. How can you circumvent that? Even if it runs in a hypervisor, you are still violating the license.

Re:Bogus!

[Orange+Crush]

I get the same impression. If TIVO for instance wishes to use the method to satisfy both their (eventual) GPLv3 obligations *and* content-owner obligations at the same time, then I don't see it violating either the letter or the spirit of GPLv3. An end-user is free to modify the Linux client as they see fit, or to replace the hypervisor alltogether with a bare-metal Linux installation.

Re:Bogus!

[mmacdona86]

Note that the hypervisor doesn't prevent you from updating the GPL code (the Linux kernel, for example)--
it just prevents you from getting extra access to the machine by updating the code. Thus it allows "tivoization" without violating the letter (or arguably the spirit) of GPL v3. The GPL code you can hack and modify to your heart's content; the hypervisor just makes sure that said hacking doesn't compromise the machine.

Going the other way...

[JeremyGNJ]

Seems like the whole GPL 3 thing is "going the other way" if you step back and look at it.

It used to be that the restrictions on proprietary code caused people to want other options, and jump through hoops to get around the restrictions.

Now people will be doing the same to deal with the restrictions of GPL 3.

Seems that the "spirit" of open software is being compromised by people trying to nail it down in legal terms.

Re:Bogus!

[shaitand]

'The question is, does this new system violate the leter or the spirit of GPL3? (I'm asking honestly here--I can't quite wrap my head around it.)'

It depends on how broadly you interpret the spirit of the GPL. Under this scheme you'd run Linux in a VM. Therefore, you could modify the GPL'd code and update it in the VM. Now, if you believe that is the whole of the SPIRIT of the GPL then there is no problem.

However, this is being done for the sole purpose of bypassing a clause in the GPLv3 that would require the manufacturer to essentially open the specifications of the device. The primary reason manufacturers don't want you to have the specs is that they like to take a device and disable functions in software then sell the exact same device at a higher price without the artificial limitations. If they provide the specs then 'modified' firmware that turns on all the device functions will appear, like that for Tivo, Linksys devices, etc.

I personally believe the idea behind the free software movement and the GPL is about more than just opening source. I believe that opening the source is just a mechanism for achieving a higher aim that empowers the user to be able to fully control their own system (provided they have the skill and abilities to do so). Whether it be a playstation, an xbox, a tivo, a wireless router, a cablebox, a general purpose computer, or a fancy wristwatch; a computer is a computer is a computer and the GPL was just a tool created by a group aiming to create a fully open system that empowered to program and control their own computer. After all, it isn't Sony's playstation, Microsoft's XBox, or Linksys's router; when you bought it, they lost all right to any say in how that device is used or modified.

An attempt at an explanation

[bitspotter]

Start with two machines: a "Tivo" with proprietary firmware, connected via LAN to a PC with a Trusted Computing TPM and a GPLv3 OS image signed by the "Tivo"'s vendor.

The OS can be altered and recompiled on the PC at will, staying well within the provisions of the hardware/software definitions as used in the GPLv3 license.

But when streaming video from the PC to the Tivo, remote attestation is used to verify the signature of the OS image booted on the PC. If the bootstrap signature is not provided, or doesn't match, the Tivo refuses to play the provided stream.

Got it? Good. Now all you need to do is re-imagine the PC in this model as a virtual machine run inside the Tivo itself, and you get the idea.

There might be a problem with this end-run, however. It all depends on whether the GPLv3 has to say specifically about what functionality is locked out without a bootstrap signature from the VM. If there's some language about insuring "complete", "full", or "all" functionality to modified versions, then it may not matter whether there's a hypervisor in the way or not (although the original network example I gave above is still legit).

I'm intersted to hear what the lawyers have to say.

Re:This FUD makes no sense.

[runderwo]

At this rate, I'm not sure what they want GPL'd software for

They want it because the price is unbeatable.

It's just that it has an annoying license that they have to work around, in order to be able to sufficiently hamstring their users.

Re:Bogus!

[everphilski]

No stake whatsoever, except opposing anti-tivoization and GPLv3. I still don't believe 'freedom' can be obtained by imposing restrictions in a software license. If you want free, make it free!

Check and mate, general-purpose personal computer!". Well, I guess you will still be able to import one from China, provided you won't get caught.

Homebrew it. Engineers shall rule the world :) They did it 20 years ago, why not today? Plenty of people build their own (amateur) radios, many from scratch and approaching the complexity of a modern computer. It might bring about a new renaissance ... go with the flow man, RMS is no Jesus, and the FSF is no means of salvation. They have their own ambitions and agendas, just like any other organization.

Re:Bogus!

[secolactico]

They may very well just stick with their current kernel. This is actually what I see happening, a lot of the world will be stuck on old GPL v2 modules, while some will choose to make "clean room" implementations of GPL v3 code and release it under v2

Or maybe they will simply port their apps to BSD and use that on the tivo boxes. Or maybe they will license some other OS that will allow them to keep everything closed source.

Or do they have a specific reason for sticking with Linux?

The dumbest topic on /.

[7-Vodka]

I am amazed that the ratio of junk idiotic posts vs. informed posts in this discussion is astronomical.

1. GPL3 is not designed to stop encryption of data (DRM - Digital Restrictions Management).
2. GPL3 is designed to stop preventing a user of GPL3 software from using it to the full extent (right to modify and still use the device).
3. What this white paper proposes is a way to implement DRM and comply with the GPL3.

So where's the beef?
The GPL3 doesn't stop DRM. Woot stop the presses! I could have told you that months ago during the drafting process because it's not designed to stop DRM.