Hypervisors Can Defeat GPLv3's Anti-Tivoization

DeviceGuru writes "A hypervisor can be used to isolate from each other software works released under incompatible licenses, while allowing them to run simultaneously on the same hardware. For example, Linux and Windows CE can run on separate virtual machines on one device, without violating either OS's license. Due to the isolation between multiple VMs running atop a hypervisor, it seems like this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses." Here's a white paper with more details from a commercial hypervisor company.

Bogus!

[MMC+Monster]

Frankly, I'm not sure what the article is trying to state.

If the code is released under GPLv3, then modifications of the code must be able to run on the same hardware. It doesn't matter if the key to run the code is a checksum or a password to give the hypervisor. Either way, if modification of the client cannot be dropped into the place of the original client (either to run on the same hardware or the same hypervisor), it's in abuse of the GPLv3.

Re:Bogus!

[mmacdona86]

Note that the hypervisor doesn't prevent you from updating the GPL code (the Linux kernel, for example)--
it just prevents you from getting extra access to the machine by updating the code. Thus it allows "tivoization" without violating the letter (or arguably the spirit) of GPL v3. The GPL code you can hack and modify to your heart's content; the hypervisor just makes sure that said hacking doesn't compromise the machine.

Re:Bogus!

[Kazoo+the+Clown]

Somehow, I don't think the GPL 3 was so poorly written that it could be circumvented so easily.

Why not? It's just another form of DRM-- and we all know how easy that is to crack...

Re:Bogus!

[Knuckles]

Check and mate, RMS!

You must have a huge stake in proprietary software to cheer about this. Note that if this is the way of the future, it's not only "Check and mate, RMS!", but also "Check and mate, general-purpose personal computer!". Well, I guess you will still be able to import one from China, provided you won't get caught. Hurray indeed.

Re:Bogus!

[cp.tar]

Bull.

The GPL does not restrict usage. It restricts distribution - and in a manner completely opposite to DRM.

Backfire in responce.

[jellomizer]

the Anti-Tivoization clause is one the sore points in my book about the GPL 3. Because of the hippocraticy worded in it,
For TiVo being a consumer product is Bad, IBM Being corporate product it is good.
Free Software has a lot of advantages but if you try to get too academic with it it gets to a point where adoption of such products are impractical.
Take the TiVo, what GPLv3 wanted to do was force TiVo to release their DRM so the community has access to their product. What actually happends is TiVo
finds a backdoor to the license and uses it, or drops using open source and any stop to any shared contributions from TiVo and a move to a different
platform.
The License for free software is the cost of using the software. (Except for trading money (and rules) for rights to use, you agree to follow these rules for
rights to use) as more rules you add to the license the more expensive the free software becomes. So if you make FreeSoftware to strict on its use
people won't use it. Academically Free as in speech software sounds like a good plan but real life realizes there is information that you want to keep
private.

Re:Backfire in responce.

[QuoteMstr]

The goal of the GPL is to keep software free; the goal of BSD-style licenses is to ensure that high-quality software is used as widely as possible. They're conflicting goals, to an extent, though there's a big overlap.

The GPLv3's anti-tivoization clause is true to the GPL's goal. When putting software under the GPL license, one accepts that it might not get as much use as BSD-licensed (or, as an intermediate, GPLv2-licensed) software, and that's the price for the code itself remaining free.

Re:Backfire in responce.

[morgan_greywolf]

hippocraticy? If big words give you problems, use a dictionary to learn how to spell hypocrisy. I mean, you're barely in the ball-park, the first and last letters match, and there's a "p" in the middle somewhere. No, no. I think he really meant hippocraticy -- a government for, of and by the hippos.

Not a defeat, a different way of doing things

[romiz]

The resulting product is fundamentally different from a TiVo.

While on TiVo, there is no way to change any part of the code without the signing key, in the proposed solution it is possible for the user to change the whole open-source system with an other one, as required by the GPLv3 license. As such, there is much more freedom for the user to tinker with its own system.

But for the manufacturer, it has the distinct advantages that some parts of the system can be isolated from the open subsystem, in a much more stable way, both legally and technically, than in a closed-source driver. Thus, it is possible to implement DRM, software subject to type conformance, or safety-critical tasks without risking corruption from the open system, whatever this system does. And contrary to the current solution, this does not require additional hardware.

Seems fair to me

[marcosdumay]

Really, your new version of the kernel will have the same privileges as the old version. I see no problem with that.

I only fail to understand why they plan to put a kernel above that hypervisor. For it to be of any use, the hypervisor must controll all I/O operations anyway, what they get from Linux?

Re:Seems fair to me

[Sique]

Moreso: What the Hypervisor is thought to achieve in an attempt to circumvent the GPL is actually something that was designed into the GPL from the very beginning: It was never forbidden to run proprietary code and GPLed code on the same machine. It was only forbidden to make a derivative work from GPLed code and distribute this with a license that is incompatible with the GPL. The FSF stated from the very beginning: If the proprietary code and the GPLed code don't share GPLed libraries or run in the same segment, everything is fine.
(See http://www.gnu.org/licenses/gpl-faq.html#GPLAndNon freeOnSameMachine)

The hypervisor is just another method to achieve exactly this behaviour that was built into the GPL from the very beginning: Make a clear distinction where the proprietary code runs, and where the GPLed code resides. So no: The hypervisor is not a "circumvention device against the GPL3".

Circumventing?

[11223]

I may be confused, but isn't this actually a way of complying with the GPL3? Using a hypervisor allows users to upgrade the kernel of their device without running into the (theoretical) security problems that companies who lock down their devices are afraid of.

Re:This FUD makes no sense.

[Ian+Alexander]

They want it because the price is unbeatable. It's just that it has an annoying license that they have to work around, in order to be able to sufficiently hamstring their users.

See, that's never made much sense to me. Why don't they just pick up a gratis operating system with a more permissive license, like one of the BSD's, and stop worrying about tivoizing GPL'ed code?

Or are they actually just evil and want to lock down GPL'ed code because it fills their weekly evil quota or something?