Re: [RFC v3][PATCH 2/2] intel_txt: Intel(R) TXT and tboot kernelsupport

From: Theodore Tso
Date: Mon May 25 2009 - 22:31:36 EST

Next message: Andrew Morton: "Re: [PATCH 1/3] kernel.h: Add DO_ONCE statement expression macro"
Previous message: Ming Lei: "Re: 2.a.30-rc7: fat filesystem misdetected as amiga"
In reply to: Pavel Machek: "Re: [RFC v3][PATCH 2/2] intel_txt: Intel(R) TXT and tboot kernelsupport"
Next in thread: Pavel Machek: "Re: [RFC v3][PATCH 2/2] intel_txt: Intel(R) TXT and tboot kernelsupport"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 25, 2009 at 08:14:36PM -0400, Richard M Stallman wrote:
> Linus says he hates drm but does not want to stop it through legal
> means, because its impossible.
>
> It is quite possible to block use of DRM in Linux. All they need to
> do is move to GPLv3. Eben Moglen worked out for them how they could
> do this if they want to.

Actually, moving Linux to GPLv3 would do absolutely nothing to stop
DRM as implemented by the LaGrande/TXT technology. That's because
what is actually running inside the trusted execution environment
doesn't have to be GPL'ed code at all. It doesn't even really need to
be an OS, since it relies on Linux to effectively be a sophisticated
bootloader and networking stack and windowing manager for it.

This is one of the reasons why I've always personally thought it was a
very bad idea to try to stop DRM via copyright licenses such as the
GPLv3; you might be able to prevent one which requires a "trusted
kernel", via the GPLv3's "anti-TIVO clause". However, the
LaGrande/TXT doesn't require a trusted kernel. You can modify the
kernel all you want. However, if the kernel tries tampering with the
trusted image which TXT provides, it will be detected and the trusted
boot operation will fail --- but the code which does the digital
signature check and the code running in the tboot environment isn't
GPL'ed code at all, and part of the enforcement is done in hardware.

Consider the situation where the DRM'ed code was running as part of
Windows Vista, and so a Linux user downloaded code which ran the
DRM'ed application under Windows Vista under KVM in an virtual
environment. It's obvious that whether Linux is licensed under GPLv2
or GPLv3 would make no difference in prohibited the DRM'ed code to be
run in VM, right? TXT is basically this, except that (a) the hardware
provides strong protection against tampering once the trusted
environment is established, and (b) there are well defined interfaces
for thet trusted enviroment use the filesystem, device drivers, and
networking stack of the host OS to do its I/O (with everything stored
in the filesystem, or fetched over the network, protected via either
encryption or digital signatures, or both).

GPLv3 simply won't help address the DRM issue in this situation ---
just as the GPLv3 won't prevent the next Bernie Madoff from using
GPL'ed software to run a Ponzi scheme. Sometimes, you can't use
copyright licenses to prevent people from doing evil things with the
software that we write and maintain. That doesn't excuse the bad use
cases; just that copyright licenses isn't the right tool to use to
prevent these situations from happening.

- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH 1/3] kernel.h: Add DO_ONCE statement expression macro"
Previous message: Ming Lei: "Re: 2.a.30-rc7: fat filesystem misdetected as amiga"
In reply to: Pavel Machek: "Re: [RFC v3][PATCH 2/2] intel_txt: Intel(R) TXT and tboot kernelsupport"
Next in thread: Pavel Machek: "Re: [RFC v3][PATCH 2/2] intel_txt: Intel(R) TXT and tboot kernelsupport"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]