[cryptography] Complying with GPL V3 (Tivoization)

Thierry Moreau thierry.moreau at connotech.com
Mon Jan 9 14:52:54 EST 2012


Jeffrey Walton wrote:
> Hi All,
> 
> I was reading on CyanogenMod (a custom ROM project for Android) and
> "The story behind the mysterious CyanogenMod update"
> (http://lwn.net/Articles/448134/).
> 
> Interestingly, it seems some privaye keys were circulated to comply
> with GPL V3 with some nasty side effects (could anything else be
> expected?). Some interesting points were brought up, including how to
> comply with GPL V3.
> 
> Is anyone aware of papers on integrity/signature schemes or protocols
> tailored for GPL V3? Or does this reduce to (1) allow the
> hardware/firmware to load additional [trusted] public keys; or (2)
> provide the private key for the hardware?
> 
> Jeff
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
> 

The high-level picture would be as follows:

[A] The GPL V3 philosophy excludes software intended to run on 
proprietary hardware.

[B] The custom ROM software version distributed under GPL V3 has to 
distribute a private key such that it is not tied to proprietary 
hardware. Consequently, accepting the software license terms includes 
the implicit limitation of an explicitly-breached signature key.

[C] However, the GPL philosophy allows closed or proprietary 
modifications *within*an*organization*, so the IT department could use 
its own private key applicable to the internally distributed hardware. 
It may well be unworkable in practice because all software components 
might need the IT department blessing/signature, but who demonstrated 
that code signing was workable at all at the institutional level?

[D] The GPL V3 compliance would forbid any transfer of such 
gplv3-turned-proprietary ROM-based equipment outside of the organization 
(one would put back the original ROM version as part of IT equipment 
sanitization before disposal).

I guess multiple keys or other schemes can only be attempts to obfuscate 
the fact that one breaches either the software integrity mechanism or 
the relevant GPL rule: you may not re-distribute without allowing 
modifications.

Overall, [C] is perhaps the essential vision of trusted computing where 
some hardware comes bound to a central authority responsible for 
software integrity. I never understood why the central authority had to 
be the hardware vendor who also sells to influential governments.

Regards,

-- 
- Thierry Moreau




More information about the cryptography mailing list