zero0w Posted April 24, 2003 Report Share Posted April 24, 2003 As some of you may have followed the discussion on TCPA or Palladium architecture and their implications, like this article in Linux Magazine, well now the call is made, by Linus Torvald, the chief hacker behind the Linux kernel, who has openly expressed his opinion of making DRM (Digital Rights Management) to work with Linux in the form of kernel certification, the GPL issue, and again of binary kernel modification. Linus Torvalds: ''DRM is Perfectly OK with Linux'' Flame Linus to crisp http://lkml.org/archive/2003/4/23/365/ According to Linus interpretation, he believes DRM signature or externally installed private key (eg. in the form of binary kernel module) would not violate the GPL license as 'derived work'. In one of his reply on the kernel mailing list, he has suggested the issue of the whole DRM thing is who can get to sign the DRM key and signature. Eg. Who signs a particular version of kernel to allow it to become runnable on a particularly DRM enabled hardware? Again according to his interpretation, if the user (_not_ a system vendor) can decide to sign his own system, he can keep other people from hacking his system (or the kernel part, more appropriately) by disallowing, for eg., booting from a third-party Linux boot CD because the DRM-enabled system (eg. BIOS) won't allow uncertified kernel to boot at all. This, of course, is only true when the user can get to set what kind of signature key he can input into the BIOS _and_ modify his own kernel - but then to access certain media content or secured web site he will need to input another key and modify with another kernel module which contains that encryted key. This may sound confusing, but literally, the embedded device like TiVO or many other Digital media set-top box which runs on Linux may want to use this signing feature first so that users would not be able to modify the system to intercept the video stream on those pay-per-view home video service, etc. I do not know what to think about this. But I don't think Richard Stallman would in any way possible to keep quiet on this issue. This might not stop P2P traffic but would definitely helps to track down which machines are involved in the P2P activity since your system ID/kernel signature could be embedded in the packet sending out in the network if you would need to access authorized content in anyway. Well, the future falls upon us, but for Linus to announce its coming it seems to be somewhat surprising. This should not prevent kernel hacking at all, but expect to lose your access to some secured websites or service if you want to do some kernel hacking. Literally, it will also be the hardware system vendors who will decide whether they will allow you to change your DRM keys and signature in the hardware level. We'll just need to see if the Congress will say 'go' on this one. :| Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted April 25, 2003 Report Share Posted April 25, 2003 I also think DRM is not a bad thing, as long as it is a security feature that is controled by the owner of the hardware, not by third-parties. The given example is good: you own a PC, and you want to make sure nobody can crack it. Giving users extra security is good. Taking security out of their hands is bad. Yves. Quote Link to comment Share on other sites More sharing options...
Michel Posted April 26, 2003 Report Share Posted April 26, 2003 let me see if I have understood it: Your computer will have a chip that contains some keys....Any application that isn't signed with a key or isn't one of that key, will be rejected..(it can also be that the keys are a kind of blacklist and idf the key of the program is the same as one of the keys in the chip, it will be rejected(so, the other way around). Where do you get these keys??? On some kind of server online.... Who will say wich keys should be allowed? I can't imagine that those servers are hosted(securtiy,...) for free..so everyone who ones to put a key on it will have to pay I suppose.... Oh yes,....If the program is accepted there is also info about how much you can do with the program...,document..... What I don't get: The chip would also control documents(on wich computers they can be viewed,....). The document is signed with a certain key..So, does every person needs to have a key??Because, say I want to send my document to another person, the computer of that person needs to accept the document...) Now, the discussion is also about that you can set the keys for yourself..Doesn't seems a wise thing to me,because then you could still say to your computer that you want to run a program that is signed with a certain key, while it can be a pirated program...This way the protection wouldn't help against pirating of music, programs,... I've supplied also another link to some notes about this... http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html It wouldn't help against virusses I think... Say I want to read a certain pdf-file....I'v read about some virusses that are pdf-files.... This brings me to the following...Does everything on teh internet has to be certified..because you also have harmfull javacode,...I suppose... What about all my old files? I won't be able to run them I suppose, bevaus ethey aren't signed.....Yes you can disbale it, but will this also be in the future?? Soem last remarks...This is a really nice way of controling information...Say there is some file(some real prove) and a certain organization doesn't want it to become public...What to do..Well make it yourself easy. Publish the key of teh doc on the blacklist of the servers..so every computer that has DRM enabled will not accept it. Well, you way..who would do that???Well, in the war against Iraq, both parties only say what they want people to hear :). I find the idea very good, but if just everyone would use pgp-siging and pgp-encryption I think everything would be safer....So, let evry user choose an own pgp-key..but that would be bad, because you wouldn't control the info so good ..... Is it also that with DRM, for example certain companies could access your computers and update software?? I don't see what this has to do with DRM? any comments on this please/explanation? So, to come to an end:)...let's say everything shortley: -DRM let's you specify how programs,.docs are used.. DRM specifies wich programs, docs may be used... (if I'm right: -DRM is controlled by servers..other people then you...) ->So, you loose "some" control of your computer. Positive things about it???? note: why wouldn't anyone (who has the money for it..criminal organizations), change the code of linux or another opensource system to simulate thje presence of such a chip and control the keys....themselves... Quote Link to comment Share on other sites More sharing options...
Pzatch Posted April 26, 2003 Report Share Posted April 26, 2003 I my opinion this could be a good thing. Depending on how its implemented. If you could turn it off then yes its a good thing. If it was a switch in the bios then great. Lets say your running a server or any publicly accessed computer. Turn it on so no NEW code can be run. So even if your system is hacked it can't be used to run something you don't already have in the system. And since its in the bios then it can't be changed without having hands on access and a password to the computer. You have to be able to turn it off though. Otherwise how do you ever get anything you've writen or loaded to run? Basicly it can be just one more lock on your system. The approval proccess should be wholly yours not someone else's from a list you have no control over. Basicly, if its on, whats on your system when its booted is all that will run on it untill you turn it off to add or change anything. Open ports and bad code will always be a problem though. But fixing that has always been your problem anyway. Quote Link to comment Share on other sites More sharing options...
Michel Posted April 26, 2003 Report Share Posted April 26, 2003 Ok, like you say it, no problems..then it is extar security. I suppose you meant that the keys are set through the bios, so you can only change tjhem locally....That's nice, but normal users don't want to be bothered with the bios..so I suppose it should be able to set the keys through the OS(except if they cannot be set by the users, then the chip can handle (mostley) everything I suppose)...Thsi brings extra securityrisks with it, although it still is an extra securitymeasure. So, I suppose it should be possible (as an option in your bios) to say if the OS should be able to set the keys...I can do the same thing for apm-management on my motherboard. For servers (or people who want to do this), can say they don't want to let the OS set keys... (Ofcourse if the mechanism to set the keys through the OS is safe, there are no extra security risks I SUPPOSE then, blahblahblah....:)) Another problem is that this system was originally created for protection against musiccopying, so if you can set all your keys locally...it wouldn't really help...., but I hope it will be implemented in linux like you say, because it is a great security enhancement then I suppose......... Quote Link to comment Share on other sites More sharing options...
Pzatch Posted April 27, 2003 Report Share Posted April 27, 2003 Since the hardware and the law can only enforced inside the U.S. then I guess I'll just have to buy MORE stuff over the internet or goto Mexico or Canada. Just like with cars. You can sell me one but you can't make me drive the speed limit. The hardware will not sell, it can't be sold. You can't sell me a car then make me drive the speed limit by putting a governor on it. I'll pull it off. A good rule of thumb is. Don't give an order (or pass a law) you know can't or won't be followed. It only erodes your authority. As soon as a typical user tries to run that new program they just paid for and then they find out they can't run it. They will find out all they ever needed to or wanted to know about the bios and how to turn its security off. You can never have the keys set by the OS because then its not really a security feature now is it? Just how long will it take for the OS to be hacked if it controles the keys? Days,weeks,months? Quote Link to comment Share on other sites More sharing options...
Guest JaseP Posted April 28, 2003 Report Share Posted April 28, 2003 If the USA mandates something in hardware, you can bet that hardware manufactures worldwide are going to adopt it. Otherwise, they would be counting out the US market for that particular device. As for Linus saying that DRM is ok w/ Linux, I think this is a good PR move. He doesn't want DRM to become a hot-button for this OS, giving the marketing people at M$ or SUN to say something deragatory regarding Linux. The bottom line is that DRM is going to alienate some people, and is going to be embraced by some corporate types. It will be a good thing for Linux to be able to support it or NOT support it, whatever the user decides. Quote Link to comment Share on other sites More sharing options...
Michel Posted April 28, 2003 Report Share Posted April 28, 2003 Why wouldn't it be possible to implement it for linux sop that the user has control over it.....??? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.