Hypervisors Can Defeat GPLv3's Anti-Tivoization 377
DeviceGuru writes "A hypervisor can be used to isolate from each other software works released under incompatible licenses, while allowing them to run simultaneously on the same hardware. For example, Linux and Windows CE can run on separate virtual machines on one device, without violating either OS's license. Due to the isolation between multiple VMs running atop a hypervisor, it seems like this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses." Here's a white paper with more details from a commercial hypervisor company.
No, they can't. (Score:4, Informative)
Re:Backfire in responce. (Score:5, Informative)
The GPLv3's anti-tivoization clause is true to the GPL's goal. When putting software under the GPL license, one accepts that it might not get as much use as BSD-licensed (or, as an intermediate, GPLv2-licensed) software, and that's the price for the code itself remaining free.
Tivoization (n) (Score:4, Informative)
(from the whitepaper link)
"Device vendors are also required to provide access to the source code of the GPL programs (see PLv2 ï½3, GPLv3 ï½6), including "the scripts used to control compilation and installation of the executable" [Footnotes 4, 6]. However, the GPLv2 does not require that installed executables must work, which enables a mechanism the Free Software Foundation calls "Tivoization."
"Tivoization," according to LinuxInfo.org, "refers to the configuring (by the manufacturer or vendor) of a digital electronic product that uses free software, so that the product will operate only with a specific version of such software." Technically, this means that a vendor of a product that uses GPL v2 programs could provide access to the source code, thus being compliant with the software license, but the product would be prevented from working if a modified version is installed, through the checking of the software image's signature."
Re:Tivoization (n) (Score:3, Informative)
Not quite. It means a vendor doing that and allowing itself the ability to update and change the software while at the same time preventing the user from doing the same. If the vendor simply made it impossible to change the software, for either the user or the vendor, then that'd be acceptable under the GPL. The GPLv3 is explicit about this: it's not a violation to put the software in ROM or the like that can't be changed, but if the software can be changed then the recipient must be able to change it. TiVo's issue is that they want the right to change GPL'd software themselves but not permit the people they distribute it to to do what TiVo does.
Re:Can it really? (Score:2, Informative)
This can't be achieved when the kernel is running on the bare metal. Any trusted code in the kernel (which must have source code) can be hacked. But the hypervisor can be proprietary and provide trusted verification to the proprietary code. This is the Trusted Computing model. The GPLv3 requires that the GPLv3 code be able to work so there is no locking down the system to only run signed binaries. But it doesn't, and can't, require that other proprietary code work.
Re:Then the Installation Information is insufficie (Score:3, Informative)
Re:Bogus! (Score:5, Informative)
Bull.
The GPL does not restrict usage. It restricts distribution - and in a manner completely opposite to DRM.
Re:Circumventing? (Score:3, Informative)
The single and only purpose of the anti-tivoizaton clause is to allow every user to modify any GPLv3 software they receive and then actually use their modification. It isn't intended to do anything else. Anti-DRM text was considered for GPLv3 and later dropped.
Re:So what's the point? (Score:3, Informative)
...So what?
Once again, I don't think it defeats the purpose here, which is to prevent them from distributing a GPL'd binary in such a way that I can't upload my own, nearly-identical GPL'd binary and expect it to work.
To be GPLv3 compliant, I expect they'd have to have that channel exist, and provide exactly the same data to the GPL'd program, no matter what code is actually running inside that program. In other words, the API should be consistent/modular -- if I call 'get_chunk_of_data_from_channel(3, *buffer)' from within any program running on that system, I should get the same result, no matter what the program.
You're not allowed to take a checksum of the running program, and use that as a basis for deciding if I get static or not. However, if you really want to deliver static to everyone, including your own GPL'd software, go right ahead.
That is true. It also means they gain less by using GPL'd code -- they now can't use it to handle IO, which Linux is very good at. They also can't use GPL'd decoders, meaning they have to license a proprietary one. And they can't use a GPL'd network stack, they need a BSD one.
Eventually, it means that they can only use GPL'd code for the UI; they have to implement the equivalent of a kernel underneath it. At this point, I don't think there's really any point to doing the hypervisor -- just do some BSD-derived kernel and run your GPL code under that.
Re:Bogus! (Score:3, Informative)
Um, no, you just fell for MS's propaganda. First of all, more than 80% of software is written for other purposes than shrink-wrapped sale. People who write this stuff have less need for restrictive licenses in any case.
Second, it may be hard to live off free software right now, in a proprietary software world. I have no doubt whatsoever that it would work just as well or better in a free software world. Sure it would be different, but it would work. YMMV
Third, not that many people work in the software industry, and those who don't do not generally have big stakes in software property.
agreeing with RMS and agreeing with the freedom to do whatever you want with your computer are NOT the same thing
In the tivoization question, it is.