Hypervisors Can Defeat GPLv3's Anti-Tivoization

DeviceGuru writes "A hypervisor can be used to isolate from each other software works released under incompatible licenses, while allowing them to run simultaneously on the same hardware. For example, Linux and Windows CE can run on separate virtual machines on one device, without violating either OS's license. Due to the isolation between multiple VMs running atop a hypervisor, it seems like this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses." Here's a white paper with more details from a commercial hypervisor company.

Can it really?

[realdodgeman]

GPLv3 states that you have to be able to use modified versions of the code on consumer devices. How can you circumvent that? Even if it runs in a hypervisor, you are still violating the license.

Re:Bogus!

[Orange Crush]

I get the same impression. If TIVO for instance wishes to use the method to satisfy both their (eventual) GPLv3 obligations *and* content-owner obligations at the same time, then I don't see it violating either the letter or the spirit of GPLv3. An end-user is free to modify the Linux client as they see fit, or to replace the hypervisor alltogether with a bare-metal Linux installation.

Re:Bogus!

[mmacdona86]

Note that the hypervisor doesn't prevent you from updating the GPL code (the Linux kernel, for example)--
it just prevents you from getting extra access to the machine by updating the code. Thus it allows "tivoization" without violating the letter (or arguably the spirit) of GPL v3. The GPL code you can hack and modify to your heart's content; the hypervisor just makes sure that said hacking doesn't compromise the machine.

Don't you love it when

[Rosco P. Coltrane]

Legalese dictates engineering choices?

Do they really think software these days isn't slow and bloated enough without the additional burden of context-switching, just to circumvent the licensing problems?

I equally despise Microsoft and RMS these days...

Re:Bogus!

[Anonymous Coward]

I haven't read TFA, but my inclination is to think the exact opposite: sure you'll be able to modify your GPLv3 operating system. Modify it all you want. Because it won't do you any good.

The actual media handling will be handled by another parallel OS which you can't touch. All the Linux part will handle is the user interface. You'll have a /dev/mediacmd device that can issue commands like "Stop" and "Play" and maybe "Record." And that's all. The GPL side will never be able to access the actual stream data, or display its own.

Going the other way...

[JeremyGNJ]

Seems like the whole GPL 3 thing is "going the other way" if you step back and look at it.

It used to be that the restrictions on proprietary code caused people to want other options, and jump through hoops to get around the restrictions.

Now people will be doing the same to deal with the restrictions of GPL 3.

Seems that the "spirit" of open software is being compromised by people trying to nail it down in legal terms.

This FUD makes no sense.

[twitter]

Zoppis then outlines a typical use case, sketching out a device that streams proprietary video. Linux provides the UI, networking, and so on, but handles only scrambled video data, handing it off to a proprietary, closed video playback executive via a chunk of shared memory. "The bootstrap sequence checks the integrity of the hypervisor," Zoppis writes, "but not the GPL VM code," enabling users to freely modify the Linux environment.

I'm not sure how this is different from including any other non free junk along with your distribution or what this has to do with GPL3. If the distributor takes GPL3 code and turns it into non free or tivos it, GPL3 kicks in and the distributor loses the right to distribute. If the distributor makes some kind of non free thing of their own, so what? The mechanism should make no difference, the GPL only covers distribution. Who cares if they use a hypervisor or TPM to launch WinCE or a Vax emulator? As long as they don't make someone else's softare non free, no one should care.

Because that makes no sense, let's look further at the other article linked:

[tons of FUD about GPL3's problems and bogus claims of vendors not living up to GPL2, I should stop reading this massive troll but ... finally a money quote] The strong isolation provided by the hypervisor, coupled with the fact that access to the system's peripherals is restricted on a VM-by-VM basis, ensures that a hacked Linux operating system can not be granted greater rights than it had when it was delivered by the device manufacturer. Therefore it enables decrypted content, encryption/decryption keys, and sensitive devices to be protected from illegal attacks. ... The use of a hypervisor can assist device vendors with GPL license compliance, both v2 and v3. It also allows vendors to maintain strong control over their other software components, and ensure that a modified version of GPL software cannot be used to gain access to their sensitive devices or data, or to modify the fundamental behavior of the system.

"illegal attacks"? What kind of new DRM snake oil am I looking at here? I'd laugh this off if it were not supposedly from some guy at Sun.

The bottom line is that they have tied the software up in hardware and TPM knots. At this rate, I'm not sure what they want GPL'd software for. If they are going to buy a hypervisor and a media player why not buy a non free OS from the get go and spare themselves the trouble and obligations that cut against their anti-social nature? Either way they go, people are going to find a way to get hold of their precious data and devices.

Re:Bogus!

[goldspider]

One technically restricts usage. The other does so legally. I think it's a good analogy, as they both attempt to do the same thing, just by a different means.

Re:Bogus!

[shaitand]

'The question is, does this new system violate the leter or the spirit of GPL3? (I'm asking honestly here--I can't quite wrap my head around it.)'

It depends on how broadly you interpret the spirit of the GPL. Under this scheme you'd run Linux in a VM. Therefore, you could modify the GPL'd code and update it in the VM. Now, if you believe that is the whole of the SPIRIT of the GPL then there is no problem.

However, this is being done for the sole purpose of bypassing a clause in the GPLv3 that would require the manufacturer to essentially open the specifications of the device. The primary reason manufacturers don't want you to have the specs is that they like to take a device and disable functions in software then sell the exact same device at a higher price without the artificial limitations. If they provide the specs then 'modified' firmware that turns on all the device functions will appear, like that for Tivo, Linksys devices, etc.

I personally believe the idea behind the free software movement and the GPL is about more than just opening source. I believe that opening the source is just a mechanism for achieving a higher aim that empowers the user to be able to fully control their own system (provided they have the skill and abilities to do so). Whether it be a playstation, an xbox, a tivo, a wireless router, a cablebox, a general purpose computer, or a fancy wristwatch; a computer is a computer is a computer and the GPL was just a tool created by a group aiming to create a fully open system that empowered to program and control their own computer. After all, it isn't Sony's playstation, Microsoft's XBox, or Linksys's router; when you bought it, they lost all right to any say in how that device is used or modified.

An attempt at an explanation

[bitspotter]

Start with two machines: a "Tivo" with proprietary firmware, connected via LAN to a PC with a Trusted Computing TPM and a GPLv3 OS image signed by the "Tivo"'s vendor.

The OS can be altered and recompiled on the PC at will, staying well within the provisions of the hardware/software definitions as used in the GPLv3 license.

But when streaming video from the PC to the Tivo, remote attestation is used to verify the signature of the OS image booted on the PC. If the bootstrap signature is not provided, or doesn't match, the Tivo refuses to play the provided stream.

Got it? Good. Now all you need to do is re-imagine the PC in this model as a virtual machine run inside the Tivo itself, and you get the idea.

There might be a problem with this end-run, however. It all depends on whether the GPLv3 has to say specifically about what functionality is locked out without a bootstrap signature from the VM. If there's some language about insuring "complete", "full", or "all" functionality to modified versions, then it may not matter whether there's a hypervisor in the way or not (although the original network example I gave above is still legit).

I'm intersted to hear what the lawyers have to say.

Re:This FUD makes no sense.

[runderwo]

At this rate, I'm not sure what they want GPL'd software for

They want it because the price is unbeatable.

It's just that it has an annoying license that they have to work around, in order to be able to sufficiently hamstring their users.

Re:Bogus!

[everphilski]

No stake whatsoever, except opposing anti-tivoization and GPLv3. I still don't believe 'freedom' can be obtained by imposing restrictions in a software license. If you want free, make it free!

Check and mate, general-purpose personal computer!". Well, I guess you will still be able to import one from China, provided you won't get caught.

Homebrew it. Engineers shall rule the world :) They did it 20 years ago, why not today? Plenty of people build their own (amateur) radios, many from scratch and approaching the complexity of a modern computer. It might bring about a new renaissance ... go with the flow man, RMS is no Jesus, and the FSF is no means of salvation. They have their own ambitions and agendas, just like any other organization.

Re:Bogus!

[secolactico]

They may very well just stick with their current kernel. This is actually what I see happening, a lot of the world will be stuck on old GPL v2 modules, while some will choose to make "clean room" implementations of GPL v3 code and release it under v2

Or maybe they will simply port their apps to BSD and use that on the tivo boxes. Or maybe they will license some other OS that will allow them to keep everything closed source.

Or do they have a specific reason for sticking with Linux?

The dumbest topic on /.

[7-Vodka]

I am amazed that the ratio of junk idiotic posts vs. informed posts in this discussion is astronomical.

1. GPL3 is not designed to stop encryption of data (DRM - Digital Restrictions Management).
2. GPL3 is designed to stop preventing a user of GPL3 software from using it to the full extent (right to modify and still use the device).
3. What this white paper proposes is a way to implement DRM and comply with the GPL3.

So where's the beef?
The GPL3 doesn't stop DRM. Woot stop the presses! I could have told you that months ago during the drafting process because it's not designed to stop DRM.

It's ours.

[Anonymous Coward]

I see a lot of comments, but not one about how the inherent problem that is the company trying to control what we can or cannot do with our own hardware that we purchase.

THAT is the problem. If I purchase it, it's my hardware and I'll do whatever the fuck I want with it.

There should just be a no bullshit fine print statement in the GPL that states, "any hardware running any GPL'd version of software needs to be 100% unrestricted, same goes for any other software running on that."

I'm sick of this stupid legal babble. "Oh TECHNICALLY we can do this" - kiss my ass.