On Thu 14 Jun 2007 13:46, Alexandre Oliva pondered:
> On Jun 14, 2007, Robin Getz <[email protected]> wrote:
> > As a person pretty familiar with the hardware in these types of
> > devices - this just isn't practical.
>
> Well, then, ok: do all that loader and hardware signature-checking
> dancing, sign the image, store it in the machine, and throw the
> signing key away. This should be good for the highly-regulated areas
> you're talking about. And then, since you can no longer modify the
> program, you don't have to let the user do that any more. Problem
> solved.
I don't think so - the GPL3 doesn't state that you must convey the same rights
to end users that you have, it says you must provide installation
information, including your keys, or you can not ship the product.
That is the way I read the following sections (let me know if I mis-read
anything):
======================
"Installation Information" for a User Product means any methods, procedures,
authorization keys, or other information required to install and execute
modified versions of a covered work in that User Product from a modified
version of its Corresponding Source.
The information must suffice to ensure that the continued functioning of the
modified object code is in no case prevented or interfered with solely
because modification has been made.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not excuse
you from the conditions of this License.
If you cannot convey the Program, or other covered work, so as to satisfy
simultaneously your obligations under this License and any other pertinent
obligations, then as a consequence you may not convey it at all.
===================
I read "are imposed on you (or otherwise)" to mean "by you" as well. If so,
you throwing away the private keys are not an option.
I need to think a bit more of Rob's opinion of ROM's are illegal - but
providing the installation information of "send $1M NRE and object code to
xxx ROM vendor, and wait 16 weeks for 500k units, take one to a board shop,
pay $1k for them to re-work your BGA - if the xray says it is screwed up, you
have 499,999 other units to try." - may meet the language, but doesn't meet
the spirit of the GPL either...
-Robin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]