Friday, February 03, 2006

Linus on GPL v3

It would be good if more people took the trouble to understand what DRM and 'trusted computing' can and cannot do.

First the term 'trusted computing' is a misnomer, almost all computers in use today are 'trusted'. The question is whether they will be trustworthy.

The point of trustworthy computing is to be able to be sure that a computer is running the software that we think it is. This is no small matter when computers are as complex as they are.

Today security arguments invariably tail off into an infinite regress of 'well what if someone had modified the browser code', 'what if someone had modified the operating system' and so on. Its an induction without a base case. Trustworthy computing provides the base case, that is all.

Contrary to speculation it will still be possible to buy a computer and run whatever operating system you like on it. One way to build a trustworthy computer system would be to build trust into the bootstrap system, so that the O/S will only boot if the O/S image has a valid signature. This would allow a hardware vendor to lock out non-approved operating systems by refusing to sign them. That is the obvious way but it is not how Microsoft's Palladium works.

A trusted boot scheme would be nice in principle but implementing it in practice would be very hard and the scheme would be compromised by the first unsigned device driver loaded onto the system. There has to be at least one system that can run unsigned device drivers or there would be nothing to develop new device drivers on.

Instead the Palladium nexus is a piece of code that runs in parallel with the O/S. The only thing that is special about the nexus is that a particular version of the nexus (and only that version) has access to a small amount of encrypted data stored in a cryptochip hanging off the low pin count bus. Most of the code in the nexus appears to be there to manage the scheme for upgrading from one version of the nexus to another.

I have seen several presentations on Palladium (aka next generation secure computing base). Each time we have been told that the code for the nexus will be available for open public examination. This means that people will be able to see that there are no trapdoors and will also allow equivalent technologies to be developed for Linux.

The other big fear about trustworthy computing is that it will be used as the ultimate copyright enforcement mechanism. I don't think this is as much of a problem as people think.

In principle strong DRM systems could be used to stop people copying the latest Disney movie and thus allow Disney to effectively enforce its copyright long after it has expired. In practice this is no easier on a computer than it is on a DVD player. copyright enforcement is break once run anywhere. Trusted hardware is not uncrackable hardware. As soon as production samples are available there will be people opening up the chips and reading out the keys using electron microscopes and such. Hardware that is resistant to that type of tampering costs far more than people expect to pay for their PC.

If you want to keep a secret you have to restrict circulation of the information to a small circle. If a hundred people have the ability to decrypt a spreadsheet it is quite practical to prevent distribution beyond that point. If a million have the ability to watch a film a break in the dam somewhere is inevitable.

No comments: