From Wikipedia, the free encyclopedia

Jump to: navigation, search

Tivoization is the creation of a system that incorporates software under the terms of a copyleft software license, but uses hardware to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term and believes this practice denies users some of the freedom that the GNU General Public License (GNU GPL) was designed to protect.[1] The term came about in reference to TiVo's use of GNU GPL licensed software on the TiVo brand digital video recorders (DVR).


[edit] 2006, early 2007 debate

TiVo's software incorporates the Linux kernel and GNU software, both of which are licensed under version 2 of the GNU General Public License (GPLv2). GPLv2 requires distributors to make the corresponding source code available to each person who receives the software. The goal of this requirement is to allow users of GPL'd software to modify the software to better suit their purposes.[2]

However, Stallman believes TiVo circumvented this goal by making their products run programs only if the program's digital signature matches those authorized by the manufacturer of the TiVo.[3] So while TiVo has complied with the GPL v2 requirement to release the source code for others to modify, any modified software will not run on TiVo's hardware.

On the other hand, Linus Torvalds, the author of the Linux kernel, has argued that it is appropriate for TiVo to use digital signatures to limit what software may run on the systems that they sell. Torvalds has stated that he believes the use of private digital signatures on software is a beneficial security tool. Torvalds also believes that software licenses should attempt to control only software, not the hardware on which it runs. So, as long as one has access to the software, and can modify it to run on some other hardware, Torvalds believes there is nothing unethical about using digital signatures to prevent running modified copies of Linux.[4] Other Linux developers, including Alan Cox,[5] have expressed divergent opinions.

Stallman and the Free Software Foundation have attempted to respond to some of these concerns. They have stated that their goal is for GPLv3 to allow private digital signatures for security purposes, but to still prevent Tivoization.

[edit] GPLv3

As a result, one of the goals of GPL Version 3 is to prevent "Tivoization". According to Eben Moglen, "the licence should prohibit technical means of evasion of its rules, with the same clarity that it prohibits legal evasion of its rules."[6]

Draft 2 of GPLv3 attempted to clarify this.[7] However, ten Linux kernel developers were still concerned that draft 2 GPLv3 may still prohibit beneficial uses of digital signatures.[8]

In the third and fourth discussion drafts of GPLv3, released March 28, 2007 and May 31, 2007 respectively, the anti-tivoization clause was limited so as not to apply when the software is distributed to a business.[9] Thus, medical devices and voting machines would not be covered. Linus Torvalds has said he is "pretty pleased" with the new draft and its stance on DRM.[10]

The final, official GPLv3 was published on June 29, 2007 with no major changes in respect to tivoization relative to the fourth draft. Mr. Torvalds declined to license the Linux kernel under GPLv3, though, and some other projects widely used in Tivoized embedded systems, such as Busybox, have also declined to move to GPLv3.

[Stallman] calls it "tivoization", but that's a word he has made up, and a term I find offensive, so I don't choose to use it. It's offensive because Tivo never did anything wrong, and the FSF even acknowledged that. The fact that they do their hardware and have some DRM issues with the content producers and thus want to protect the integrity of that hardware.

The kernel license covers the *kernel*. It does not cover boot loaders and hardware, and as far as I'm concerned, people who make their own hardware can design them any which way they want. Whether that means "booting only a specific kernel" or "sharks with lasers", I don't care.

—Linus Torvalds[11]

[edit] One Laptop Per Child

The One Laptop per Child XO laptop is shipped Tivoized; it will only boot from software signed by a private crypto key known only to the OLPC nonprofit. However, the laptop and the nonprofit provide a complicated way to disable the tivoization, by requesting a "developer key" unique to your laptop over the Internet, waiting a few days to receive it, installing it, and then running a firmware command, "disable-security". The stated goal is to deter mass theft of laptops from children or via distribution channels, by making the laptops refuse to boot, making it hard to reprogram them so they will boot, and delaying the issuance of developer keys to allow time to check whether a key-requesting laptop had been stolen.

[edit] References

[edit] External links

Personal tools