Werner Almesberger <wa@almesberger.net> writes:
> Daniel Phillips wrote:
> > Open source + Linux + DRM could be used to solve the Quake client-side
> > cheating problem:
>
> Yes, but in return you'd be excluded from playing Quake unless
> you're running one of those signed kernels or modules.
In this context, the only thing I know has been openly discussed
is to have a BIOS that includes a public key of my choosing for
authentication.
> So, if I, say, want to test some TCP fix, new VM feature, file
> system improvement, etc., none of the applications that rely on
> DRM would work. This doesn't only affect developers, but also
> their potential testers.
Not so because in a general purpose system the owners of the
system control the keys.
> Given that most users will just run a distribution's kernel, with
> all the right signatures, companies will not perceive the few
> cases in which their use of DRM causes problems as very important,
> so they will use DRM.
Redhat's kernel is unlikely to get my signature. Possibly
at some point there will be a web of trust where that will work
but in the first approximation distributors kernels will not
load until I sign them.
> Oh, maybe some developers could be granted the privilege of being
> able to sign their own kernels or modules. So if you're part of
> this circle, you'd be fine, right ? No, even this doesn't work,
> because if you'd leak such a key, you'd certainly get sued for
> damages. And I don't think many people would feel overly pleased
> with the idea of being responsible for the safekeeping of the key
> to a multi-million lawsuit. (And besides, this may turn them into
> targets for key theft/robbery/extortion.)
>
> (There are of course uses of such signatures that would not have
> those problems. E.g. signatures that prove trustworthiness to the
> local user, instead of a remote party.)
Yes. And there has been some limited discussion on LinuxBIOS list
about implementing these.
Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Apr 30 2003 - 22:00:20 EST