Pete Chown wrote quoting Ross:
You need a valid signature on the binary, plus a cert to use the TCPA PKI. That will cost you money (if not at first, then eventually).
I think it would be a breach of the GPL to stop people redistributing the signature: "You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License."
The application or OS vendor can in confidence distribute not just the code, but also the also the signature and cert. In fact, the application vendor can distribute absolutely everything they have access to themselves and you still won't be able to run the application in trusted mode. The cert that enables an application to run in trusted mode is tied to a specific TPM and therefore to a specific motherboard. For this cert to work on another motherboard without a new and different cert, the software vendor would need to extract the 2048-bit secret RSA key [1] from their own motherboard's TPM, make the secret key available for download, followed by the customer importing the key into their own TPM. The TPM, for obvious reasons, offers no facilities to export or import the TPM's internal keys. The GPL cannot possibly require a software author to distribute a hardware crack with their software or be in violation of the GPL. Distributing a crack for TPM's is distributing an infringement device and as such is illegal under US law. Even if the GPL were to be modified to mandate what is technically near impossible to a software vendor to achieve, even this layperson knows that contracts that require illegal acts are unenforceable. Note that I am not referring to acts that might be illegal in the future under the Hollings bill. Doing the above is illegal today. The GPL might be modified to require that the application vendor do whatever is necessary for a user to utilize an application in the way the user deems fit (i.e. in privileged mode), but that would put the GPL into very dangerous, and I believe thoroughly undesirable, territory. With such modifications, the hypothetical new GPL would mandate, to use Richard Stallman's terminology, not just freedom of speech, but free beer as well. That has never been the intend of the GPL. Furthermore, the certs required to run the OS or application will in may cases be issued by a party other than the application author or vendor. To continue using Richard's terminology, to cover this case the GPL would need to be rewritten to mandate that a third-party provide the free beer. I will leave it to the attorneys on this list to elucidate on the legal deficiencies of such a hypothetical contract, since I am not an attorney I will simply state that I sincerely doubt such contract would hold up in litigation. Of course I do not believe the FSF would make such changes. Which gets us back to Ross's point that the TCPA threatens the core of the GPL, from which this discussion started. For completeness I would like to state that I have no personal stake in the continued enforceability of the GPL, being a long-time supporter of the BSD licensing scheme myself. [1] 1024-bit RSA keys were rejected during the design phase of the TPM by members of the TCPA, which, as Anonymous pointed out in a previous post, contains several well-known crypto companies. The TCPA's website, which only makes specs, but not design documents, available to the public, unfortunately does not provide any documentation which reasoning lead to this decision. --Lucky Green --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com