grub to help refund of pre-installations

grub to help refund of pre-installations

[Yoshinori K. Okuji]

Hello,

Some french-speaking people might have read this, but I would like to explain 
some ideas, since I am involved with this news somehow:

http://www.zdnet.fr/actualites/informatique/0,39040745,39382177,00.htm

This news, basically, says that my company will provide a solution to 
activating pre-installed software in a computer, after entering an access 
code with cryptography, using GRUB 2.

That is a response to a public statement from the secretary of the agency for 
consumers in France:

http://www.premier-ministre.gouv.fr/chantiers/politique_numerique_1308/ordinateurs_systemes_exploitation_luc_60518.html

He proposed, in the interview, an idea that computers should display the price 
of pre-installed software in sellers, and so the consumers may have an option 
to get refund (if they don't use it).

We have made the press release, because:

- Many Free Software users, as well as ourselves, have been paying for the 
so-called "Windows Tax", even though they don't use Windows. This is like 
donating money for proprietary software, so even if we use Free Software, we 
are still helping proprietary software. Also, this is clearly a waste of 
money.

- Having an option to select no pre-installed software, can make people aware 
of other possibilities, such as using GNU/Linux. So this promotes the usage 
of Free Software, especially after they recognize how much they have been 
paying for proprietary software, and that it is possible to have an usable 
system, even without paying anything.

- If the solution depends on Microsoft, such as modifying Windows, to follow 
the idea, we can easily guess that Microsoft would be reluctant to deal with 
it, and suspend such a movement for years (if you don't agree, please look at 
the long history of the antitrust case in EU against Microsoft). Also, it is 
a good thing that the solution would be implemented with Free Software, 
because we can study how it works.

However, the article does never mention GNU or my name, because I didn't want 
to imply that it were as if the decision had been made officially. I didn't, 
because of some reasons:

- I hadn't discussed the idea with other developers before. Even if I am the 
official maintainer, I don't like to make an important decision solely by 
myself.

- I am not very comfortable with the technology, because it smells like DRM. 
It is not really DRM, because the data is permanently decrypted, once an 
access code is entered, so the user can obtain raw data, and reuse it freely 
from technical point of view. But I still think that it is very similar to 
DRM, so I am very afraid that implementating this kind of feature might 
encourage using GRUB for DRM.

- I know that some people don't want to be involved with any kind of political 
activities or commercial entities, even when it does help Free Software. I 
personally don't agree with such an attitude, but I still need to appreciate 
others' philosophies.

So, my current plan is to help this work only under the name of my company, 
but not as the official maintainer, and I will not incorporate the result 
into the official source code. I might check in patches, when they are 
generally useful, and nothing with DRM. But the very feature will not be a 
part of genuine GRUB, but be provided as a form of a patch. Anyway, GRUB 2 
has been developed in the way that third parties can make extensions easily, 
so it is not hard to maintain an optional feature externally.

Lastly, I would like to note that I wish to see similar decisions in other 
countries. I myself always feel that it is quite silly that we must pay for 
unused software, every time when we purchase a new computer.

Thanks,
Okuji

Re: grub to help refund of pre-installations

[Jean-Christophe Haessig]

[-- Attachment #1: Type: text/plain, Size: 508 bytes --]

Le mardi 08 juillet 2008 à 07:32 +0200, Yoshinori K. Okuji a écrit :

<snip>

In fact, you want to write a GRUB module which deciphers a partition
when given a key. That's no DRM in any way. In the DRM world, users
don't (and can't) get the real keys.

JC

-- 
AVIS : Falsifier le contenu et usurper l'identité des auteurs des courriers
électroniques étant simplissime, j'exhorte mes correspondants à utiliser un
logiciel de signature électronique. Lire : http://openpgp.vie-privee.org/

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: grub to help refund of pre-installations

[Yoshinori K. Okuji]

On Tuesday 08 July 2008 07:57:30 Jean-Christophe Haessig wrote:
> Le mardi 08 juillet 2008 à 07:32 +0200, Yoshinori K. Okuji a écrit :
>
> <snip>
>
> In fact, you want to write a GRUB module which deciphers a partition
> when given a key. That's no DRM in any way. In the DRM world, users
> don't (and can't) get the real keys.

You are completely right. I don't try to mean that it is a sort of DRM by 
itself. My concern is rather about making it too easy to implement DRM on the 
top of GRUB. For example, if the logic is present, it is very straightforward 
to get a key from somewhere else but an user input (e.g. by using a BIOS 
call), and hide it from the user. I can think of many nasty ways to hide the 
key, even if GRUB is free.

This is feasible technically anyway, by implementing everything, without 
having support functions in the core. However, I am not willing to help such 
effort officially.

Regards,
Okuji

Re: grub to help refund of pre-installations

[Robert Millan]

On Sun, Jul 13, 2008 at 03:45:18AM +0200, Yoshinori K. Okuji wrote:
> On Tuesday 08 July 2008 07:57:30 Jean-Christophe Haessig wrote:
> > Le mardi 08 juillet 2008 à 07:32 +0200, Yoshinori K. Okuji a écrit :
> >
> > <snip>
> >
> > In fact, you want to write a GRUB module which deciphers a partition
> > when given a key. That's no DRM in any way. In the DRM world, users
> > don't (and can't) get the real keys.
> 
> You are completely right. I don't try to mean that it is a sort of DRM by 
> itself. My concern is rather about making it too easy to implement DRM on the 
> top of GRUB. For example, if the logic is present, it is very straightforward 
> to get a key from somewhere else but an user input (e.g. by using a BIOS 
> call), and hide it from the user. I can think of many nasty ways to hide the 
> key, even if GRUB is free.

TC/DRM proponents tend to mix legitimate security features with their
handcuffware in order to confuse the public.

I think the best response to this is to implement any security features
as long as they're legitimate and don't rely on treachery-encumbered
technology (such as TPMs).  This would contribute to split both things,
and when they're only left with their illegitimate features, they've
already lost (because nobody will buy them).

What's happening nowadays is that people start to use TPMs as if they were
a security feature, which is really bad as it reduces opposition to them
dramaticaly.  I think the technical benefit they get by reusing our code is
minimal in comparison.

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What good is a phone call… if you are unable to speak?
(as seen on /.)

Re: grub to help refund of pre-installations

[Robert Millan]

On Tue, Jul 15, 2008 at 03:43:39PM +0200, Robert Millan wrote:
> and when they're only left with their illegitimate features, [...]

or maybe I should say "anti-features"

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What good is a phone call… if you are unable to speak?
(as seen on /.)

Re: grub to help refund of pre-installations

[Michael Gorven]

[-- Attachment #1: Type: text/plain, Size: 689 bytes --]

On Tuesday 08 July 2008 07:32:40 Yoshinori K. Okuji wrote:
> This news, basically, says that my company will provide a solution to
> activating pre-installed software in a computer, after entering an access
> code with cryptography, using GRUB 2.

I have been working on adding support for encrypted partitions to GRUB2. It 
includes a generic crypto module with numerous ciphers and hashes, which may 
be useful to you. My patch[1] is still waiting for further review and for 
some legal issues to be addressed.

Michael

[1] http://lists.gnu.org/archive/html/grub-devel/2008-05/msg00157.html

-- 
http://michael.gorven.za.net
PGP Key ID 6612FE85
S/MIME Key ID D33AEB31

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: grub to help refund of pre-installations

[Robert Millan]

On Tue, Jul 08, 2008 at 08:24:33AM +0200, Michael Gorven wrote:
> On Tuesday 08 July 2008 07:32:40 Yoshinori K. Okuji wrote:
> > This news, basically, says that my company will provide a solution to
> > activating pre-installed software in a computer, after entering an access
> > code with cryptography, using GRUB 2.
> 
> I have been working on adding support for encrypted partitions to GRUB2. It 
> includes a generic crypto module with numerous ciphers and hashes, which may 
> be useful to you. My patch[1] is still waiting for further review and for 
> some legal issues to be addressed.

I think what Okuji said means merging it in GRUB 2 is not a prerequisite
for this plan:

<quote>
So, my current plan is to help this work only under the name of my company,
but not as the official maintainer, and I will not incorporate the result
into the official source code. I might check in patches, when they are
generally useful, and nothing with DRM. But the very feature will not be a
part of genuine GRUB, but be provided as a form of a patch. Anyway, GRUB 2
has been developed in the way that third parties can make extensions easily,
so it is not hard to maintain an optional feature externally.
</quote>

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What good is a phone call… if you are unable to speak?
(as seen on /.)

Re: grub to help refund of pre-installations

[Michael Gorven]

[-- Attachment #1: Type: text/plain, Size: 1062 bytes --]

On Saturday 12 July 2008 16:39:21 Robert Millan wrote:
> On Tue, Jul 08, 2008 at 08:24:33AM +0200, Michael Gorven wrote:
> > On Tuesday 08 July 2008 07:32:40 Yoshinori K. Okuji wrote:
> > > This news, basically, says that my company will provide a solution to
> > > activating pre-installed software in a computer, after entering an
> > > access code with cryptography, using GRUB 2.
> >
> > I have been working on adding support for encrypted partitions to GRUB2.
> > It includes a generic crypto module with numerous ciphers and hashes,
> > which may be useful to you. My patch[1] is still waiting for further
> > review and for some legal issues to be addressed.
>
> I think what Okuji said means merging it in GRUB 2 is not a prerequisite
> for this plan:

I agree. I was just pointing out that my work may be useful and could save him 
some effort. His module could use the ciphers and hashes from my patch 
instead of reimplementing them again.

Michael

-- 
http://michael.gorven.za.net
PGP Key ID 6612FE85
S/MIME Key ID D33AEB31

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: grub to help refund of pre-installations

[Yoshinori K. Okuji]

On Saturday 12 July 2008 16:59:20 Michael Gorven wrote:
> On Saturday 12 July 2008 16:39:21 Robert Millan wrote:
> > On Tue, Jul 08, 2008 at 08:24:33AM +0200, Michael Gorven wrote:
> > > On Tuesday 08 July 2008 07:32:40 Yoshinori K. Okuji wrote:
> > > > This news, basically, says that my company will provide a solution to
> > > > activating pre-installed software in a computer, after entering an
> > > > access code with cryptography, using GRUB 2.
> > >
> > > I have been working on adding support for encrypted partitions to
> > > GRUB2. It includes a generic crypto module with numerous ciphers and
> > > hashes, which may be useful to you. My patch[1] is still waiting for
> > > further review and for some legal issues to be addressed.
> >
> > I think what Okuji said means merging it in GRUB 2 is not a prerequisite
> > for this plan:
>
> I agree. I was just pointing out that my work may be useful and could save
> him some effort. His module could use the ciphers and hashes from my patch
> instead of reimplementing them again.

Yes. I will use your patch. I also would like to consider whether or how we 
should incorporate your patch into the official repository. Since ciphers are 
useful for many different things, I think the question is only about the API 
or the code structure.

Regards,
Okuji

Re: grub to help refund of pre-installations

[Vesa Jääskeläinen]

Yoshinori K. Okuji wrote:
> On Saturday 12 July 2008 16:59:20 Michael Gorven wrote:
>> On Saturday 12 July 2008 16:39:21 Robert Millan wrote:
>>> On Tue, Jul 08, 2008 at 08:24:33AM +0200, Michael Gorven wrote:
>>>> On Tuesday 08 July 2008 07:32:40 Yoshinori K. Okuji wrote:
>>>>> This news, basically, says that my company will provide a solution to
>>>>> activating pre-installed software in a computer, after entering an
>>>>> access code with cryptography, using GRUB 2.
>>>> I have been working on adding support for encrypted partitions to
>>>> GRUB2. It includes a generic crypto module with numerous ciphers and
>>>> hashes, which may be useful to you. My patch[1] is still waiting for
>>>> further review and for some legal issues to be addressed.
>>> I think what Okuji said means merging it in GRUB 2 is not a prerequisite
>>> for this plan:
>> I agree. I was just pointing out that my work may be useful and could save
>> him some effort. His module could use the ciphers and hashes from my patch
>> instead of reimplementing them again.
> 
> Yes. I will use your patch. I also would like to consider whether or how we 
> should incorporate your patch into the official repository. Since ciphers are 
> useful for many different things, I think the question is only about the API 
> or the code structure.

Hi,

Could you also think about different password hashing schemes and other 
user authenticity cases while designing this.

Thanks,
Vesa Jääskeläinen