[linux-elitists] Register: The truth about Palladium

Eugen Leitl eugen@leitl.org
Thu Jun 27 05:57:11 PDT 2002


MS to eradicate GPL, hence Linux
By Thomas C Greene in Washington
Posted: 25/06/2002 at 22:30 GMT

Yesterday, as we all know, Microsoft fed an 'exclusive' story about its 
new 'Palladium' DRM/PKI Trust Machine to Newsweek hack Steven Levy (a guy 
who writes without irony of "high-level encryption"), presumably because 
they trusted him not to grasp the technology well enough to question it 
seriously. His un-critical announcement immediately sparked a flurry of 
articles considering what this means to the Windows user base.

And that's as it should be. But my question is, what does it mean to the 
Linux user base?

Well, of course no one knows yet; the Levy article is long on generalized 
promises but very short on details. We know that some hardware element 
will be involved -- some hardened slice of silicon on the mobo which will 
identify the computer and the user, and recognize other computers and 
their users. It, or a companion chip, will interface with some manner of 
PKI, current or future, so that only 'authorized' applications may run 
with privileges. MS wants us to think that the 'authorizer' will be the 
user, but we know better: there will undoubtedly be a DRM element in it, 
and its authorizations will override yours. There will also be a 
networking component, involving an elaborate PKI and vast data warehouses 
run by MS and its trusted partners.

So let's say Intel and AMD begin shipping Palladium-compliant boards as MS 
begins shipping the software to OEMs and shops. And let's say that the 
Redmond spin campaign, persuading users that this is actually for their 
benefit, takes hold, and consumer demand for the scheme begins to grow and 
it eventually becomes a de facto standard, like SSL today, for example.

Got root?
All right then, how do we get Linux and open-source servers and apps to 
work with networks using this master scheme? What changes will be 

The first thing that comes to mind is the difficulty of getting my Apache 
Web server to work seamlessly with Harry Homeowner's Windoze box when he 
comes to my site for some eminently trustworthy business. Everything I 
download to him (and this may even include Web pages -- the scheme is that 
far-reaching) will have some manner of digital cert which MS and its 
family of cronies will have established beforehand. I don't see a problem 
here. The certs will be embedded in the content and I'm merely providing 
space for it to reside. Even pages and images can be digitally signed and 
Harry's box can simply accept them or not according to rules he's worked 
out for himself.

But what if Harry needs to transact business and/or send me something? 
Then I think it gets tricky for two reasons. First, I have to be able to 
assure him that I can't read what he sends (and neither can the script 
kiddies who root my site monthly), and second, I'll probably have to pass 
part of it along 'safely' (as defined by MS) to some other network under 
Redmond suzerainty where the bulk of Harry's whole life's data is stored 
and continually updated. And of course I'll need access to that data so I 
can be sure Harry is Harry and his Mark of the Beast (or whatever MS will 
call his Uniform Identifier) is valid.

So to validate Harry, and to update his Master Data File -- two bits of 
business integral to the Palladium scheme -- I'll need hardware, an OS and 
a server compliant with Redmond specs. Now MS says they're going to make 
the sources to the core of this technology open. But considering 
Microsoft's white-knuckled terror of Linux and open source products in 
general, combined with its established penchant for mining its products 
with hidden little pissers for the competition, I don't think it's 
paranoid to imagine that I may have to turn to a packaged product from a 
major MS partner/collaborator or a Linux distributor who's gone to the 
bother of obtaining certs for the kernel and the apps. But either way 
we'll have major GPL problems, as we'll see below. Indeed, this is going 
to be something of a reductio ad absurdum.

This certification scheme will rip the guts out of the GPL. That is, the 
minute I begin tinkering with my software, my ability to interface with 
the Great PKI in the Sky will be broken. I'll have a Linux box with a GPL, 
all right; but if I exercise the license in any meaningful way I'll render 
my system 'unauthorized for Palladium' and lose business. So instead, I 
imagine I'll be turning to my vendor for support, updates, modifications 
and patches. And I'll be dependent on them for support services at 
whatever price they can wheedle out of me because I dare not lose my 
Palladium authorization. I wonder if the cost of ownership of an 
open-source system will actually be lower than the cost of a proprietary 
system under such circumstances.

If MS can't wipe out Linux, at least they can throw their marketing might 
and obscene quantities of cash into the project of castrating and 
controlling it by rendering the commons hostile to Linux users who still 
have their balls. They can in a sense create a huge market for open/closed 
hybrids, just as I imagined above: a system that comes with a GPL which I 
dare not exercise, and with considerable costs of both purchase and 
ownership. Even Dell might get into the castrated Linux act when they see 
what sort of stranglehold the Palladium scheme will enable them to place 
on it.

But here's the diabolical bit. Linux distributors are going to lose big 
time if they remain faithful to the GPL. Palladium will either break the 
GPL, or if not, break Linux.

Harry's lament
I fully expect to see Linux on the desktop growing rapidly in the next 
several years. The major distros like SuSE and Mandrake are coming along 
nicely with classic Harry features like automatic updates. Hardware 
detection is getting better by the day. Open Office is rapidly approaching 
the point where it imports from and exports to MS office without 
difficulty. The 2.4.x kernel is finally showing signs of the 2.2.x's 
legendary stability. The KDE desktop is looking sharp and working nicely 
now with version 3.0. Mozilla is coming along wonderfully. And now Red Hat 
says it intends to commit seriously to the desktop market.

As the obstacles to Windows migration fall away, inherent virtues like 
better security and privacy (your Linux box does not automatically connect 
to servers at Microsoft whenever you search your hard disk, for example), 
freedom to configure, redemption from the MS update crack-addiction, and 
low cost of ownership will strike more chords with the computing public.

This terrifies MS as much as the enterprise Lintel phenomenon. And it's 
not just cost rationale at play here. There's a revelation in store for 
users once they have something to compare their Windows eXPerience 
against. As home users come to use and understand Linux, they'll 
automatically begin to perceive what a parasite Microsoft really is.

The answer to this will be more parasitism: Palladium is a means of 
infesting the commons with hostile digital fauna. As these new services 
and applications become more plentiful, the need for the Linux desktop to 
deal with them according to Redmond spec will increase as well.

Kernel hackers will have their hands full figuring that one out. How do 
you make Linux interface with a security chip in such a way that untrusted 
applications are sandboxed without taking root away from the machine's 
owner? I think the answer is, 'you can't,' and I imagine Redmond thinks so 
too. And what will Palladium mean to application development? More 
overhead, that's what. Certification authorities charge for their 
services. Some applications in development may have to be scrapped due to 
the costs of certification.

Eventually, as Palladium contagion spreads, the home Linux box will need 
certified open-source apps to run DR-managed content. Here goes the GPL 
again. So I've got this certified app. Fine. I've got the sources. Fine. 
What happens if I decide to build my own binaries? They won't be 
certified. They won't work. So what does the GPL mean to me then? It means 
I can build, or modify and build, an application which will lack the 
digital cert which it needs in order to run the content it was designed to 
run. Only the binaries will be certified (as a moment's reflection will 
make obvious). This is a nail in the GPL's coffin. Yes, I can improve the 
app and give away or maybe even sell my improved version; but first I have 
to prove that it qualifies for certification, and second I have to pay for 
the cert. And when I release it, source and all, only the certified binary 
will function.

The entire concept of root will be out the window. If I build my own or 
re-compile my existing kernel, my certs won't work. I won't be permitted 
to log in to the Microsoft Digital Empire or any of its numerous colonies 
because that little chip on my mobo is going to freak out. Perhaps even my 
certified apps will fail to run. And I can no longer present my Uniform 
Identifier at the digital immigration turnstiles which MS will be setting 
up as I meander through cyberspace. "Sorry, we don't know who you are; 
you'll have to turn back...."

So how is this going to work in practical terms? Will the Linux 
distributors release certified kernels and apps and utilities? I don't see 
how they can avoid it. But what happens to the GPL in that case? Will the 
certification authorities decline to certify the distro if the kernel and 
app sources are included? Or will the machine simply lose its Palladium 
authorization and fail to work properly if apps or the kernel are 
re-compiled or built from external sources?

Either way, the GPL is perverted. Any GPL'd kernel, utility, application, 
whatever, that's designed to be Palladium compliant will have to be 
distributed without certified sources. There's simply no way to ensure 
that a source archive can only be used to build compliant binaries, unless 
GCC is deliberately broken in some radical way and the security hardware 
won't allow other compilers to run (except similarly broken ones).

Will there be a hybrid Linux/hardware package coming out to address this? 
A sort of black box -- a mere desktop appliance not unlike an X-Box or a 
Palladium-enabled Windoze box -- with no compiler, and only user 
privileges, and some hardware chip that prevents modifications to any of 
the binaries except by digitally-signed RPMs pre-approved for Palladium 
compliance? That means basically that MS has got root on my machine, and 
of course it would rip the guts out of the GPL to boot. [Reader Stephen 
Crane points out that Rule Set Based Access Control (RSBAC) might well 
suit such a product, which would then make MS not root but the 'Security 
Officer' of my Linux machine.]

It's the very fact that this appears insoluble to me that helps me realize 
that MS has put tremendous, careful thought into it. To make the commons 
Linux-hostile, MS is taking dramatic steps to make it GPL-hostile. Very 
clever and admirably diabolical.

Of course here I'm assuming Palladium won't become the next Microsoft Bob. 
It could meet with severe consumer rejection, as I hope it will. And so we 
end with a question for lawyers, not for me: is a technically-valid, 
letter-of-the-law GPL which you can't practically exercise violated or 
not? You've got your sources and everything in the distro is GPL'd -- only 
any binaries you choose to build on your own will isolate you from the 
commons. I think MS believes it's found a loophole here. Whether it will 
work or not is another question.

In any case, it's time for Tuxers to take the gloves off.

More information about the linux-elitists mailing list