[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mass bug filing: Cryptographic protection against modification

On Tue, May 04, 2004 at 11:09:14PM +1000, Matthew Palmer wrote:
> On Tue, May 04, 2004 at 07:44:15AM -0500, John Hasler wrote:
> > Herbert Xu wrote:
> > > Consider the hypothetical case of a piece of firmware for a peripheral
> > > device that is protected by a cryptographic signature such that the
> > > device will reject anything that is not signed using a specific key.

Such devices exist.

> > > Let's further assume that that the said firmware is distributed with
> > > full source (but without the private key used to make the signature)
> > > and a license saying that you can do whatever you wish with it.
> > 
> > Matt writes:
> > > I'll be interested to see what happens when we get software in that
> > > situation proposed for Debian.
> > 
> > Doesn't seem likely.  What purpose would such a thing serve?
> The attempted inclusion of otherwise-DFSG software into Debian main intended
> to run on hardware which will only accept a crypto-signed binary? 
> Presumably because someone wants Debian to support the hardware in question. 
> I will find it interesting to see whether that software is accepted by
> ftpmasters and the debian-legal mavens, as the software licence is Free, but
> the source code is of near-to-zero usefulness,

I'm not sure that's true, since the source code lets you see what the
device is doing: it might be easier to figure out how the interface is
supposed to work, for instance.

Building or modifying the source would be of less use, of course;
although perhaps you might want to emulate modified hardware for testing

Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: