Tivoization

Tivoization /ˈtiːvoʊᵻˌzeɪʃən/ is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term in reference to TiVo's use of GNU GPL licensed software on the TiVo brand digital video recorders (DVR), which actively blocks users from running modified software on its hardware by design.^[1]^[2] Stallman believes this practice denies users some of the freedom that the GNU General Public License (GNU GPL) was designed to protect.^[3] The Free Software Foundation refers to tivoized hardware as "tyrant devices".^[4]

Overview

TiVo's software incorporates the Linux kernel and GNU software, both of which are licensed under version 2 of the GNU General Public License (GPLv2). GPLv2 requires distributors to make the corresponding source code available to each person who receives the software. The goal of this requirement is to allow users of GPL-covered software to modify the software to better suit their purposes.^[5]

However, Stallman asserts that TiVo circumvented this goal by making their products run programs only if the program's digital signature matches those authorized by the manufacturer of the TiVo.^[6] So while TiVo has complied with the GPL v2 requirement to release the source code for others to modify, any modified software will not run on TiVo's hardware.

Linus Torvalds, the original author of the Linux kernel, has said that he personally doesn't like DRM, but on the other hand, argued that it is appropriate for TiVo to decide if they will use digital signatures to limit what software may run on the systems that they sell. Torvalds has stated that he believes the use of private digital signatures on software is a beneficial security tool. Torvalds also believes that software licenses should attempt to control only software, not the hardware on which it runs. So, as long as one has access to the software, and can modify it to run on some other hardware, Torvalds believes there is nothing unethical about using digital signatures to prevent running modified copies of Linux.^[7] Other Linux developers, including Alan Cox, have expressed divergent opinions.^[8]

Stallman and the Free Software Foundation have attempted to respond to some of these concerns. They have stated that their goal is for GPLv3 to allow private digital signatures for security purposes, but to still prevent tivoization.

Response

In 2006, Free Software Foundation (FSF) decided to combat TiVo's technical system of blocking users from running modified software. As the FSF was developing a new version of the GNU General Public License (GPL v3), it included language that prohibited this activity.^[9] The operating system kernel included in the TiVo is distributed under the terms of the GPL, and the FSF's goal is to ensure that all recipients of software licensed under the new GPL are not restricted by hardware constraints on the modification of distributed software. This new license provision was acknowledged by TiVo in its April 2007 SEC filing: "we may be unable to incorporate future enhancements to the GNU/Linux operating system into our software, which could adversely affect our business".^[10] The Linux kernel has not been changed to use GPL v3 due to certain problems perceived by its maintainers.^[11]^[12]^[13]

GPLv3

One of the goals of GPL Version 3 is to prevent "tivoization". According to Eben Moglen, "the licence should prohibit technical means of evasion of its rules, with the same clarity that it prohibits legal evasion of its rules."^[14]

Draft 2 of GPLv3 attempted to clarify this.^[15] However, some Linux kernel developers were still concerned that draft 2 GPLv3 may still prohibit beneficial uses of digital signatures.^[16]

In the third and fourth discussion drafts of GPLv3, released March 28, 2007 and May 31, 2007 respectively, the anti-tivoization clause was limited so as not to apply when the software is distributed to a business.^[17] Thus, medical devices and voting machines would not be covered. The final, official GPLv3 was published on June 29, 2007 with no major changes in respect to tivoization relative to the fourth draft.

Linus Torvalds said he was "pretty pleased" with the new draft's stance on DRM.^[18] However, he still does not support relicensing the Linux kernel under GPLv3, stating that:^[19]

[Stallman] calls it "tivoization", but that's a word he has made up, and a term I find offensive, so I don't choose to use it. It's offensive because Tivo never did anything wrong, and the FSF even acknowledged that. The fact that they do their hardware and have some DRM issues with the content producers and thus want to protect the integrity of that hardware. The kernel license covers the *kernel*. It does not cover boot loaders and hardware, and as far as I'm concerned, people who make their own hardware can design them any which way they want. Whether that means "booting only a specific kernel" or "sharks with lasers", I don't care.

In any case, offering the Linux kernel under a different license would likely be infeasible because of its very large number of copyright holders. Unlike most GPL software, the kernel is licensed only under GPLv2 without the wording "or, at your option, any later version", therefore the explicit agreement of all copyright holders would be required to license it under a new version.^[20]

Some other projects widely used in tivoized embedded systems, such as BusyBox, have also declined to move to GPLv3.^[21]

References

↑ https://www.gnu.org/licenses/gpl-faq.html#Tivoization GNU.org Frequently Asked Questions about the GNU Licenses
↑ https://www.gnu.org/licenses/quick-guide-gplv3.html A Quick Guide to GPLv3
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Linus Torvalds says GPL v3 violates everything that GPLv2 stood for Debconf 2014, Portland (accessed 11 March, 2015)
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Linus Torvalds. "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3", Message to the Linux Kernel Mailing List dated Wed, 13 Jun 2007 14:33:07 -0700 (PDT)
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.

External links

Free Software Foundation definition of "Tivoization"
An Introduction to Tivoization by The Linux Information Project (LINFO)
Stallman, Torvalds, Moglen share views on DRM and GPLv3 - by Shashank Sharma August 9, 2006, from Newsforge
TiVo's GPL-required modifications to the Linux kernel, glibc, and other software
Richard Stallman's explanations of "tivoisation":
Eben Moglen's explanations:
- Spain, June 2006
Ciarán O'Riordan's explanations:
- Japan, November 2006
- Tivoisation explained - implementation and harms (article)
"Using a hypervisor to reconcile GPL and proprietary embedded code" article with a focus on Tivoization

[1] ttps://www.gnu.org/licenses/gpl-faq.html#Tivoization GNU.org Frequently Asked Questions about the GNU Licenses

[2] ttps://www.gnu.org/licenses/quick-guide-gplv3.html A Quick Guide to GPLv3

[3] Lua error in package.lua at line 80: module 'strict' not found.

[tyrants-4] Lua error in package.lua at line 80: module 'strict' not found.

[5] Lua error in package.lua at line 80: module 'strict' not found.

[6] Lua error in package.lua at line 80: module 'strict' not found.

[7] Lua error in package.lua at line 80: module 'strict' not found.

[8] Lua error in package.lua at line 80: module 'strict' not found.

[9] Lua error in package.lua at line 80: module 'strict' not found.

[10] Lua error in package.lua at line 80: module 'strict' not found.

[linuxlicense-11] Lua error in package.lua at line 80: module 'strict' not found.

[12] Lua error in package.lua at line 80: module 'strict' not found.

[13] Linus Torvalds says GPL v3 violates everything that GPLv2 stood for Debconf 2014, Portland (accessed 11 March, 2015)

[14] Lua error in package.lua at line 80: module 'strict' not found.

[15] Lua error in package.lua at line 80: module 'strict' not found.

[16] Lua error in package.lua at line 80: module 'strict' not found.

[17] Lua error in package.lua at line 80: module 'strict' not found.

[18] Lua error in package.lua at line 80: module 'strict' not found.

[19] Linus Torvalds. "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3", Message to the Linux Kernel Mailing List dated Wed, 13 Jun 2007 14:33:07 -0700 (PDT)

[20] Lua error in package.lua at line 80: module 'strict' not found.

[21] Lua error in package.lua at line 80: module 'strict' not found.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

v t e Free and open-source software
General	Alternative terms for free software Comparison of open source and closed source Comparison of source code hosting facilities Free software Free software project directories Gratis versus libre Long-term support Open-source software Open-source software development Outline
Software packages	Audio Bioinformatics Codecs Collaboration Configuration management Geophysics Health Mathematics Operating systems Programming languages Routing Statistics Television Video games Web applications Content management systems E-commerce Wireless drivers Word processors Android apps iOS apps Commercial Trademarked Formerly proprietary
History	BSD GNU Haiku Linux Mozilla
Community	Free software movement Open-source movement Organizations Events
Licenses	Apache APSL Artistic Beerware Boost BSD CC0 CDDL EPL GNU GPL GNU LGPL ISC MIT MPL Ms-PL/RL WTFPL zlib
License types and standards	Comparison of free and open-source software licenses Contributor License Agreement Copyfree Copyleft Debian Free Software Guidelines Definition of Free Cultural Works Free license The Free Software Definition The Open Source Definition Open-source license Permissive free software licence Public domain Viral license
Challenges	Binary blob Digital rights management Free and open-source graphics device driver Lack of wireless driver support Hardware restrictions License proliferation Mozilla software rebranding Proprietary software SCO–Linux controversies Secure boot Software patents Software security Trusted Computing
Related topics	The Cathedral and the Bazaar Forking Microsoft Open Specification Promise Revolution OS
Book Category Commons Portal

Tivoization

Contents

Overview

Response

GPLv3

See also

References

External links

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools