Linux-Libre and Trechearous Computing

Alexandre Oliva lxoliva at
Wed Feb 17 04:21:35 UTC 2010

On Feb 16, 2010, Ted Smith <teddks at> wrote:

> The TPM by itself would do nothing to prevent free software from being
> installed.

Right.  It's other software that can use TPM to do that, and if you
can't replace that software, then you're screwed.

> What would happen is that the non-free BIOS or pre-kernel code would
> check for a certain signature, and might refuse to boot if it can't
> find it.

Yup.  We call (some cases of) this Tivoization.

> And of course, free software could be written in a malicious way such
> that it could demand any sort of "trusted" operations.

I heard or read somewhere that Tivo's modified version of Linux and GNU
libc do this to prevent you from modifying any of the components of the

Since their (non-Free) boot loader will refuse to boot up the kernel if
the boot partition isn't signed, Tivo prevents any unauthorized changes
to the system, without requiring a fully-frozen root filesystem.

> But the point of free software is that users can modify it; such
> software would probably not exist for long.

Tivo has been around for several years, unfortunately.  And most cell
phones that use GNU/Linux, Android, and even Darwin, are tivoized in
similar ways, rendering the software effectively non-Free, even if you
actually got the source code under a Free Software license (not the case
of phones with Darwin, like the iPhone)

So we can't count on its going away on its own.  We have to take a stand
against it.  But it's not disabling TPM in the kernel that will make any
difference.  When the system reaches the kernel, it's too late for the
TPM modules, or their absence, to save us.  We ought to somehow
intercept the *sale* of these devices, or even their very development.

Alexandre Oliva, freedom fighter
You must be the change you wish to see in the world. -- Gandhi
Be Free! --   FSF Latin America board member
Free Software Evangelist      Red Hat Brazil Compiler Engineer

More information about the linux-libre mailing list