Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

RE: Linux kernel and DRM
Goto page Previous  1, 2, 3, 4, 5  Next
 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
Rhakios
Moderator


Joined: Thu Apr 07, 2005 12:18 am
Posts: 7628
Location: Midlands, UK

PostPosted: Mon Jun 18, 2012 10:05 pm    Post subject: Reply with quote

It wasn't intended to be a specific indication of all the DRM in the kernel, I was just showing where you would find what's compiled into your kernel (in the config file in boot) and a way of locating one particular thing that has happened to come up during the discussion. This happens to be an Ubuntu system and as you can see the offending Intel entry is compiled in, on the other hand, it's running on an AMD processor, so I don't expect it's doing anything.

Overall, I'd be inclined to load the config file into a text editor and then use Find to look for offending entries, then when you want to recompile the kernel you can just change those entries.
_________________
Bye, Rhakios
Back to top
View user's profile Send private message
Ombra



Joined: Sat May 26, 2012 2:00 am
Posts: 20

PostPosted: Mon Jun 18, 2012 10:14 pm    Post subject: Ah yes... Reply with quote

nelz wrote:
Ombra wrote:
Yes, CONFIG_INTEL_TXT "can be used to prevent changes to the kernel for security reasons." What apologists always seem to forget to mention is them other far less benign things it can be used for.


The same applies to kitchen knives, that's no reason to get rid of them.

CONFIG_INTEL_TXT is an OPTION that can be used by those building custom kernels for use in their corporate environment, it is not intended to be used, nor is it used, by standard desktop distros.

It is there for the owner of the computer to prevent its misuse, not for someone other than the owner to control your use of it.

Your trying to link anything security related to DRM is as bad as the opposite stance taken on "secure boot" where the name implies that disabling it makes the computer insecure and therefore that operating system that need it disabled (i.e. Linux) are somehow less secure than good old Windows.


and it also applies to guns, yet everyone and his mother thinks that's plenty of reason to get rid of them. The same tired argument was put out by Lil Billie to defend Palladium, then NGSCB, and so on. It didn't fly back then, but seems to work well now. Goes to show that you may not be able to fool all the people all the time, but if you lie big enough and repeat it oft enough, you can fool most of the people most of the time.

I'm not trying to "link anything security related to DRM". This crud was DRM as Palladiuim. It was DRM as NGSCB. Changing its name to Trusted Computing' and having Intel front it does not change its nature. Research its history. Compare Palladium to NGSCB to Lagrande to Trusted Computing. Note the differences (few) to the simularities (many). Torvald may think he has pulled its fangs and declawed it...I see it as still a wolf in sheeps clothing.

Well, at least Billie and his cohorts at TCG ain't pulled the wool over your eyes with their secure boot scam...yet.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8457
Location: Warrington, UK

PostPosted: Mon Jun 18, 2012 10:42 pm    Post subject: Reply with quote

No, guns are designed to kill people, kitchen knives are designed for chopping vegetables but can also be used to kill people. The point is that much of the stuff you object to is not intended to control your usage of your computer, and none of it is compulsory.

I suggest you sit back and spend some time reading and thinking about what has been posted here before jumping in again.

A good rule of thumb in forum discussions, if everyone disagrees with your point of view, you usually need to rethink your stance.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3447
Location: Birmingham, UK

PostPosted: Tue Jun 19, 2012 9:36 am    Post subject: Reply with quote

Actually, that is just a list of all Intel related items, if you remove all of them you will probably end up with a non-functioning system.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
Back to top
View user's profile Send private message
Rhakios
Moderator


Joined: Thu Apr 07, 2005 12:18 am
Posts: 7628
Location: Midlands, UK

PostPosted: Tue Jun 19, 2012 8:46 pm    Post subject: Reply with quote

wyliecoyoteuk wrote:
Actually, that is just a list of all Intel related items, if you remove all of them you will probably end up with a non-functioning system.


I said it was a way of finding one item that had cropped up in this discussion, I didn't say that it didn't find other things as well (of course it did, given the search terms). Why do people get so nit-picky?
_________________
Bye, Rhakios
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3447
Location: Birmingham, UK

PostPosted: Tue Jun 19, 2012 8:59 pm    Post subject: Reply with quote

Rhakios wrote:
wyliecoyoteuk wrote:
Actually, that is just a list of all Intel related items, if you remove all of them you will probably end up with a non-functioning system.


I said it was a way of finding one item that had cropped up in this discussion, I didn't say that it didn't find other things as well (of course it did, given the search terms). Why do people get so nit-picky?


I wasn't criticising your post, just explaining it out to the OP, who seemed to have assumed that it was ALL DRM Razz
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
Back to top
View user's profile Send private message
Rhakios
Moderator


Joined: Thu Apr 07, 2005 12:18 am
Posts: 7628
Location: Midlands, UK

PostPosted: Tue Jun 19, 2012 9:06 pm    Post subject: Reply with quote

wyliecoyoteuk wrote:

I wasn't criticising your post, just explaining it out to the OP, who seemed to have assumed that it was ALL DRM Razz


Not the way I read his reply, but still. It does show all the Intel entries, including some that might be bothersome for those worried about "DRM".
Anyway, if one's first attempt to compile a kernel from source boots properly, one just hasn't been trying hard enough. Razz Razz
_________________
Bye, Rhakios
Back to top
View user's profile Send private message
Ombra



Joined: Sat May 26, 2012 2:00 am
Posts: 20

PostPosted: Wed Jun 20, 2012 3:06 am    Post subject: Reply with quote

Rhakios wrote:
It wasn't intended to be a specific indication of all the DRM in the kernel, I was just showing where you would find what's compiled into your kernel (in the config file in boot) and a way of locating one particular thing that has happened to come up during the discussion. This happens to be an Ubuntu system and as you can see the offending Intel entry is compiled in, on the other hand, it's running on an AMD processor, so I don't expect it's doing anything.

Overall, I'd be inclined to load the config file into a text editor and then use Find to look for offending entries, then when you want to recompile the kernel you can just change those entries.


Well, full list or not it looked dang good to me, and expect it to cut down at least some Google work, so much appreciated!

Don't expect too much from AMD processors. I've been running across some distasteful info on them, that suggests they have at least begun to join the DRM fanclub. Looks like AMD-V and maybe VT-x or VT-d is in the PhenomII x6. Have to research it more.
Back to top
View user's profile Send private message
Ombra



Joined: Sat May 26, 2012 2:00 am
Posts: 20

PostPosted: Wed Jun 20, 2012 3:19 am    Post subject: Reply with quote

Rhakios wrote:
wyliecoyoteuk wrote:

I wasn't criticising your post, just explaining it out to the OP, who seemed to have assumed that it was ALL DRM Razz


Not the way I read his reply, but still. It does show all the Intel entries, including some that might be bothersome for those worried about "DRM".
Anyway, if one's first attempt to compile a kernel from source boots properly, one just hasn't been trying hard enough. Razz Razz


I had thought it was all DRM related (where Intel is concerned its automatically suspect) but rest asured I will google each and every item on that list before doing any deletion.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8457
Location: Warrington, UK

PostPosted: Wed Jun 20, 2012 9:48 am    Post subject: Reply with quote

Intel is one of the major contributors to the kernel, most of it related to hardware support. Even the one item that is vaguely DRM-related is only support for specific Intel business hardware and not affecting user-owners.

Most importantly - even the parts you object too are open source and therefore completely under your control on any computer you administer.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
Paradigm Shifter



Joined: Sat May 19, 2012 1:16 pm
Posts: 84

PostPosted: Wed Jun 20, 2012 5:30 pm    Post subject: Reply with quote

I've hesitated to join this discussion, as interesting as I've been finding it, but would like to respond to one particular point raised...

Ombra wrote:
Don't expect too much from AMD processors. I've been running across some distasteful info on them, that suggests they have at least begun to join the DRM fanclub. Looks like AMD-V and maybe VT-x or VT-d is in the PhenomII x6. Have to research it more.

They're virtualisation extensions, and particularly useful in the server space now that a lot of companies seem to have jumped on the 'virtual server' bandwagon; I'm afraid there it's a case of "if one competitor has it, the other needs it or loses by default", and whether or not they can be used for the purposes of Rights/Restrictions Management is somewhat moot.

If you want a CPU without AMD-V, you're going to have to go back a long way - "Pacifica" tech started to be integated into CPUs with the Athlon 64. Although amusingly the socket 939 CPUs didn't support it IIRC.

VT-x is the Intel equivalent, which began to appear in the Pentium 4. Some mobos will allow dis/en-abling it in the BIOS, so you at least have the option of disabling it in hardware. VT-d is the latest version (Nahalem and newer CPUs, not all of them have it, will need to check in Intel Ark for exactly which ones) the AMD version is AMD-Vi... both allow more direct hardware I/O from a virtual machine.

While I'm sure that improving virtualisation could be used for Rights/Restrictions Management (at least as far as improving the security of the guest OS from the host OS and vice versa) none of those techs appear to be aimed solely at implementing DRM in the manner you appear to be concerned about. The things i'd be worried about are NX bit and Trusted eXecution Tech along with their AMD equivalents - while TXT gets paired with VT-d, that pairing appears to be using VT-d to assist in isolation of memory/hardware allocations - essentially it appears that TXT uses VT-d to interact like a virtual machine with hardware when dealing with 'DRM enabled' software requiring it.

However, that use of VT-d by TXT does not appear to make VT-d a 'nasty' in its own right... but it can be when called upon by TXT.

I'm by no means an expert on this stuff though. Smile
Back to top
View user's profile Send private message
Ombra



Joined: Sat May 26, 2012 2:00 am
Posts: 20

PostPosted: Sat Jun 23, 2012 12:20 am    Post subject: Reply with quote

lok1950 wrote:
As nelz has mention roll your own kernel from the source code leaving out the doggy bits lots of documentation on the web on doing that for just about all distros but you are being at bit paranoid as there is no current implementation of DRM on Linux mainstream distro kernels,it is a possibility but remote as there is no need for it in most home/commercial installations so in their policy distro's do not include those modules of the kernel to keep it's size down.

Enjoy the Choice Smile


So can you recommend any specific distro/kernel that is 100% free of the following (what I consider to be) nasties?

TPM device driver
12C Driver for TPM
MEI Driver
LMS Driver
libtpm
tpm_tis
tpm_bios
CONFIG_INTEL_TXT
CONFIG_INTEL_TXT
LINUX_TBOOT.H
Xen
Linux Integrity Management Architecture
TrustedGRUB
EVM/IMA
TrouSerS
Trusted Path Execution LSM
Linux Integrity Module
Enforcer LSM
Trusted Linux Client
Trusted Network Connect (libtnc?)
Intel AMT Linux Components
AMT Configuration Utility
amtterm(1), amttool(1), and gamt(1)
Platform Trust Services
UBoot
NX bit support (HIGHMEM64 ?)
Back to top
View user's profile Send private message
Ombra



Joined: Sat May 26, 2012 2:00 am
Posts: 20

PostPosted: Sat Jun 23, 2012 12:32 am    Post subject: Many thanks! Reply with quote

Rhakios wrote:
You could always start with gNewSense, if it's good enough for RMS it should meet at least some of your needs.


While researching this I also came across these distros:
BLAGLinux
Trisquel
Dragora GNU
and this kernel version:
GNU Linux-libre
Do you know for certain that gNewSense (or any of the above) are 100% free of all Trusted Computing 'features'?
Back to top
View user's profile Send private message
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4259
Location: wild West Wales

PostPosted: Sat Jun 23, 2012 9:52 am    Post subject: Reply with quote

Ombra what on earth are you on about? Are you chasing shadows?
_________________
still looking for that door into summer
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8457
Location: Warrington, UK

PostPosted: Sat Jun 23, 2012 12:05 pm    Post subject: Reply with quote

Install Debian using only the free repositories and recompile the kernel using only the options you want and need. Simples.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Linux Format forums Forum Index -> Help! All times are GMT
Goto page Previous  1, 2, 3, 4, 5  Next
Page 3 of 5

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast