Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

RE: Linux kernel and DRM
Goto page Previous  1, 2, 3, 4, 5  Next
 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8364
Location: Warrington, UK

PostPosted: Fri Jun 15, 2012 1:00 am    Post subject: Reply with quote

Ombra wrote:
The point being whatever you want to call these bits & pieces of code (or whatever) they are in the kernel. Secondly, whether you view them as harmless or not, I'd like to find a list of them so I can eradicate them (once I learn how).


They are in the kernel source, because the kernel also runs on many embedded systems that require such controls. That does not mean the code is enabled in kernels supplied with distros.

If you want to make sure your kernel contains none of the features you dislike, compile your own.

Incidentally, the only references to Trusted Gentoo that Google turned up for me was a 7+ year old announcement of a project to use TCP with Gentoo, no mention since and no mention of DRM anywhere.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
Ombra



Joined: Sat May 26, 2012 2:00 am
Posts: 20

PostPosted: Sat Jun 16, 2012 11:56 pm    Post subject: Reply with quote

wyliecoyoteuk wrote:
Your biggest mistake is to regard any hardware linked security measures as DRM.
As a sysadmin, being able to certify that my kernel is not tampered with is very important.
As a consumer, I would not be so worried.
Most freely distributable Distros probably do not contain much, if any of the code, that you resent.
However, even if you clear the Kernel, you cannot remove it from the hardware that you use.
HDCP is not supported under Linux, for example, and is largely irrelevant unless you want to play protected media such as Blu-ray disks.

I wish you luck with your investigations.

By the way, there is only one current version of the kernel, although it may be compiled differently by different distros to add or remove different functions. You can always compile your own from the source code and leave out all the stuff that you don't want.


Again, we differ. I do not regard all "hardware linked security measures as DRM." On the other hand, I've absolutely no problem calling a spade a spade. As me Granny used to say "If it walks like a duck and quacks like a duck, its a duck"...and Trusted Computing is definitely quacking.You just prefer not to hear it, because of that nice juicy carrot-on-a-stick that TCG is offering. And that's okay. I understand why you and others think this crud is just 'the best new thing'.
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
Again, we differ.
Lets play Batman, and I'll be the Riddler. Riddle me this Batman (maniacal laughter)...what's the difference between Trusted Computing, LaGrande, Longhorn, NGSCB, and Microsoft Palladium? Tune in same bat time, same bat channel for the answer...or you could just research it yourself!
You think the possible benefit outweighs all the possible risks. I see it the opposite. Some no doubt think the benefit of playing Sony CDs on their PC makes the rootkit acceptable. I do not.
Yes, CONFIG_INTEL_TXT "can be used to prevent changes to the kernel for security reasons." What apologists always seem to forget to mention is them other far less benign things it can be used for. But thats up to each individual to decide whether the risk is less than the benefit. It ain't my calling to convert you to the DRM resistance movement. All I care about is getting me a DRM-free OS, and finding help to get-er-done!
Back to top
View user's profile Send private message
lok1950
LXF regular


Joined: Tue May 31, 2005 6:31 am
Posts: 1016
Location: Ottawa

PostPosted: Sun Jun 17, 2012 1:22 am    Post subject: Reply with quote

As nelz has mention roll your own kernel from the source code leaving out the doggy bits lots of documentation on the web on doing that for just about all distros but you are being at bit paranoid as there is no current implementation of DRM on Linux mainstream distro kernels,it is a possibility but remote as there is no need for it in most home/commercial installations so in their policy distro's do not include those modules of the kernel to keep it's size down.

Enjoy the Choice Smile
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3422
Location: Birmingham, UK

PostPosted: Sun Jun 17, 2012 9:33 am    Post subject: Reply with quote

As ever, there is a difference between what something can be used for and what it is actually used for.
That 9 year old article on Trusted Computing is mentioned in this more up to date article which might interest you, maybe you should stop using your phone? Wink

Sony root kits were illegal, secure signing with consent is not.
Without similar security methods, it would be impossible to use the web for commerce, and yet you don't, I suppose, see that as DRM?
Yes, TXT can be used for DRM, but that is not its primary purpose.
Anyway, as several posters have stated, it remains optional and its drivers are unlikely to be in any free distros' kernels.

Any security system can be used for DRM, simply because that is what DRM is, a way of using a security system.
Would you outlaw breadknives because some people use them as weapons?
Smile
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8364
Location: Warrington, UK

PostPosted: Sun Jun 17, 2012 11:17 am    Post subject: Reply with quote

lok1950 wrote:
As nelz has mention roll your own kernel from the source code leaving out the doggy bits


Does that give you the opposite of Puppy Linux? Very Happy
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8364
Location: Warrington, UK

PostPosted: Sun Jun 17, 2012 11:23 am    Post subject: Reply with quote

Ombra wrote:
Yes, CONFIG_INTEL_TXT "can be used to prevent changes to the kernel for security reasons." What apologists always seem to forget to mention is them other far less benign things it can be used for.


The same applies to kitchen knives, that's no reason to get rid of them.

CONFIG_INTEL_TXT is an OPTION that can be used by those building custom kernels for use in their corporate environment, it is not intended to be used, nor is it used, by standard desktop distros.

It is there for the owner of the computer to prevent its misuse, not for someone other than the owner to control your use of it.

Your trying to link anything security related to DRM is as bad as the opposite stance taken on "secure boot" where the name implies that disabling it makes the computer insecure and therefore that operating system that need it disabled (i.e. Linux) are somehow less secure than good old Windows.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
Ombra



Joined: Sat May 26, 2012 2:00 am
Posts: 20

PostPosted: Sun Jun 17, 2012 10:39 pm    Post subject: Thanks! Reply with quote

Rhakios wrote:
You could always start with gNewSense, if it's good enough for RMS it should meet at least some of your needs.


It looks really interesting...have to research it to be certain it fits the bill. I don't suppose anyone at this forum is a user/pundit?
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3422
Location: Birmingham, UK

PostPosted: Sun Jun 17, 2012 11:05 pm    Post subject: Reply with quote

nelz wrote:
lok1950 wrote:
As nelz has mention roll your own kernel from the source code leaving out the doggy bits


Does that give you the opposite of Puppy Linux? Very Happy


Maybe that is Pussy Linux Smile
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
Back to top
View user's profile Send private message
Ombra



Joined: Sat May 26, 2012 2:00 am
Posts: 20

PostPosted: Sun Jun 17, 2012 11:07 pm    Post subject: Reply with quote

nelz wrote:
Ombra wrote:
The point being whatever you want to call these bits & pieces of code (or whatever) they are in the kernel. Secondly, whether you view them as harmless or not, I'd like to find a list of them so I can eradicate them (once I learn how).


They are in the kernel source, because the kernel also runs on many embedded systems that require such controls. That does not mean the code is enabled in kernels supplied with distros.

If you want to make sure your kernel contains none of the features you dislike, compile your own.

Incidentally, the only references to Trusted Gentoo that Google turned up for me was a 7+ year old announcement of a project to use TCP with Gentoo, no mention since and no mention of DRM anywhere.


'Trusted Gentoo' (along with 'Knoppix 5.1.1 for Trusted Computing', and several others I did not bother to note down) was mentioned on some site as being riff with DRM...er, I mean loaded up with wonderful Trusted Computing features! I obviously did not pursue it.

"That does not mean the code is enabled in kernels supplied with distros."
From your wording, I assume it means that the code may or may not be enabled in kernels, and if this is correct, the obvious question would be how to avoid those having the code enabled (although this would only be a stop-gap solution to buy time). So far as I know, anything enabled can be disabled, anything disabled can be enabled, and its only a matter of time before someone finds out how to re-enable such disabled crud remotely...so the only sure thing is not to have this code at all, which brings us to:
If you want to make sure your kernel contains none of the features you dislike, compile your own."
Far easier for you to say than for a newbie to do, but this was exactly my conclusion, and the reason for this posting from the start. So lets forget the pro/anti DRM debate, and focus on the nitty-gritty of how I can get a DRM-free kernel and OS. If this was XP Pro, the process would go something like this:
1. Find list detailing the exact file names and locations of all the Trusted Computing junk targeted for erasure. I assume its the same for Linux, except one must do this for both kernel & OS (distro).
2. Find out exactly how to delete the targets. In XP Pro, its a two-part process. XPLite or nLite can be used to do custom-install, sans most of Lil Billie's well-hidden crud. Other software can be used to terminate any crapola that survived the pre-installation process. So how about with Linux?
Educate me...I need all the help and advice possible on this.
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3422
Location: Birmingham, UK

PostPosted: Sun Jun 17, 2012 11:40 pm    Post subject: Reply with quote

Sorry, but you just don't understand the idea of open-source do you?
Unlike the Windows closed-source kernel, where you have no way of knowing what is compiled in, with Linux anyone can recompile a kernel,and choose which parts to include or exclude.
Compiling your own kernel is not terribly difficult, and there is loads of documentation on the net.The kernel modules are not enabled or disabled, they are added at compile time or they are not added at compile time. some modules can be dynamically loaded when required, but not without the user's knowledge.
That said, it is largely unnecessary. Linux Distros are generally not produced by large companies with DRM concerns, they are produced by open communities mainly composed of volunteers.

The Intel TXT driver is implemented as an option in RedHat, and I expect in Oracle and Suse, and possibly Ubuntu business remix (all corporate distros) But that is because their corporate customers demand it.
I would be surprised if anyone bothered to install it (or any other DRM driver) in a free desktop distro.

Note that it is impossible to totally disable or remove DRM from Windows. It is built in to the (undocumented) Kernel at a very low level, all you can do is delete external programs which use it.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************


Last edited by wyliecoyoteuk on Sun Jun 17, 2012 11:50 pm; edited 1 time in total
Back to top
View user's profile Send private message
Ram
LXF regular


Joined: Thu Apr 07, 2005 10:44 pm
Posts: 1658
Location: Guisborough

PostPosted: Sun Jun 17, 2012 11:50 pm    Post subject: Reply with quote

wyliecoyoteuk wrote:


Note that it is impossible to totally remove DRM from Windows, it is built in to the Kernel at a very low level.


You beat me to that one...
_________________

lubuntu LXDE 13.10 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....
Back to top
View user's profile Send private message MSN Messenger
Rhakios
Moderator


Joined: Thu Apr 07, 2005 12:18 am
Posts: 7602
Location: Midlands, UK

PostPosted: Sun Jun 17, 2012 11:58 pm    Post subject: Reply with quote

If you want to know what's compiled into your chosen distro's kernel you need to go to boot and look at the config file, such as:

Code:

rhakios@pythia:/boot$ ls -l
total 67828
-rw-r--r-- 1 root root   791023 Apr 11 01:26 abi-3.2.0-23-generic
-rw-r--r-- 1 root root   791075 May 21 21:37 abi-3.2.0-24-generic
-rw-r--r-- 1 root root   791132 May 24 01:13 abi-3.2.0-25-generic
-rw-r--r-- 1 root root   140279 Apr 11 01:26 config-3.2.0-23-generic
-rw-r--r-- 1 root root   140341 May 21 21:37 config-3.2.0-24-generic
-rw-r--r-- 1 root root   140407 May 24 01:13 config-3.2.0-25-generic
drwxr-xr-x 3 root root    12288 Jun 13 17:53 grub
-rw-r--r-- 1 root root 14179793 Jun 12 18:57 initrd.img-3.2.0-23-generic
-rw-r--r-- 1 root root 14183435 Jun 12 19:50 initrd.img-3.2.0-24-generic
-rw-r--r-- 1 root root 14184503 Jun 13 17:53 initrd.img-3.2.0-25-generic
-rw-r--r-- 1 root root   176764 Nov 27  2011 memtest86+.bin
-rw-r--r-- 1 root root   178944 Nov 27  2011 memtest86+_multiboot.bin
-rw------- 1 root root  2884358 Apr 11 01:26 System.map-3.2.0-23-generic
-rw------- 1 root root  2884673 May 21 21:37 System.map-3.2.0-24-generic
-rw------- 1 root root  2886695 May 24 01:13 System.map-3.2.0-25-generic
-rw-r--r-- 1 root root  4965840 Apr 25 17:11 vmlinuz-3.2.0-23-generic
-rw------- 1 root root  4965968 May 21 21:37 vmlinuz-3.2.0-24-generic
-rw------- 1 root root  4969488 May 24 01:13 vmlinuz-3.2.0-25-generic


You can either load the config-x-y-z file into a text editor or grep for specific options if you prefer, e.g.

Code:

rhakios@pythia:/boot$ cat config-3.2.0-25-generic | grep -i intel
CONFIG_HAVE_INTEL_TXT=y
CONFIG_CPU_SUP_INTEL=y
CONFIG_X86_MCE_INTEL=y
CONFIG_MICROCODE_INTEL=y
CONFIG_INTEL_IDLE=y
CONFIG_MTD_CFI_INTELEXT=m
CONFIG_MTD_INTEL_VR_NOR=m
CONFIG_INTEL_MID_PTI=m
CONFIG_NET_VENDOR_INTEL=y
CONFIG_MOXA_INTELLIO=m
CONFIG_HW_RANDOM_INTEL=m
CONFIG_I2C_INTEL_MID=m
CONFIG_AGP_INTEL=y
CONFIG_FB_INTEL=m
# CONFIG_FB_INTEL_DEBUG is not set
CONFIG_FB_INTEL_I2C=y
CONFIG_SND_HDA_INTEL=m
CONFIG_SND_INTEL8X0=m
CONFIG_SND_INTEL8X0M=m
CONFIG_LEDS_INTEL_SS4200=m
CONFIG_INTEL_MID_DMAC=m
CONFIG_INTEL_IOATDMA=m
CONFIG_INTEL_MEI=m
CONFIG_INTEL_MENLOW=m
CONFIG_INTEL_IPS=m
CONFIG_INTEL_OAKTRAIL=m
CONFIG_INTEL_IOMMU=y
# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
CONFIG_INTEL_TXT=y
CONFIG_CRYPTO_CRC32C_INTEL=y
CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
CONFIG_CRYPTO_AES_NI_INTEL=m
CONFIG_KVM_INTEL=m


This shows which options are compiled into the kernel, which are loadable modules and which have not been compiled in at all (but which would be available should you choose to compile your own kernel from source).
_________________
Bye, Rhakios
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8364
Location: Warrington, UK

PostPosted: Mon Jun 18, 2012 1:47 am    Post subject: Reply with quote

Ombra wrote:
'Trusted Gentoo' (along with 'Knoppix 5.1.1 for Trusted Computing', and several others I did not bother to note down) was mentioned on some site as being riff with DRM...er, I mean loaded up with wonderful Trusted Computing features!


Both of these are ancient. While Knoppix 5.1.1 did exist back in the mists of time, I don't think Trusted Gentoo ever got past the initial announcement.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3422
Location: Birmingham, UK

PostPosted: Mon Jun 18, 2012 8:39 pm    Post subject: Reply with quote

On a side note, isn't it interesting how little attention people seem to pay to the date on webpages and blogs etc?
(and it is actually quite difficult to find the date on some of them).
Many of the search results, especially for obscure stuff can often be many years old, and have lost most if not all of their relevance.
I am as bad as anyone, but recently I have started adding "2012" or "2011" to my searches, just to try and filter out the huge mass of ageing data.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
Back to top
View user's profile Send private message
Ombra



Joined: Sat May 26, 2012 2:00 am
Posts: 20

PostPosted: Mon Jun 18, 2012 9:54 pm    Post subject: Now we're getting somewhere! Reply with quote

Rhakios wrote:
If you want to know what's compiled into your chosen distro's kernel you need to go to boot and look at the config file, such as:

Code:

rhakios@pythia:/boot$ ls -l
total 67828
-rw-r--r-- 1 root root   791023 Apr 11 01:26 abi-3.2.0-23-generic
-rw-r--r-- 1 root root   791075 May 21 21:37 abi-3.2.0-24-generic
-rw-r--r-- 1 root root   791132 May 24 01:13 abi-3.2.0-25-generic
-rw-r--r-- 1 root root   140279 Apr 11 01:26 config-3.2.0-23-generic
-rw-r--r-- 1 root root   140341 May 21 21:37 config-3.2.0-24-generic
-rw-r--r-- 1 root root   140407 May 24 01:13 config-3.2.0-25-generic
drwxr-xr-x 3 root root    12288 Jun 13 17:53 grub
-rw-r--r-- 1 root root 14179793 Jun 12 18:57 initrd.img-3.2.0-23-generic
-rw-r--r-- 1 root root 14183435 Jun 12 19:50 initrd.img-3.2.0-24-generic
-rw-r--r-- 1 root root 14184503 Jun 13 17:53 initrd.img-3.2.0-25-generic
-rw-r--r-- 1 root root   176764 Nov 27  2011 memtest86+.bin
-rw-r--r-- 1 root root   178944 Nov 27  2011 memtest86+_multiboot.bin
-rw------- 1 root root  2884358 Apr 11 01:26 System.map-3.2.0-23-generic
-rw------- 1 root root  2884673 May 21 21:37 System.map-3.2.0-24-generic
-rw------- 1 root root  2886695 May 24 01:13 System.map-3.2.0-25-generic
-rw-r--r-- 1 root root  4965840 Apr 25 17:11 vmlinuz-3.2.0-23-generic
-rw------- 1 root root  4965968 May 21 21:37 vmlinuz-3.2.0-24-generic
-rw------- 1 root root  4969488 May 24 01:13 vmlinuz-3.2.0-25-generic


You can either load the config-x-y-z file into a text editor or grep for specific options if you prefer, e.g.

Code:

rhakios@pythia:/boot$ cat config-3.2.0-25-generic | grep -i intel
CONFIG_HAVE_INTEL_TXT=y
CONFIG_CPU_SUP_INTEL=y
CONFIG_X86_MCE_INTEL=y
CONFIG_MICROCODE_INTEL=y
CONFIG_INTEL_IDLE=y
CONFIG_MTD_CFI_INTELEXT=m
CONFIG_MTD_INTEL_VR_NOR=m
CONFIG_INTEL_MID_PTI=m
CONFIG_NET_VENDOR_INTEL=y
CONFIG_MOXA_INTELLIO=m
CONFIG_HW_RANDOM_INTEL=m
CONFIG_I2C_INTEL_MID=m
CONFIG_AGP_INTEL=y
CONFIG_FB_INTEL=m
# CONFIG_FB_INTEL_DEBUG is not set
CONFIG_FB_INTEL_I2C=y
CONFIG_SND_HDA_INTEL=m
CONFIG_SND_INTEL8X0=m
CONFIG_SND_INTEL8X0M=m
CONFIG_LEDS_INTEL_SS4200=m
CONFIG_INTEL_MID_DMAC=m
CONFIG_INTEL_IOATDMA=m
CONFIG_INTEL_MEI=m
CONFIG_INTEL_MENLOW=m
CONFIG_INTEL_IPS=m
CONFIG_INTEL_OAKTRAIL=m
CONFIG_INTEL_IOMMU=y
# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
CONFIG_INTEL_TXT=y
CONFIG_CRYPTO_CRC32C_INTEL=y
CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
CONFIG_CRYPTO_AES_NI_INTEL=m
CONFIG_KVM_INTEL=m


This shows which options are compiled into the kernel, which are loadable modules and which have not been compiled in at all (but which would be available should you choose to compile your own kernel from source).


Don't grasp everything here, but hopefully between the two kernel-focused books I got, and google searches, I can figure it out. I assume the last part is not all the stuff I will need to erase, but it does look like a major chunk. Thanks!
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Linux Format forums Forum Index -> Help! All times are GMT
Goto page Previous  1, 2, 3, 4, 5  Next
Page 2 of 5

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast