From mboxrd@z Thu Jan 1 00:00:00 1970 From: Detlev Zundel Date: Thu, 25 Jun 2009 13:22:10 +0200 Subject: [U-Boot] U-book and GPLv3? (fwd) In-Reply-To: <200906241341.08275.vapier@gentoo.org> (Mike Frysinger's message of "Wed, 24 Jun 2009 13:41:06 -0400") References: <20090618145128.69F27832E416@gemini.denx.de> <12fb2e608911e671661778990f2f793e.squirrel@webmail.plus.net> <200906241341.08275.vapier@gentoo.org> Message-ID: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Mike, > On Wednesday 24 June 2009 12:45:38 Detlev Zundel wrote: >> > It is secure because only authenticated code is allowed to be >> > executed, thus another step to avoid piracy, hacking of conditional >> > access systems etc. >> >> Running only authenticated code does *not* ensure security, no matter >> how much this is wished for. >> >> But no matter, I now understand that "security" seems to mean "data can >> only be handled in the way intended by the owners of the data" which is >> a different concept to me. > > you ignored my simple straightforward example where both authenticity and > security is provided. cpu only loads signed u-boot -- authenticity. u-boot > only loads encrypted signed binaries -- security and authenticity. since the > binaries stay inside of the CPU, for all practical (and then some) purposes, > the decrypted binary will never be discovered from this system. Obviously we differ in what "security" means. Where I used security as an attribute of a communications channel which seems to be a popular interpretation in computer science, you interpret "security" to mean "not discoverable from outside the device". The latter interpretation is used in the DRM systems trying to rub off the good annotations of "security" onto those systems - but still it is not synonymous to "security" for me. So by definition, an authenticated, encrypted (and non-discoverable binary) can still use non-secure communications channels. Those things are orthogonal and actually I do not know why we argue about that anyway because it is beside the point of this thread. > and unless you're lumping data and code together under the term "data", that > part is also incorrect. Code is data for sure. Using higher level languages like e.g. Lisp, this should be extremely clear. Cheers Detlev -- Ich hoffe, Sie verzeihen mir meine Leidenschaft. Ich h?tte Ihnen Ihre auch gerne verziehen. -- Dieter Hildebrandt -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: dzu at denx.de