Personal tools

TC and signed highscores

From GPLv3 Wiki

(Difference between revisions)

Revision as of 22:50, 17 November 2006

Suppose a programmer adds following features to a GPLv3 licensed game:

  1. Upon user request, generate a new keypair, and store private key using TC ("Trusted"/Tretcherous Computing) sealed storage so, that only that version of the game can read it (if the game is changed, user needs to generete a new keypair). Store the public key unencrypted.
  2. If a private key generated above is available and current highscorefile is signed with it, sign it whenever it is modified by the game. If private key is not available or higscorefile is not signed with it, modified highscorefile is left unsigned.
  3. Upon user request send the signed highscorefile and the public key to online server of user's choice, use TC remote attestation to verify the version of the game and sign a cryptographic challenge with the private key (to prove that the key that the game generated is same as the key used to sign the highscorefile).

With these features user can prove that he/she didn't cheat with the highscores (for example modified them with a hex editor).

Programmer is unable to distribute the key needed to fake the remote attestation / recover the private key stored by the game, because he/she doesn't have it. It is in the TPM (= "trusted platfor module") of the user's computer and no one can get it out of there (maybe with the ecxeption of the manufacturer of the TPM). And the programmer doesn't even know who might end up being a user of the game if it's for example placed on a public web site.

Which of the added features violate the current draft of GPLv3? Which of them should violate the GPL?

Even though this scerario is relatively innocent use of DRM-like technology, can it be allowed without also allowing more damaging uses of DRM? On the other hand, if it is disallowed, isn't it a restriction on what features a program can have?