Case 2 - Update and warranty (Update und Gewährleistung/Garantie)

A machine builder supplies along with the machine the following Open Source licensed software components in binary form:

1. Das U-Boot GPL-2.0
2. Linux kernel GPL-2.0
3. GNU C library LGPL-2.1
4. Busybox, GPL-2.0

The machine builder has participated in OSADL eG’s SIL2LinuxMP project and has obtained an SIL2 certificate for the machine from TÜV Rheinland.

The machine has a facility for loading software updates which also applies to the “Das U-Boot”, Busybox, Linux kernel and GNU C library. Android OTA (Over The Air) has been implemented in order to guarantee adequately secure protection against unauthorized software updates. This means that a successful update is only possible if a private software key, which is known only to the machine builder, is available when producing the software update. Calling upon the open source licenses used, a customer of the machine builder now asks to be given the software key. Does the machine builder have to comply with this wish?

Answer a)
(Please note that this and the following answers are only accessible when logged in as OSADL member.)

Let us assume that the machine builder actually has to issue the key, but the machine builder (to his horror) establishes that, by mistake, the machines do not have an individual key, and an identical key can be used for all products previously delivered. The machine builder now argues that the issue and possible disclosure of this key would lead to an irresponsible risk and accordingly refuses to issue this omnipotent key to the customer. Is this argument legitimate and the refusal therefore permissible?

Answer b)

Let us assume again that the machine builder actually has to issue the key. He, indeed, does so in this variant, as all machines can be unlocked by means of an individual key. However, the machine builder asks the customer to make the machine available to the manufacturer in his production facility at his own cost for the machine to be clearly and irreversibly marked as unusable and all services under the warranty are excluded. The customer does not agree to this and wants a) the machine builder to accept the shipping costs, and b) that at most only the components associated with the software update be excluded from the warranty. In the customer’s opinion, independent components, such as a safety window which is fitted under too high a stress and therefore breaks for example, must still be replaced free of charge for the duration of the agreed warranty period. Is he justified in hoping that the machine builder will agree to his demands?

Answer c)

Let us assume again that the machine builder actually has to issue the key, and again does indeed do so, as all machines can be unlocked by means of an individual key. In this variant, however, the machine builder comments in his own database that the machine has been unlocked so that this can be taken into account in later warranty requests. Following the software update, the machine cannot be differentiated from an original machine. The customer now uses the key which has been made available to him and installs his own Linux kernel. The customer has configured several methods in this kernel for the energy-efficient operation of the processor and is now pleased to have a reduced power bill. Unfortunately, in spite of this cost saving, a few months later, the customer's company went bust so the machine is sold by auction and has a new owner. The new owner contacts the manufacturer – within the agreed warranty period – on account of a control problem, but finds that he refuses to acknowledge that this comes under the warranty due to unauthorized updates carried out by the previous owner. The new owner now fears that, even if he succeeds in repairing the control problem, he may longer be allowed to operate the machine, as the SIL2 certificate may be invalid. Does he therefore have to accept that the machine will have to be switched off for ever, or have it restored to the original state by the machine builder at his own cost?

Answer d)

Case 1    Case 2   Case 3    Case 4    Case 5    

Best practices I                  Best practices II