Tivoization is the name the Free Software Foundation gave to a specific evasion of free software’s promise: a device that contains software covered by the GNU General Public License, and that complies with the license by shipping its source code, but that is engineered to refuse to run any version of that software the user modifies. The term comes from TiVo, the digital video recorder whose system was built on GPL-covered code, including the Linux kernel. TiVo dutifully published its source, satisfying the letter of the GNU GPL version 2, yet the hardware checked the software’s cryptographic signature and would not boot a modified build. A user could read and change the code, but the changed code would never run on the device it came from.
The FSF treated this as a defeat of the license’s purpose rather than a clever edge case. As the GNU project’s explanation of tivoization puts it, such “appliances” shut down if they detect modified software because the binary must be signed by the manufacturer in order to run at all or to use crucial hardware. The freedom to study and change a program is hollow if you can never actually execute your changed version on your own equipment. In the FSF’s framing, the manufacturer takes advantage of the freedom that free software provides while denying that same freedom to the user, who is left able to “beg or threaten someone else who decides for you” rather than controlling the device themselves.
When version 3 of the GNU GPL was released on June 29, 2007, it added terms designed specifically to stop this. The mechanism is the requirement to supply “Installation Information”: when GPLv3-covered software is conveyed inside what the license calls a “User Product,” the distributor must provide whatever information or data is necessary to install a modified version and have it run. As the Quick Guide to GPLv3 describes, this may be as simple as a set of instructions, or it may include cryptographic signing keys or details of how to satisfy an integrity check in the hardware. The point is that the user must be able to install and run their own modified build on the device, not merely read the source.
The anti-tivoization rule is deliberately scoped. It applies to “User Products” - things whose use by ordinary consumers is to be expected, even occasionally - and not to equipment meant almost exclusively for businesses and organizations, where lock-down may be a contractual or regulatory necessity. This boundary was one of the most debated parts of the GPLv3 drafting process, because it tries to protect individual users without forcing every embedded medical device or industrial controller to accept arbitrary firmware. The compromise reflects the FSF’s reading of where the danger to user freedom actually lies.
Tivoization sits at the intersection of copyleft, DRM, and hardware control, and it is the clearest practical example of why the free software movement cares about more than source availability. It also marked a divergence within the broader community: the Linux kernel project chose to remain on GPLv2 and never adopted the anti-tivoization terms, partly because some contributors viewed restricting how hardware makers use signed boot as outside the proper scope of a software license. As a result, much consumer hardware running Linux remains tivoized to this day, making the concept both a historical milestone in licensing and an ongoing live disagreement.