From http://fsfe.org/en/fellows/ciaran/ciaran_s_free_software_notes/gplv3_embedded_in_devices
>>Do we have any evidence that current medical devices use tivoisation?
But that's a side point. To answer the question directly, again the device manufacturer can use unmodifiable memory. Memory can be made unmodifiable by putting it into a ROM chip, but for medical devices, there is also the possibility of putting a lock on the box, and/or put the box in an area not accessible to non-certified people. I suspect that this is already the case and that even doctors and hospital IT departments do not have access to the firmware of X-ray machines etc. <<
I agree. I've worked on an ECG monitor / defibrillator / external pacer before. That's a pretty serious machine, 3 CPUs, 2000 volts inside, hard real time, you can kill if you screw up, and you can kill if you don't do the right thing (albeit, if they're fibrillating they are dead (no pulse) anyway (and will be permenantly dead in a few minutes if you don't shock them).
Anyway, there is all kinds of checking going on. The firmware checks its SRAM copy, the FLASH ROM copy it came from, versions of various modules, various magic numbers used during uploading, etc. AND part of the rules for using it are that a qualified tech test it every morning.
That being said, they put a chip into the battery so you had to buy our $200 batteries. Although this is sleazy when eg a printer company does this with ink, for a medical device, its valid, because you have only qualified your device with your own batteries. If you guarantee you can charge to 200 J in 5 seconds with your own battery, that is not the same as guaranteeing you can do that with any knock-off battery.
Also, devices had unique serial numbers added in manufacturing.
But even more, who the hell is going to want to use a grey-market medical device? "Got lawyers?"
But back to GPL licenses and medical. There are plenty of ways to Tivoize (make inoperable if changed) something, I agree. In a medical context, they are related to making sure you're not running corrupted firmware. Cosmic rays DO happen.
BTW, funny that you mention x-ray machines. Look up Therac-25 and software safety. Sometimes mechanical interlocks are better than software.
