Request for hosting a boot-firmware repository in u-boot git (denx and GitHub)

Nishanth Menon nm at ti.com
Wed Jul 17 14:11:47 CEST 2024 

On 15:36-20240716, Tom Rini wrote:
[...]

> > > > Distributing the closed source binaries and U-Boot in separate packages
> > > > according to their respective licenses and only assemble them on the target
> > > > device via a post-installation script might be allowable.
> > > 
> > > For this project the question is making sure that the binaries are
> > > licensed such that they could be externally redistributable.
> > > 
> > > I don't know why someone would suggest that ABI calls are suddenly
> > > linkage as I thought that (as far as these matters go) that was already
> > > settled, but I am not a lawyer.
> > 
> > The relevant term in the GPL 2.0 license is "work based on the Program".
> > According to the GPL a "work based on the Program" is "a work containing the
> > Program or a portion of it".
> > 
> > If you build a binary via binman that contains U-Boot and another binary,
> > the resulting binary could be considered "a work containing the Program or a
> > portion of it".
> > 
> > The GPL 2.0 requires:
> > 
> > "But when you distribute the same sections as part of a whole which is a
> > work based on the Program, the distribution of the whole must be on the
> > terms of this License, whose permissions for other licensees extend to the
> > entire whole, and thus to each and every part regardless of who wrote it."
> 
> I'm not a lawyer and I don't pretend to be one on mailing lists, either.
> 
> In that my non-lawyer statements matter, I don't think binman
> constitutes some new form of linking and I believe it falls in to the
> same well known ABI exception.
> 
> But that's entirely unrelated to the question of hosting binaries (some
> of which may be closed source) for use in firmware projects, some of
> which will not be GPL. For example, I would assume that running
> tianocore on i.MX8 requires the same assorted binaries that U-Boot does,
> and that would not have a license conflict.

Usual disclaimers (not a lawyer, not representing corporate policy..  etc):
buildroot and yocto for example prebuild images for embedded systems and
they have had to deal with closed firmwares in the past as well.
Packaging binaries in a filesystem or some format (x509/fit) is
essentially the same thing - anyways.. interesting thought there.


PS: For folks interested: LPC accepted our proposal[1] in the
security/boot MC and if folks could join in person or virtually, it
would be great to lay this out and get the thoughts out and come to some
direction here.

[1] https://lpc.events/event/18/contributions/1815/


-- 
Regards,
Nishanth Menon
Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3  1A34 DDB5 849D 1736 249D

More information about the U-Boot mailing list