On 15:36-20240716, Tom Rini wrote: [...] > > > > Distributing the closed source binaries and U-Boot in separate packages > > > > according to their respective licenses and only assemble them on the > > > > target > > > > device via a post-installation script might be allowable. > > > > > > For this project the question is making sure that the binaries are > > > licensed such that they could be externally redistributable. > > > > > > I don't know why someone would suggest that ABI calls are suddenly > > > linkage as I thought that (as far as these matters go) that was already > > > settled, but I am not a lawyer. > > > > The relevant term in the GPL 2.0 license is "work based on the Program". > > According to the GPL a "work based on the Program" is "a work containing the > > Program or a portion of it". > > > > If you build a binary via binman that contains U-Boot and another binary, > > the resulting binary could be considered "a work containing the Program or a > > portion of it". > > > > The GPL 2.0 requires: > > > > "But when you distribute the same sections as part of a whole which is a > > work based on the Program, the distribution of the whole must be on the > > terms of this License, whose permissions for other licensees extend to the > > entire whole, and thus to each and every part regardless of who wrote it." > > I'm not a lawyer and I don't pretend to be one on mailing lists, either. > > In that my non-lawyer statements matter, I don't think binman > constitutes some new form of linking and I believe it falls in to the > same well known ABI exception. > > But that's entirely unrelated to the question of hosting binaries (some > of which may be closed source) for use in firmware projects, some of > which will not be GPL. For example, I would assume that running > tianocore on i.MX8 requires the same assorted binaries that U-Boot does, > and that would not have a license conflict.
Usual disclaimers (not a lawyer, not representing corporate policy.. etc): buildroot and yocto for example prebuild images for embedded systems and they have had to deal with closed firmwares in the past as well. Packaging binaries in a filesystem or some format (x509/fit) is essentially the same thing - anyways.. interesting thought there. PS: For folks interested: LPC accepted our proposal[1] in the security/boot MC and if folks could join in person or virtually, it would be great to lay this out and get the thoughts out and come to some direction here. [1] https://lpc.events/event/18/contributions/1815/ -- Regards, Nishanth Menon Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3 1A34 DDB5 849D 1736 249D
