| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 May 2015 11:26:44 -0500 From: Rob Herring <robherring2@...il.com> To: Yann Droneaud <ydroneaud@...eya.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, licensing@....org Subject: Re: Device Tree Blob (DTB) licence On Fri, May 22, 2015 at 5:05 AM, Yann Droneaud <ydroneaud@...eya.com> wrote: > Hi, > > Le mardi 05 mai 2015 à 11:41 -0500, Rob Herring a écrit : >> On Tue, May 5, 2015 at 5:05 AM, Yann Droneaud <ydroneaud@...eya.com> >> wrote: >> > >> > I believe Device Tree Blob (.dtb file) built from kernel's Device >> > Tree >> > Sources (.dts, which #include .dtsi, which #include .h) using >> > Device >> > Tree Compiler (dtc) are covered by GNU General Public Licence v2 >> > (GPLv2), but cannot find any reference. >> >> By default yes, but we've been steering people to dual license them >> GPL/BSD. >> > > Can you give me the rationale behind such dual licenses requirement ? Ideally, dtb files are shipped with firmware separately from the OS. You should be able to run multiple OS's with that dtb. There is often desire or "requirements" to not have GPL code in firmware. > If a BSD .dts includes GPLv2 .h, the whole is covered by GPLv2, > so I cannot find a case where a BSD covered .dts file could be used > alone within BSD license rights. arch/powerpc/boot/dts >> > As most .dtsi in arch/arm/boot/dts/ are covered by GPLv2, and, >> > as most .h in include/dt-bindings/ are also covered by GPLv2, >> > the source code is likely covered by GPLv2. >> > >> > Then this source code is translated in a different language >> > (flattened >> > device tree), so the resulting translation is also likely covered >> > by >> > GPLv2. >> > >> > So, when I'm proposed to download a .dtb file from a random vendor, >> > can I require to get the associated source code ? >> >> I believe so yes. However, you already have the "source" for the most >> part. Just run "dtc -I dtb -O dts <dtb file>". You loose the >> preprocessing and include structure though (not necessarily a bad >> thing IMO). >> >> Then the question is what is the license on that generated dts! >> > > That's also a good question. > > Is this a form a "reverse engineering" with all the legalese burden ? I am not a lawyer. > Anyway without a clear information attached to the DTB, it's difficult > to tell which licence cover the "decompiled" version. > >> > Anyway, for a .dtb file generated from kernel sources, it's rather >> > painful to look after all .dts, .dtsi, .h, to find what kind of >> > licences are applicables, as some are covered by BSD, dual licensed >> > (any combination of X11, MIT, BSD, GPLv2). >> >> I imagine the includes cause some licensing discrepancies if you dug >> into it. >> > > It's a pity, and it's probably something to sort out. > > DTB files produced as part of kernel compilation should have a well > known license attached by default. It would be a lot of work to sort out. If people need non-GPL dts/dtb files then it is really their problem to sort out and audit their dts files. I mainly tell people to dual license so they (and their company) think about the issue. Rob -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists