Re: [coreboot] coreboot binary policy

[Stefan Reinauer]

* Alex Gagniuc  [151030 18:59]:
> On Fri, Oct 30, 2015 at 9:03 AM, Marc Jones  wrote:
> > It might be a good idea, but that might be too limiting
> 
> I think historically, it has been assumed that everything in blobs is
> open up for RE and modification. There are plenty of examples of
> people reverse-engineering stuff in blobs, and also modifying the blob
> itself [1]. First and foremost, we should protect the project, and
> with that, our contributors.

Alex, I think this is a great suggestion, but as I have explained to you
in person before, from a perspective of reaching a legal agreement this
is almost equivalent (if not more effort) than working on an agreement
to open source that code to begin with. The coreboot project's objective 
is not to reimplement what other people have done, but to change the
industry to create more open computing devices.

That said, if you want to drive an example terms of use with your
employer that fulfills your advanced criteria, you are more than welcome
to do so, and I believe it would serve as a role model in the silicon
industry.

I am happy to help with such an arrangement, and would be even happier
if we could just open source the code in question. But we can take this
offline.

> We can have a process where we might grant exceptions from these
> (proposed) rules to certain non-ISA blobs. For example, we might
> exempt microcode on the basis that (we believe) It's impractical to
> RE, and keeping that avenue open is not of any particular value.

Reverse engineering is impractical in all cases. Specifically this
document is focussing on what BLOBs we can ship in the 3rdparty/blobs
directory, not generally which BLOBs are allowed in coreboot.

In terms of many blobs (like FSP, hint hint), we are not even at the
point where we can redistribute them in 3rdparty/blobs yet. Adding
additional restrictions would, if anything, change nothing at all
(except that our users will have to get their own collection of BLOBs if
they want to participate).

> We can grandfather in existing blobs, or we can have a process where
> we keep them for a while (a year?) while we try to work out
> appropriate licensing terms with the power-that-be of said blob.

I would like to get the existing BLOBs into 3rdparty/blobs first before
we talk about removing them in a year (e.g. FSP, hint hint).

All the best,
Stefan


-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] coreboot binary policy

[Alex G.]

On 10/29/2015 09:48 AM, Marc Jones wrote:
> Hello coreboot,

Hi Marc

> Please limit comments to specific items in this version. If you have
> additions for the next version (if needed), the draft document is open
> for comment.
> 
> https://docs.google.com/document/d/1wMdDUAZR2Z9V7hcs3IhIOqw6sYQxb3vPEmbITTCrOwU/edit?usp=sharing

That looks pretty good. I think you've done a great job of clarifying
the requirements of ISA vs non-ISA blobs compared to the last version.
I've made some comments on it to ask for clarification about the
versioning requirements.

While not necessarily specific to this version, are we still considering
forbidding "no-reverse engineering" and "no-modification" clauses for blobs?

Alex

-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] coreboot binary policy

[Marc Jones]

On Fri, Oct 30, 2015 at 9:44 AM Alex G.  wrote:

> On 10/29/2015 09:48 AM, Marc Jones wrote:
> > Hello coreboot,
>
> Hi Marc
>
> > Please limit comments to specific items in this version. If you have
> > additions for the next version (if needed), the draft document is open
> > for comment.
> >
> >
> https://docs.google.com/document/d/1wMdDUAZR2Z9V7hcs3IhIOqw6sYQxb3vPEmbITTCrOwU/edit?usp=sharing
>
> That looks pretty good. I think you've done a great job of clarifying
> the requirements of ISA vs non-ISA blobs compared to the last version.
> I've made some comments on it to ask for clarification about the
> versioning requirements.
>
> While not necessarily specific to this version, are we still considering
> forbidding "no-reverse engineering" and "no-modification" clauses for
> blobs?
>
>
Thanks, I think it is all open for discussion and could go in the next
version. It might be a good idea, but that might be too limiting and we
would have to remove all blobs and they would be hosted somewhere else,
which defeates the utility of the blobs dir. We would like intel to push to
blobs/ but I think that would be a huge blocker for them.

Marc


> Alex
>
-- 
http://marcjonesconsulting.com
-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] coreboot binary policy

[Timothy Pearson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/30/2015 10:44 AM, Alex G. wrote:
> On 10/29/2015 09:48 AM, Marc Jones wrote:
>> Hello coreboot,
> 
> Hi Marc
> 
>> Please limit comments to specific items in this version. If you have
>> additions for the next version (if needed), the draft document is open
>> for comment.
>>
>> https://docs.google.com/document/d/1wMdDUAZR2Z9V7hcs3IhIOqw6sYQxb3vPEmbITTCrOwU/edit?usp=sharing
> 
> That looks pretty good. I think you've done a great job of clarifying
> the requirements of ISA vs non-ISA blobs compared to the last version.
> I've made some comments on it to ask for clarification about the
> versioning requirements.
> 
> While not necessarily specific to this version, are we still considering
> forbidding "no-reverse engineering" and "no-modification" clauses for blobs?
> 
> Alex
> 

No modification will be enforced by the hardware very quickly for
critical blobs (it already is on x86); additionally, certain countries
like the United States expressly prohibit modification of copyrighted
software.

The reverse engineering case is also fairly murky in the United States
at least; while prohibiting a "no-reverse engineering" clause is a good
start theoretically, I don't know if it will actually gain the project
anything in reality due to existing law and case precedent.

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
http://www.raptorengineeringinc.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJWM5SzAAoJEK+E3vEXDOFbQYQIAJ7doLqNmG1aVDNLwQRyX92U
uNa3Hp++AgA3gUuHU77K+zOFTms7bbSRl9fs0Wb4crABK3B7AKkLJF6kgmgHNdkU
6edxW/bR8pkV+DkFQ7X4DtkwU+13N/agFLXT0lmChGor5fEYDNSY2I0CG8YTPyXr
/5XuyKnPqyqaHM/fzhONaR9yCmn4ftk2mdm+YJPe+veTG/eWrtllFrx501ql1KFg
ECwKTU03EYnc+2qGJF+9zm7inSTEuTOZzLE0MFD/gtfitkcf4MW7WNVYh8YqU/OK
Xq6TalKBL5vywoOW1FIKICvYHoWZAApnLZ9p+jmTRM7a0IZwijfeE/iNVzbkvp4=
=JalF
-END PGP SIGNATURE-

-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] coreboot binary policy

[David Hendricks]

On Fri, Oct 30, 2015 at 9:03 AM, Marc Jones  wrote:

>
> On Fri, Oct 30, 2015 at 9:44 AM Alex G.  wrote:
>
>> On 10/29/2015 09:48 AM, Marc Jones wrote:
>> > Hello coreboot,
>>
>> Hi Marc
>>
>> > Please limit comments to specific items in this version. If you have
>> > additions for the next version (if needed), the draft document is open
>> > for comment.
>> >
>> >
>> https://docs.google.com/document/d/1wMdDUAZR2Z9V7hcs3IhIOqw6sYQxb3vPEmbITTCrOwU/edit?usp=sharing
>>
>> That looks pretty good. I think you've done a great job of clarifying
>> the requirements of ISA vs non-ISA blobs compared to the last version.
>> I've made some comments on it to ask for clarification about the
>> versioning requirements.
>>
>> While not necessarily specific to this version, are we still considering
>> forbidding "no-reverse engineering" and "no-modification" clauses for
>> blobs?
>>
>>
> Thanks, I think it is all open for discussion and could go in the next
> version. It might be a good idea, but that might be too limiting and we
> would have to remove all blobs and they would be hosted somewhere else,
> which defeates the utility of the blobs dir. We would like intel to push to
> blobs/ but I think that would be a huge blocker for them.
>

+1. It's tough enough for us to get rid of a few lines of GPL boilerplate.
Getting companies to significantly change their boilerplate licensing for
blobs will be a blocker.

Just treat them as we always have.

-- 
David Hendricks (dhendrix)
Systems Software Engineer, Google Inc.
-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] coreboot binary policy

[Alex Gagniuc]

On Fri, Oct 30, 2015 at 9:03 AM, Marc Jones  wrote:
> It might be a good idea, but that might be too limiting

I think historically, it has been assumed that everything in blobs is
open up for RE and modification. There are plenty of examples of
people reverse-engineering stuff in blobs, and also modifying the blob
itself [1]. First and foremost, we should protect the project, and
with that, our contributors.

We can have a process where we might grant exceptions from these
(proposed) rules to certain non-ISA blobs. For example, we might
exempt microcode on the basis that (we believe) It's impractical to
RE, and keeping that avenue open is not of any particular value.

> and we would have to remove all blobs and they would be hosted somewhere else

We can grandfather in existing blobs, or we can have a process where
we keep them for a while (a year?) while we try to work out
appropriate licensing terms with the power-that-be of said blob.

[1] http://review.coreboot.org/4605

Alex

-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot

Re: [coreboot] coreboot binary policy

[ron minnich]

On Fri, Oct 30, 2015 at 10:59 AM Alex Gagniuc  wrote:

>
> I think historically, it has been assumed that everything in blobs is
> open up for RE and modification.
>

History? What? Only if your timeline is really short. We first started
doing the blobs support in 2001 for graphics. We NEVER held it that we had
a right to RE and modify nvidia blobs. We certainly never RE'ed the
firmware we were trying to replace.

ron
-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot

[coreboot] coreboot binary policy

[Marc Jones]

Hello coreboot,

As presented and discussed in Bonn, the binary policy is up for review.
http://review.coreboot.org/#/c/12198/

Please limit comments to specific items in this version. If you have
additions for the next version (if needed), the draft document is open for
comment.

https://docs.google.com/document/d/1wMdDUAZR2Z9V7hcs3IhIOqw6sYQxb3vPEmbITTCrOwU/edit?usp=sharing

Regards,
Marc



-- 
http://marcjonesconsulting.com
-- 
coreboot mailing list: coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot