Re: [coreboot] coreboot binary policy
* Alex Gagniuc [151030 18:59]: > On Fri, Oct 30, 2015 at 9:03 AM, Marc Jones wrote: > > It might be a good idea, but that might be too limiting > > I think historically, it has been assumed that everything in blobs is > open up for RE and modification. There are plenty of examples of > people reverse-engineering stuff in blobs, and also modifying the blob > itself [1]. First and foremost, we should protect the project, and > with that, our contributors. Alex, I think this is a great suggestion, but as I have explained to you in person before, from a perspective of reaching a legal agreement this is almost equivalent (if not more effort) than working on an agreement to open source that code to begin with. The coreboot project's objective is not to reimplement what other people have done, but to change the industry to create more open computing devices. That said, if you want to drive an example terms of use with your employer that fulfills your advanced criteria, you are more than welcome to do so, and I believe it would serve as a role model in the silicon industry. I am happy to help with such an arrangement, and would be even happier if we could just open source the code in question. But we can take this offline. > We can have a process where we might grant exceptions from these > (proposed) rules to certain non-ISA blobs. For example, we might > exempt microcode on the basis that (we believe) It's impractical to > RE, and keeping that avenue open is not of any particular value. Reverse engineering is impractical in all cases. Specifically this document is focussing on what BLOBs we can ship in the 3rdparty/blobs directory, not generally which BLOBs are allowed in coreboot. In terms of many blobs (like FSP, hint hint), we are not even at the point where we can redistribute them in 3rdparty/blobs yet. Adding additional restrictions would, if anything, change nothing at all (except that our users will have to get their own collection of BLOBs if they want to participate). > We can grandfather in existing blobs, or we can have a process where > we keep them for a while (a year?) while we try to work out > appropriate licensing terms with the power-that-be of said blob. I would like to get the existing BLOBs into 3rdparty/blobs first before we talk about removing them in a year (e.g. FSP, hint hint). All the best, Stefan -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] coreboot binary policy
On Fri, Oct 30, 2015 at 9:03 AM, Marc Jones wrote: > > On Fri, Oct 30, 2015 at 9:44 AM Alex G. wrote: > >> On 10/29/2015 09:48 AM, Marc Jones wrote: >> > Hello coreboot, >> >> Hi Marc >> >> > Please limit comments to specific items in this version. If you have >> > additions for the next version (if needed), the draft document is open >> > for comment. >> > >> > >> https://docs.google.com/document/d/1wMdDUAZR2Z9V7hcs3IhIOqw6sYQxb3vPEmbITTCrOwU/edit?usp=sharing >> >> That looks pretty good. I think you've done a great job of clarifying >> the requirements of ISA vs non-ISA blobs compared to the last version. >> I've made some comments on it to ask for clarification about the >> versioning requirements. >> >> While not necessarily specific to this version, are we still considering >> forbidding "no-reverse engineering" and "no-modification" clauses for >> blobs? >> >> > Thanks, I think it is all open for discussion and could go in the next > version. It might be a good idea, but that might be too limiting and we > would have to remove all blobs and they would be hosted somewhere else, > which defeates the utility of the blobs dir. We would like intel to push to > blobs/ but I think that would be a huge blocker for them. > +1. It's tough enough for us to get rid of a few lines of GPL boilerplate. Getting companies to significantly change their boilerplate licensing for blobs will be a blocker. Just treat them as we always have. -- David Hendricks (dhendrix) Systems Software Engineer, Google Inc. -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] coreboot binary policy
On Fri, Oct 30, 2015 at 10:59 AM Alex Gagniuc wrote: > > I think historically, it has been assumed that everything in blobs is > open up for RE and modification. > History? What? Only if your timeline is really short. We first started doing the blobs support in 2001 for graphics. We NEVER held it that we had a right to RE and modify nvidia blobs. We certainly never RE'ed the firmware we were trying to replace. ron -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] coreboot binary policy
On Fri, Oct 30, 2015 at 9:03 AM, Marc Jones wrote: > It might be a good idea, but that might be too limiting I think historically, it has been assumed that everything in blobs is open up for RE and modification. There are plenty of examples of people reverse-engineering stuff in blobs, and also modifying the blob itself [1]. First and foremost, we should protect the project, and with that, our contributors. We can have a process where we might grant exceptions from these (proposed) rules to certain non-ISA blobs. For example, we might exempt microcode on the basis that (we believe) It's impractical to RE, and keeping that avenue open is not of any particular value. > and we would have to remove all blobs and they would be hosted somewhere else We can grandfather in existing blobs, or we can have a process where we keep them for a while (a year?) while we try to work out appropriate licensing terms with the power-that-be of said blob. [1] http://review.coreboot.org/4605 Alex -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] coreboot binary policy
On Fri, Oct 30, 2015 at 9:44 AM Alex G. wrote: > On 10/29/2015 09:48 AM, Marc Jones wrote: > > Hello coreboot, > > Hi Marc > > > Please limit comments to specific items in this version. If you have > > additions for the next version (if needed), the draft document is open > > for comment. > > > > > https://docs.google.com/document/d/1wMdDUAZR2Z9V7hcs3IhIOqw6sYQxb3vPEmbITTCrOwU/edit?usp=sharing > > That looks pretty good. I think you've done a great job of clarifying > the requirements of ISA vs non-ISA blobs compared to the last version. > I've made some comments on it to ask for clarification about the > versioning requirements. > > While not necessarily specific to this version, are we still considering > forbidding "no-reverse engineering" and "no-modification" clauses for > blobs? > > Thanks, I think it is all open for discussion and could go in the next version. It might be a good idea, but that might be too limiting and we would have to remove all blobs and they would be hosted somewhere else, which defeates the utility of the blobs dir. We would like intel to push to blobs/ but I think that would be a huge blocker for them. Marc > Alex > -- http://marcjonesconsulting.com -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] coreboot binary policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/30/2015 10:44 AM, Alex G. wrote: > On 10/29/2015 09:48 AM, Marc Jones wrote: >> Hello coreboot, > > Hi Marc > >> Please limit comments to specific items in this version. If you have >> additions for the next version (if needed), the draft document is open >> for comment. >> >> https://docs.google.com/document/d/1wMdDUAZR2Z9V7hcs3IhIOqw6sYQxb3vPEmbITTCrOwU/edit?usp=sharing > > That looks pretty good. I think you've done a great job of clarifying > the requirements of ISA vs non-ISA blobs compared to the last version. > I've made some comments on it to ask for clarification about the > versioning requirements. > > While not necessarily specific to this version, are we still considering > forbidding "no-reverse engineering" and "no-modification" clauses for blobs? > > Alex > No modification will be enforced by the hardware very quickly for critical blobs (it already is on x86); additionally, certain countries like the United States expressly prohibit modification of copyrighted software. The reverse engineering case is also fairly murky in the United States at least; while prohibiting a "no-reverse engineering" clause is a good start theoretically, I don't know if it will actually gain the project anything in reality due to existing law and case precedent. - -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) http://www.raptorengineeringinc.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJWM5SzAAoJEK+E3vEXDOFbQYQIAJ7doLqNmG1aVDNLwQRyX92U uNa3Hp++AgA3gUuHU77K+zOFTms7bbSRl9fs0Wb4crABK3B7AKkLJF6kgmgHNdkU 6edxW/bR8pkV+DkFQ7X4DtkwU+13N/agFLXT0lmChGor5fEYDNSY2I0CG8YTPyXr /5XuyKnPqyqaHM/fzhONaR9yCmn4ftk2mdm+YJPe+veTG/eWrtllFrx501ql1KFg ECwKTU03EYnc+2qGJF+9zm7inSTEuTOZzLE0MFD/gtfitkcf4MW7WNVYh8YqU/OK Xq6TalKBL5vywoOW1FIKICvYHoWZAApnLZ9p+jmTRM7a0IZwijfeE/iNVzbkvp4= =JalF -END PGP SIGNATURE- -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot
Re: [coreboot] coreboot binary policy
On 10/29/2015 09:48 AM, Marc Jones wrote: > Hello coreboot, Hi Marc > Please limit comments to specific items in this version. If you have > additions for the next version (if needed), the draft document is open > for comment. > > https://docs.google.com/document/d/1wMdDUAZR2Z9V7hcs3IhIOqw6sYQxb3vPEmbITTCrOwU/edit?usp=sharing That looks pretty good. I think you've done a great job of clarifying the requirements of ISA vs non-ISA blobs compared to the last version. I've made some comments on it to ask for clarification about the versioning requirements. While not necessarily specific to this version, are we still considering forbidding "no-reverse engineering" and "no-modification" clauses for blobs? Alex -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot