* [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests @ 2022-03-15 13:33 Alexandru Elisei 2022-03-15 14:21 ` Thomas Huth 2022-03-15 15:25 ` Andrew Jones 0 siblings, 2 replies; 7+ messages in thread From: Alexandru Elisei @ 2022-03-15 13:33 UTC (permalink / raw) To: pbonzini, thuth, drjones, kvmarm, kvm; +Cc: suzuki.poulose, mark.rutland Hi, Arm is planning to upstream tests that are being developed as part of the Confidential Compute Architecture [1]. Some of the tests target the attestation part of creating and managing a confidential compute VM, which requires the manipulation of messages in the Concise Binary Object Representation (CBOR) format [2]. I would like to ask if it would be acceptable from a license perspective to include the QCBOR library [3] into kvm-unit-tests, which will be used for encoding and decoding of CBOR messages. The library is licensed under the 3-Clause BSD license, which is compatible with GPLv2 [4]. Some of the files that were created inside Qualcomm before the library was open-sourced have a slightly modified 3-Clause BSD license, where a NON-INFRINGMENT clause is added to the disclaimer: "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** ARE DISCLAIMED" (emphasis by me on the added clause). The files in question include the core files that implement the encode/decode functionality, and thus would have to be included in kvm-unit-tests. I believe that the above modification does not affect the compatibility with GPLv2. I would also like to mention that the QCBOR library is also used in Trusted Firmware-M [5], which is licensed under BSD 3-Clause. [1] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture [2] https://datatracker.ietf.org/doc/html/rfc8949 [3] https://github.com/laurencelundblade/QCBOR [4] https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses [5] https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/qcbor Thanks, Alex ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests 2022-03-15 13:33 [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests Alexandru Elisei @ 2022-03-15 14:21 ` Thomas Huth 2022-03-15 15:48 ` Alexandru Elisei 2022-03-15 15:25 ` Andrew Jones 1 sibling, 1 reply; 7+ messages in thread From: Thomas Huth @ 2022-03-15 14:21 UTC (permalink / raw) To: Alexandru Elisei, pbonzini, drjones, kvmarm, kvm Cc: suzuki.poulose, mark.rutland On 15/03/2022 14.33, Alexandru Elisei wrote: > Hi, > > Arm is planning to upstream tests that are being developed as part of the > Confidential Compute Architecture [1]. Some of the tests target the > attestation part of creating and managing a confidential compute VM, which > requires the manipulation of messages in the Concise Binary Object > Representation (CBOR) format [2]. > > I would like to ask if it would be acceptable from a license perspective to > include the QCBOR library [3] into kvm-unit-tests, which will be used for > encoding and decoding of CBOR messages. > > The library is licensed under the 3-Clause BSD license, which is compatible > with GPLv2 [4]. Some of the files that were created inside Qualcomm before > the library was open-sourced have a slightly modified 3-Clause BSD license, > where a NON-INFRINGMENT clause is added to the disclaimer: > > "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED > WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** > ARE DISCLAIMED" (emphasis by me on the added clause). > > The files in question include the core files that implement the > encode/decode functionality, and thus would have to be included in > kvm-unit-tests. I believe that the above modification does not affect the > compatibility with GPLv2. IANAL, but I think it should be ok to add those files to the kvm-unit-tests. With regards to the "non-infringement" extension, it seems to be the one mentioned here: https://enterprise.dejacode.com/licenses/public/bsd-x11/ ... and on the "license condition" tab they mention that it is compatible with the GPL. On gnu.org, they list e.g. the https://www.gnu.org/licenses/license-list.html#X11License which also contains a "non-infringement" statement, so that should really be compatible. Thomas ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests 2022-03-15 14:21 ` Thomas Huth @ 2022-03-15 15:48 ` Alexandru Elisei 0 siblings, 0 replies; 7+ messages in thread From: Alexandru Elisei @ 2022-03-15 15:48 UTC (permalink / raw) To: Thomas Huth; +Cc: pbonzini, drjones, kvmarm, kvm, suzuki.poulose, mark.rutland Hi, On Tue, Mar 15, 2022 at 03:21:39PM +0100, Thomas Huth wrote: > On 15/03/2022 14.33, Alexandru Elisei wrote: > > Hi, > > > > Arm is planning to upstream tests that are being developed as part of the > > Confidential Compute Architecture [1]. Some of the tests target the > > attestation part of creating and managing a confidential compute VM, which > > requires the manipulation of messages in the Concise Binary Object > > Representation (CBOR) format [2]. > > > > I would like to ask if it would be acceptable from a license perspective to > > include the QCBOR library [3] into kvm-unit-tests, which will be used for > > encoding and decoding of CBOR messages. > > > > The library is licensed under the 3-Clause BSD license, which is compatible > > with GPLv2 [4]. Some of the files that were created inside Qualcomm before > > the library was open-sourced have a slightly modified 3-Clause BSD license, > > where a NON-INFRINGMENT clause is added to the disclaimer: > > > > "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED > > WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF > > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** > > ARE DISCLAIMED" (emphasis by me on the added clause). > > > > The files in question include the core files that implement the > > encode/decode functionality, and thus would have to be included in > > kvm-unit-tests. I believe that the above modification does not affect the > > compatibility with GPLv2. > > IANAL, but I think it should be ok to add those files to the kvm-unit-tests. > With regards to the "non-infringement" extension, it seems to be the one > mentioned here: https://enterprise.dejacode.com/licenses/public/bsd-x11/ ... > and on the "license condition" tab they mention that it is compatible with > the GPL. On gnu.org, they list e.g. the > https://www.gnu.org/licenses/license-list.html#X11License which also > contains a "non-infringement" statement, so that should really be > compatible. Thanks you for the links, I wasn't aware of them. They further confirm that QCBOR is indeed compatible with GPLv2. Thanks, Alex > > Thomas > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests 2022-03-15 13:33 [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests Alexandru Elisei 2022-03-15 14:21 ` Thomas Huth @ 2022-03-15 15:25 ` Andrew Jones 2022-03-16 10:42 ` Alexandru Elisei 1 sibling, 1 reply; 7+ messages in thread From: Andrew Jones @ 2022-03-15 15:25 UTC (permalink / raw) To: Alexandru Elisei Cc: pbonzini, thuth, kvmarm, kvm, suzuki.poulose, mark.rutland On Tue, Mar 15, 2022 at 01:33:57PM +0000, Alexandru Elisei wrote: > Hi, > > Arm is planning to upstream tests that are being developed as part of the > Confidential Compute Architecture [1]. Some of the tests target the > attestation part of creating and managing a confidential compute VM, which > requires the manipulation of messages in the Concise Binary Object > Representation (CBOR) format [2]. > > I would like to ask if it would be acceptable from a license perspective to > include the QCBOR library [3] into kvm-unit-tests, which will be used for > encoding and decoding of CBOR messages. > > The library is licensed under the 3-Clause BSD license, which is compatible > with GPLv2 [4]. Some of the files that were created inside Qualcomm before > the library was open-sourced have a slightly modified 3-Clause BSD license, > where a NON-INFRINGMENT clause is added to the disclaimer: > > "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED > WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** > ARE DISCLAIMED" (emphasis by me on the added clause). > > The files in question include the core files that implement the > encode/decode functionality, and thus would have to be included in > kvm-unit-tests. I believe that the above modification does not affect the > compatibility with GPLv2. > > I would also like to mention that the QCBOR library is also used in Trusted > Firmware-M [5], which is licensed under BSD 3-Clause. > > [1] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture > [2] https://datatracker.ietf.org/doc/html/rfc8949 > [3] https://github.com/laurencelundblade/QCBOR > [4] https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses > [5] https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/qcbor > > Thanks, > Alex > Assuming the license is OK (I'm not educated in that stuff enough to give an opinion), then the next question is how do we want to integrate it? Bring it all in, like we did libfdt? Or use a git submodule? Thanks, drew ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests 2022-03-15 15:25 ` Andrew Jones @ 2022-03-16 10:42 ` Alexandru Elisei 2022-03-16 10:44 ` Suzuki Kuruppassery Poulose 2022-03-16 10:51 ` Andrew Jones 0 siblings, 2 replies; 7+ messages in thread From: Alexandru Elisei @ 2022-03-16 10:42 UTC (permalink / raw) To: Andrew Jones; +Cc: pbonzini, thuth, kvmarm, kvm, suzuki.poulose, mark.rutland Hi, On Tue, Mar 15, 2022 at 04:25:28PM +0100, Andrew Jones wrote: > On Tue, Mar 15, 2022 at 01:33:57PM +0000, Alexandru Elisei wrote: > > Hi, > > > > Arm is planning to upstream tests that are being developed as part of the > > Confidential Compute Architecture [1]. Some of the tests target the > > attestation part of creating and managing a confidential compute VM, which > > requires the manipulation of messages in the Concise Binary Object > > Representation (CBOR) format [2]. > > > > I would like to ask if it would be acceptable from a license perspective to > > include the QCBOR library [3] into kvm-unit-tests, which will be used for > > encoding and decoding of CBOR messages. > > > > The library is licensed under the 3-Clause BSD license, which is compatible > > with GPLv2 [4]. Some of the files that were created inside Qualcomm before > > the library was open-sourced have a slightly modified 3-Clause BSD license, > > where a NON-INFRINGMENT clause is added to the disclaimer: > > > > "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED > > WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF > > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** > > ARE DISCLAIMED" (emphasis by me on the added clause). > > > > The files in question include the core files that implement the > > encode/decode functionality, and thus would have to be included in > > kvm-unit-tests. I believe that the above modification does not affect the > > compatibility with GPLv2. > > > > I would also like to mention that the QCBOR library is also used in Trusted > > Firmware-M [5], which is licensed under BSD 3-Clause. > > > > [1] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture > > [2] https://datatracker.ietf.org/doc/html/rfc8949 > > [3] https://github.com/laurencelundblade/QCBOR > > [4] https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses > > [5] https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/qcbor > > > > Thanks, > > Alex > > > > Assuming the license is OK (I'm not educated in that stuff enough to give > an opinion), then the next question is how do we want to integrate it? > Bring it all in, like we did libfdt? Or use a git submodule? This is still a work in progress and at this time I'm not sure how it will end up looking. Do you have a preference for one or the other? Thanks, Alex ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests 2022-03-16 10:42 ` Alexandru Elisei @ 2022-03-16 10:44 ` Suzuki Kuruppassery Poulose 2022-03-16 10:51 ` Andrew Jones 1 sibling, 0 replies; 7+ messages in thread From: Suzuki Kuruppassery Poulose @ 2022-03-16 10:44 UTC (permalink / raw) To: Alexandru Elisei, Andrew Jones; +Cc: pbonzini, thuth, kvmarm, kvm, mark.rutland Hi Andrew, Alexandru, On 16/03/2022 10:42, Alexandru Elisei wrote: > Hi, > > On Tue, Mar 15, 2022 at 04:25:28PM +0100, Andrew Jones wrote: >> On Tue, Mar 15, 2022 at 01:33:57PM +0000, Alexandru Elisei wrote: >>> Hi, >>> >>> Arm is planning to upstream tests that are being developed as part of the >>> Confidential Compute Architecture [1]. Some of the tests target the >>> attestation part of creating and managing a confidential compute VM, which >>> requires the manipulation of messages in the Concise Binary Object >>> Representation (CBOR) format [2]. >>> >>> I would like to ask if it would be acceptable from a license perspective to >>> include the QCBOR library [3] into kvm-unit-tests, which will be used for >>> encoding and decoding of CBOR messages. >>> >>> The library is licensed under the 3-Clause BSD license, which is compatible >>> with GPLv2 [4]. Some of the files that were created inside Qualcomm before >>> the library was open-sourced have a slightly modified 3-Clause BSD license, >>> where a NON-INFRINGMENT clause is added to the disclaimer: >>> >>> "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED >>> WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF >>> MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** >>> ARE DISCLAIMED" (emphasis by me on the added clause). >>> >>> The files in question include the core files that implement the >>> encode/decode functionality, and thus would have to be included in >>> kvm-unit-tests. I believe that the above modification does not affect the >>> compatibility with GPLv2. >>> >>> I would also like to mention that the QCBOR library is also used in Trusted >>> Firmware-M [5], which is licensed under BSD 3-Clause. >>> >>> [1] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture >>> [2] https://datatracker.ietf.org/doc/html/rfc8949 >>> [3] https://github.com/laurencelundblade/QCBOR >>> [4] https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses >>> [5] https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/qcbor >>> >>> Thanks, >>> Alex >>> >> >> Assuming the license is OK (I'm not educated in that stuff enough to give >> an opinion), then the next question is how do we want to integrate it? >> Bring it all in, like we did libfdt? Or use a git submodule? Thanks for your feedback. > > This is still a work in progress and at this time I'm not sure how it will > end up looking. Do you have a preference for one or the other? > My two cents. With the submodule approach, we can move to the later versions of the QCBOR library (if needed, in the future) without much noise in the history. Cheers Suzuki > Thanks, > Alex ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests 2022-03-16 10:42 ` Alexandru Elisei 2022-03-16 10:44 ` Suzuki Kuruppassery Poulose @ 2022-03-16 10:51 ` Andrew Jones 1 sibling, 0 replies; 7+ messages in thread From: Andrew Jones @ 2022-03-16 10:51 UTC (permalink / raw) To: Alexandru Elisei Cc: pbonzini, thuth, kvmarm, kvm, suzuki.poulose, mark.rutland On Wed, Mar 16, 2022 at 10:42:31AM +0000, Alexandru Elisei wrote: > Hi, > > On Tue, Mar 15, 2022 at 04:25:28PM +0100, Andrew Jones wrote: > > On Tue, Mar 15, 2022 at 01:33:57PM +0000, Alexandru Elisei wrote: > > > Hi, > > > > > > Arm is planning to upstream tests that are being developed as part of the > > > Confidential Compute Architecture [1]. Some of the tests target the > > > attestation part of creating and managing a confidential compute VM, which > > > requires the manipulation of messages in the Concise Binary Object > > > Representation (CBOR) format [2]. > > > > > > I would like to ask if it would be acceptable from a license perspective to > > > include the QCBOR library [3] into kvm-unit-tests, which will be used for > > > encoding and decoding of CBOR messages. > > > > > > The library is licensed under the 3-Clause BSD license, which is compatible > > > with GPLv2 [4]. Some of the files that were created inside Qualcomm before > > > the library was open-sourced have a slightly modified 3-Clause BSD license, > > > where a NON-INFRINGMENT clause is added to the disclaimer: > > > > > > "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED > > > WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF > > > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** > > > ARE DISCLAIMED" (emphasis by me on the added clause). > > > > > > The files in question include the core files that implement the > > > encode/decode functionality, and thus would have to be included in > > > kvm-unit-tests. I believe that the above modification does not affect the > > > compatibility with GPLv2. > > > > > > I would also like to mention that the QCBOR library is also used in Trusted > > > Firmware-M [5], which is licensed under BSD 3-Clause. > > > > > > [1] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture > > > [2] https://datatracker.ietf.org/doc/html/rfc8949 > > > [3] https://github.com/laurencelundblade/QCBOR > > > [4] https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses > > > [5] https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/qcbor > > > > > > Thanks, > > > Alex > > > > > > > Assuming the license is OK (I'm not educated in that stuff enough to give > > an opinion), then the next question is how do we want to integrate it? > > Bring it all in, like we did libfdt? Or use a git submodule? > > This is still a work in progress and at this time I'm not sure how it will > end up looking. Do you have a preference for one or the other? > I think I prefer a submodule, but I'm all ears on this. By coincidence the same topic is now also being discussed here https://lore.kernel.org/kvm/334cc93e-9843-daa9-5846-394c199e294f@redhat.com/T/#mb5db3e9143e4f2ca47d24a32b30e7b2f014934e8 Thanks, drew ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-03-16 10:51 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-03-15 13:33 [kvm-unit-tests] Adding the QCBOR library to kvm-unit-tests Alexandru Elisei 2022-03-15 14:21 ` Thomas Huth 2022-03-15 15:48 ` Alexandru Elisei 2022-03-15 15:25 ` Andrew Jones 2022-03-16 10:42 ` Alexandru Elisei 2022-03-16 10:44 ` Suzuki Kuruppassery Poulose 2022-03-16 10:51 ` Andrew Jones
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox