On Tue, Mar 15, 2022 at 01:33:57PM +0000, Alexandru Elisei wrote: > Hi, > > Arm is planning to upstream tests that are being developed as part of the > Confidential Compute Architecture [1]. Some of the tests target the > attestation part of creating and managing a confidential compute VM, which > requires the manipulation of messages in the Concise Binary Object > Representation (CBOR) format [2]. > > I would like to ask if it would be acceptable from a license perspective to > include the QCBOR library [3] into kvm-unit-tests, which will be used for > encoding and decoding of CBOR messages. > > The library is licensed under the 3-Clause BSD license, which is compatible > with GPLv2 [4]. Some of the files that were created inside Qualcomm before > the library was open-sourced have a slightly modified 3-Clause BSD license, > where a NON-INFRINGMENT clause is added to the disclaimer: > > "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED > WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** > ARE DISCLAIMED" (emphasis by me on the added clause). > > The files in question include the core files that implement the > encode/decode functionality, and thus would have to be included in > kvm-unit-tests. I believe that the above modification does not affect the > compatibility with GPLv2. > > I would also like to mention that the QCBOR library is also used in Trusted > Firmware-M [5], which is licensed under BSD 3-Clause. > > [1] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture > [2] https://datatracker.ietf.org/doc/html/rfc8949 > [3] https://github.com/laurencelundblade/QCBOR > [4] https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses > [5] https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/qcbor > > Thanks, > Alex > Assuming the license is OK (I'm not educated in that stuff enough to give an opinion), then the next question is how do we want to integrate it? Bring it all in, like we did libfdt? Or use a git submodule? Thanks, drew _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm