Hi, On Tue, Mar 15, 2022 at 04:25:28PM +0100, Andrew Jones wrote: > On Tue, Mar 15, 2022 at 01:33:57PM +0000, Alexandru Elisei wrote: > > Hi, > > > > Arm is planning to upstream tests that are being developed as part of the > > Confidential Compute Architecture [1]. Some of the tests target the > > attestation part of creating and managing a confidential compute VM, which > > requires the manipulation of messages in the Concise Binary Object > > Representation (CBOR) format [2]. > > > > I would like to ask if it would be acceptable from a license perspective to > > include the QCBOR library [3] into kvm-unit-tests, which will be used for > > encoding and decoding of CBOR messages. > > > > The library is licensed under the 3-Clause BSD license, which is compatible > > with GPLv2 [4]. Some of the files that were created inside Qualcomm before > > the library was open-sourced have a slightly modified 3-Clause BSD license, > > where a NON-INFRINGMENT clause is added to the disclaimer: > > > > "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED > > WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF > > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** > > ARE DISCLAIMED" (emphasis by me on the added clause). > > > > The files in question include the core files that implement the > > encode/decode functionality, and thus would have to be included in > > kvm-unit-tests. I believe that the above modification does not affect the > > compatibility with GPLv2. > > > > I would also like to mention that the QCBOR library is also used in Trusted > > Firmware-M [5], which is licensed under BSD 3-Clause. > > > > [1] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture > > [2] https://datatracker.ietf.org/doc/html/rfc8949 > > [3] https://github.com/laurencelundblade/QCBOR > > [4] https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses > > [5] https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/qcbor > > > > Thanks, > > Alex > > > > Assuming the license is OK (I'm not educated in that stuff enough to give > an opinion), then the next question is how do we want to integrate it? > Bring it all in, like we did libfdt? Or use a git submodule? This is still a work in progress and at this time I'm not sure how it will end up looking. Do you have a preference for one or the other? Thanks, Alex