On Wed, Mar 16, 2022 at 10:42:31AM +0000, Alexandru Elisei wrote: > Hi, > > On Tue, Mar 15, 2022 at 04:25:28PM +0100, Andrew Jones wrote: > > On Tue, Mar 15, 2022 at 01:33:57PM +0000, Alexandru Elisei wrote: > > > Hi, > > > > > > Arm is planning to upstream tests that are being developed as part of the > > > Confidential Compute Architecture [1]. Some of the tests target the > > > attestation part of creating and managing a confidential compute VM, which > > > requires the manipulation of messages in the Concise Binary Object > > > Representation (CBOR) format [2]. > > > > > > I would like to ask if it would be acceptable from a license perspective to > > > include the QCBOR library [3] into kvm-unit-tests, which will be used for > > > encoding and decoding of CBOR messages. > > > > > > The library is licensed under the 3-Clause BSD license, which is compatible > > > with GPLv2 [4]. Some of the files that were created inside Qualcomm before > > > the library was open-sourced have a slightly modified 3-Clause BSD license, > > > where a NON-INFRINGMENT clause is added to the disclaimer: > > > > > > "THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED > > > WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF > > > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT** > > > ARE DISCLAIMED" (emphasis by me on the added clause). > > > > > > The files in question include the core files that implement the > > > encode/decode functionality, and thus would have to be included in > > > kvm-unit-tests. I believe that the above modification does not affect the > > > compatibility with GPLv2. > > > > > > I would also like to mention that the QCBOR library is also used in Trusted > > > Firmware-M [5], which is licensed under BSD 3-Clause. > > > > > > [1] https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture > > > [2] https://datatracker.ietf.org/doc/html/rfc8949 > > > [3] https://github.com/laurencelundblade/QCBOR > > > [4] https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses > > > [5] https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/qcbor > > > > > > Thanks, > > > Alex > > > > > > > Assuming the license is OK (I'm not educated in that stuff enough to give > > an opinion), then the next question is how do we want to integrate it? > > Bring it all in, like we did libfdt? Or use a git submodule? > > This is still a work in progress and at this time I'm not sure how it will > end up looking. Do you have a preference for one or the other? > I think I prefer a submodule, but I'm all ears on this. By coincidence the same topic is now also being discussed here https://lore.kernel.org/kvm/334cc93e-9843-daa9-5846-394c199e294f@xxxxxxxxxx/T/#mb5db3e9143e4f2ca47d24a32b30e7b2f014934e8 Thanks, drew
