On 15:36-20240716, Tom Rini wrote: [...]
Distributing the closed source binaries and U-Boot in separate packages according to their respective licenses and only assemble them on the target device via a post-installation script might be allowable.
For this project the question is making sure that the binaries are licensed such that they could be externally redistributable.
I don't know why someone would suggest that ABI calls are suddenly linkage as I thought that (as far as these matters go) that was already settled, but I am not a lawyer.
The relevant term in the GPL 2.0 license is "work based on the Program". According to the GPL a "work based on the Program" is "a work containing the Program or a portion of it".
If you build a binary via binman that contains U-Boot and another binary, the resulting binary could be considered "a work containing the Program or a portion of it".
The GPL 2.0 requires:
"But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it."
I'm not a lawyer and I don't pretend to be one on mailing lists, either.
In that my non-lawyer statements matter, I don't think binman constitutes some new form of linking and I believe it falls in to the same well known ABI exception.
But that's entirely unrelated to the question of hosting binaries (some of which may be closed source) for use in firmware projects, some of which will not be GPL. For example, I would assume that running tianocore on i.MX8 requires the same assorted binaries that U-Boot does, and that would not have a license conflict.
Usual disclaimers (not a lawyer, not representing corporate policy.. etc): buildroot and yocto for example prebuild images for embedded systems and they have had to deal with closed firmwares in the past as well. Packaging binaries in a filesystem or some format (x509/fit) is essentially the same thing - anyways.. interesting thought there.
PS: For folks interested: LPC accepted our proposal[1] in the security/boot MC and if folks could join in person or virtually, it would be great to lay this out and get the thoughts out and come to some direction here.
[1] https://lpc.events/event/18/contributions/1815/