Hi,

Arm is planning to upstream tests that are being developed as part of the
Confidential Compute Architecture [1]. Some of the tests target the
attestation part of creating and managing a confidential compute VM, which
requires the manipulation of messages in the Concise Binary Object
Representation (CBOR) format [2].

I would like to ask if it would be acceptable from a license perspective to
include the QCBOR library [3] into kvm-unit-tests, which will be used for
encoding and decoding of CBOR messages.

The library is licensed under the 3-Clause BSD license, which is compatible
with GPLv2 [4]. Some of the files that were created inside Qualcomm before
the library was open-sourced have a slightly modified 3-Clause BSD license,
where a NON-INFRINGMENT clause is added to the disclaimer:

"THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE **AND NON-INFRINGEMENT**
ARE DISCLAIMED" (emphasis by me on the added clause).

The files in question include the core files that implement the
encode/decode functionality, and thus would have to be included in
kvm-unit-tests. I believe that the above modification does not affect the
compatibility with GPLv2.

I would also like to mention that the QCBOR library is also used in Trusted
Firmware-M [5], which is licensed under BSD 3-Clause.

[1] 
https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture
[2] https://datatracker.ietf.org/doc/html/rfc8949
[3] https://github.com/laurencelundblade/QCBOR
[4] https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses
[5] 
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/qcbor

Thanks,
Alex
_______________________________________________
kvmarm mailing list
[email protected]
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm

Reply via email to