Is reverse engineering binary blobs in Libreboot and Coreboot "legal"?

5 respostas [Última entrada]
Other_Cody
Desconectado
Joined: 12/20/2023

I do not know if Libreboot and Coreboot have licenses that forbid reverse engineering or just have binary blobs in them, though that could still be a problem for freedom as Libreboot may be under GNU General Public License, version 3.

And if it is under GNU General Public License, version 3, maybe also later versions, than till the blobs are removed it could not be "legal" to distribute it with the blobs still in it.

That is why GNU Boot and Canoeboot were made, I think, to have fully "free as in freedom" boot software/firmware instead of firmware with binary blobs in it.

https://www.gnu.org/software/gnuboot/web/

https://canoeboot.org/

Though if the blobs in Libreboot and Coreboot could be "legally" reverse engineered than Libreboot and Coreboot may also be "legal" to distribute when the blobs have source code that is not obscured, but till than those may be not be distributed without copyright infringement, I think. As Coreboot is under is under GNU General Public License, version 2, maybe also later versions.

Unless exceptions are made in both Libreboot and Coreboot licenses, to link non-free licensed things with the GNU General Public Licenses, somehow, thus making the blobs things that may not be "legal" to reverse engineer or even distribute, unless you get permission from whoever holds the copyright to the code.

andyprough
Desconectado
Joined: 02/12/2015

Legality is a question for the courts. If no one challenges the legality of Coreboot or Libreboot in court and gets some kind of a judicial ruling, then it wouldn't be appropriate to claim that they are doing something illegal. You could probably question if they are fully following their license terms, or something like that.

Also, I looked at the Dasharo Coreboot git today, and it appeared to me that any 3rd party binary blobs were only linked - they were not part of the Coreboot code itself from what I can see. I would assume that Libreboot does something similar - gives links or commands or instructions for downloading and installing the microcode updates, but does not include those non-free updates as part of its distributed code. I'm assuming that - I'm not totally certain. If I'm wrong, I'm sure someone will correct me.

Avron

I am a translator!

Desconectado
Joined: 08/18/2020

> I would assume that Libreboot does something similar - gives links or commands or instructions for downloading and installing the microcode updates, but does not include those non-free updates as part of its distributed code.

I think that you are perfectly correct, except that for a lot of computers, this also includes proprietary software that is not microcode updates.

On its home page, Libreboot says "free boot firmware" is important but omits that the Libreboot user will actually need proprietary software to start her computer. The "freedom status" page mentions shortly some pieces of proprietary software (not all) that must be used without calling them proprietary software, so most users will miss this. By contrast, the legacy pages (coming from when Libreboot was not doing that), use a very clear language refer to proprietary software in EC or HDD/SSD.

Other_Cody
Desconectado
Joined: 12/20/2023

I do not think that Coreboot or Libreboot are doing something that is not "legal" though I did not know if I distributed reverse engineered 3rd party binary blobs with source code will I be breaking another "link exception" license of the 3rd party binary blobs, Coreboot or Libreboot.

Or Coreboot and Libreboot may only be loading or downloading the 3rd party binary blobs and somehow linking them like the Linux kernel may have some sort of "system call" or other type of linking exception.

Like how GPL3 licensed programs, or non-free programs, can still somehow use the GPL2-only licensed Linux kernel.

https://en.wikipedia.org/wiki/Linux_kernel#Legal_aspects

The Linux kernel is licensed explicitly under GNU General Public License version 2 only (GPL-2.0-only) with an explicit syscall exception (Linux-syscall-note),[6][9][10] without offering the licensee the option to choose any later version, which is a common GPL extension. Contributed code must be available under GPL-compatible license.[11][105]

I think the develepers also may not need to follow the license for their own code.

https://www.gnu.org/philosophy/selling-exceptions

Other_Cody
Desconectado
Joined: 12/20/2023

I saw at

https://git.hyperbola.info:50100/~team/documentation/todo.git/about/

a license of a program likely from things in OpenBSD, that Hyperbola had to remove (both the program and it's non-free license) to make a freedom supporting HyperbolaBSD, like how the Linux kernel has blobs removed for Trisquel, that shows

Copyright 2004 Atmel Corporation. All Rights Reserved. Redistribution and use
of the microcode software ("Firmware") is permitted provided that the following
conditions are met:
1. Firmware is redistributed in object code only.
2. Any reproduction of Firmware must contain the above copyright notice,
this list of conditions and the below disclaimer in the documentation
and/or other materials provided with the distribution; and
3. The name of Atmel Corporation may not be used to endorse or promote products
derived from this Firmware without specific prior written consent.

DISCLAIMER: ATMEL PROVIDES THIS FIRMWARE "AS IS'' WITH NO WARRANTIES
OR INDEMNITIES WHATSOEVER. ATMEL EXPRESSLY DISCLAIMS ANY
EXPRESS, STATUTORY OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
FIRMWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

USER ACKNOWLEDGES AND AGREES THAT THE PURCHASE OR USE OF THE
FIRMWARE WILL NOT CREATE OR GIVE GROUNDS FOR A LICENSE BY
IMPLICATION, ESTOPPEL, OR OTHERWISE IN ANY INTELLECTUAL PROPERTY
RIGHTS (PATENT, COPYRIGHT, TRADE SECRET, MASK WORK, OR OTHER
PROPRIETARY RIGHT) EMBODIED IN ANY OTHER ATMEL HARDWARE OR
FIRMWARE EITHER SOLELY OR IN COMBINATION WITH THE FIRMWARE.

So seeing that some licenses have text like

1. Firmware is redistributed in object code only.

and that an exception can be made to link things that is why I did not know if Coreboot or Libreboot may also include blobs under licenses like this.

I think some sort of boot program and/or bios is needed on most computers now to boot things like Trisquel.

Unless it is an older model computer than those mostly sold now like ones using a DIP switch.

Historically, the BIOS in the IBM PC and XT had no built-in user interface. The BIOS versions in earlier PCs (XT-class) were not software configurable; instead, users set the options via DIP switches on the motherboard.

Though I do not know if a computer like that could run Trisquel without large modifications.

https://en.wikipedia.org/wiki/BIOS#Configuration

https://en.wikipedia.org/wiki/DIP_switch

https://en.wikipedia.org/wiki/UEFI

Psion
Desconectado
Joined: 12/29/2023

Better to require some blobs than to have the stock bios though. I would hope anyone here would agree with me on that at least.

me cleaner + coreboot is probably the next best thing for you guys to GNUboot.

If in doubt, always get some freedom at the minimum removing as much non-free backdoor code as you can to still have privacy/security.

However, if you want to go to GNUBoot level freedom, so be it.

Anything but the stock bios :)