Hello,
I have a review request for a firmware: Boot firmware (ATF, UEFI...) for Mellanox BlueField:
https://bugzilla.redhat.com/show_bug.cgi?id=1846139
I would like some opinions on whether this is acceptable firmware. The binary contains open source code for which the license are documented, but no code source is provided, only the resulting binary firmware.
Thanks for any help,
Robert-André
On Fri, Jun 26, 2020 at 4:36 PM Robert-André Mauchin zebob.m@gmail.com wrote:
Hello,
I have a review request for a firmware: Boot firmware (ATF, UEFI...) for Mellanox BlueField:
https://bugzilla.redhat.com/show_bug.cgi?id=1846139
I would like some opinions on whether this is acceptable firmware. The binary contains open source code for which the license are documented, but no code source is provided, only the resulting binary firmware.
Assuming these are all the applicable licenses: https://github.com/Mellanox/bootimages/tree/master/licenses (I looked at the review request very quickly) these standard FOSS licenses are all acceptable licenses for Fedora firmware.
Richard
* Robert-André Mauchin:
I have a review request for a firmware: Boot firmware (ATF, UEFI...) for Mellanox BlueField:
https://bugzilla.redhat.com/show_bug.cgi?id=1846139
I would like some opinions on whether this is acceptable firmware. The binary contains open source code for which the license are documented, but no code source is provided, only the resulting binary firmware.
Is FirmwareUpdate.efi really firmware in Fedora's sense? Won't it run on the host CPU?
In the Git repository
https://github.com/Mellanox/bootimages/tree/bluefield-rel/3.x
Mellanox does not provide permission to redistribute the firmware, only required notices of components that they have used to build it. Just saying that something has been derived (in part) from open source software does not make it open source, or even redistributable.
Thanks, Florian
On Fri, Jun 26, 2020 at 5:21 PM Florian Weimer fweimer@redhat.com wrote:
In the Git repository
https://github.com/Mellanox/bootimages/tree/bluefield-rel/3.x
Mellanox does not provide permission to redistribute the firmware, only required notices of components that they have used to build it. Just saying that something has been derived (in part) from open source software does not make it open source, or even redistributable.
Right, if that is how the explicit license information in that repository should be interpreted, then this is not OK for Fedora.
Richard
On Friday, 26 June 2020 23:20:38 CEST Florian Weimer wrote:
- Robert-André Mauchin:
I have a review request for a firmware: Boot firmware (ATF, UEFI...) for Mellanox BlueField:
https://bugzilla.redhat.com/show_bug.cgi?id=1846139
I would like some opinions on whether this is acceptable firmware. The binary contains open source code for which the license are documented, but no code source is provided, only the resulting binary firmware.
Is FirmwareUpdate.efi really firmware in Fedora's sense? Won't it run on the host CPU?
In the Git repository
https://github.com/Mellanox/bootimages/tree/bluefield-rel/3.x
Mellanox does not provide permission to redistribute the firmware, only required notices of components that they have used to build it. Just saying that something has been derived (in part) from open source software does not make it open source, or even redistributable.
Thanks, Florian
Right, the Mellanox people are CC to the bug so I assume they want it packaged. I will ask for further clarifications.
Thanks.
On Fri, 26 Jun 2020, 22:21 Florian Weimer, fweimer@redhat.com wrote:
Is FirmwareUpdate.efi really firmware in Fedora's sense? Won't it run on the host CPU?
This is flashed hardware!? Can't mellanox just use the LVFS to distribute firmware rather than having to install a package of blobs you're going to use exactly once?
Richard
* Richard Hughes:
On Fri, 26 Jun 2020, 22:21 Florian Weimer, fweimer@redhat.com wrote:
Is FirmwareUpdate.efi really firmware in Fedora's sense? Won't it run on the host CPU?
This is flashed hardware!? Can't mellanox just use the LVFS to distribute firmware rather than having to install a package of blobs you're going to use exactly once?
I don't know if the binary is included by accident. But it's something that needs to be investigated.
Thanks, Florian