[Fwd: Intel Firmware license analysis]

The following is an email message from Theo de Raadt. He's the guy in
charge of OpenBSD.

-------- Original Message --------
Subject: Intel Firmware license analysis
Date: Sun, 01 Oct 2006 12:06:46 -0600
From: Theo de Raadt <deraadt@cvs.openbsd.org>
To: misc@cvs.openbsd.org
CC: jketreno@linux.intel.com, majid.awad@intel.com

Intel has a seriously restrictive license on the firmware of their two
older chipsets. It seems Intel didn't design these chipsets but
purchased them but failed to buy all the rights, and now feels
compelled to restrict us. That license can be found at

        http://ipw2100.sourceforge.net/firmware.php?fid=1

I won't do an analysis of the older license, since it is clearly
unacceptable for any open source group to sign away these rights.
This license immediately becomes the largest legal burden of any open
source operating system. Some Linux vendors have signed up onto the
program, but that merely shows their (rather corporate) lack
dedication towards the commonly held "open source" and "free software"
goals.

Intel has a newer and seemingly less restrictive license for the
firmware of their newer chipset, but it still has problems. A copy of
that can be found at

        http://bughost.org/ipw3945/LICENSE

I can analyse this license though, to show why it is also flawed.

First off, the license boilerplate has been formatted to look like a
typical BSD license. Don't be fooled by that (amusingly, we have
almost been fooled once by a GPL license reformatted to look like a
BSD license).

> Copyright (c) 2006, Intel Corporation.
> All rights reserved.
>
> Redistribution. Redistribution and use in binary form, without
> modification, are permitted provided that the following conditions are
> met:

A normal BSD license has the phrase "source and binary forms". Our
tree now contains firmware licenses from many other vendors include
the word "source". Even the Intel-supplied microcode patches for the
fxp (100mbit Ethernet) come in a .h file and contain the word "source"
in the license.

If we included this firmware in OpenBSD, we would have to put it in
our "source tree". We do not put binary files into our CVS repository
(for various technical reasons, but also to avoid these traps). Even
if a vendor gives us a binary firmware with the right license, we turn
it into a .h file and later on use a program to re-format it to a
binary firmware file. Most people would largely consider a .h file to
be a "source form". Intel prohibits this for no good reason.

Our whole distribution is build completely out of source -- always
(even if a few pieces are freely-distributable microcodes that run on
plug-in devices).

> * Redistributions must reproduce the above copyright notice and the
> following disclaimer in the documentation and/or other materials
> provided with the distribution.
> * Neither the name of Intel Corporation nor the names of its suppliers
> may be used to endorse or promote products derived from this software
> without specific prior written permission.
> * No reverse engineering, decompilation, or disassembly of this software
> is permitted.

This is a new term which has been added to the BSD look-alike license.
It adds a constraint which is not legal in many countries, where those
things are legal, and you cannot sign away your own rights without a
tit-for-tat legal contract. Intel cannot stop anyone from doing so.
Intel should know better than to challenge us with such rude language,
since it makes them sound like Atheros and we all know how that worked
out.

> Limited patent license. Intel Corporation grants a world-wide,
> royalty-free, non-exclusive license under patents it now or hereafter
> owns or controls to make, have made, use, import, offer to sell and
> sell ("Utilize") this software, but solely to the extent that any
> such patent is necessary to Utilize the software alone, or in
> combination with an operating system licensed under an approved Open
> Source license as listed by the Open Source Initiative at
> http://opensource.org/licenses.

This says that only operating systems which are totally free
(according to some standard) may use the code. Any non-free operating
system which happens to be based on a free operating system may not
use the firmware.

What if some vendor decides that they like OpenBSD so much that they
want to turn it (or a part of it) into a commercial product, perhaps
for a specialized market segment we do not reach? So they would take
the OpenBSD source tree and mutate it to their needs? We fully
endorse vendors taking parts of our code and doing so, since this is
much better than having vendors invent their own insecure crud and
then having the world use that. And this is not just words -- there
are vendors doing just that.

But now such a vendor would be REQUIRED to remove the firmware file
from their distribution. And if they make a mistake and leave it,
Intel can sue them, since it is clear they have violated the license.
This is a serious trap.

Our releases are made entirely from a single source tree. Not one
thing makes it into an OpenBSD release, unless that thing is already
contained inside the single source tree that we use. Our source tree
makes a promise that everything in it is free for reuse and
redistribution. Our source tree is trap-free.

Intel would have us put a trap into our code. I could state it as
"Intel is open only to open people". It is not what Open Source
stands for -- we are "open towards everyone".

When you require someone to give up rights they automatically hold,
it is not open.

> The patent license shall not apply to
> any other combinations which include this software.

Again there it is: Intel only considers the non-corporate side of
the open source community as "the open source community". Intel is
saying that only rich vendors may use their code, but that they are
making a special deal only for OpenBSD, FreeBSD, NetBSD, and Linux.

But this does bring up the side question: Is all of Red Hat
"Enterprise Linux" licensed under the licenses stated at
http://opensource.org/licenses, or is the fact more like -- *PARTS* of
Red Hat "Enterprise Linux" are licenced under those licenses. See the
trap? I would bet that Red Hat is therefore violating this license,
or much more likely, Red Hat has signed some special agreement with
Intel that makes them special. How Open is a license when anyone --
company or individual -- has to sign additional licenses or give up
more rights?

> No hardware per se is licensed hereunder.
>
> DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
> CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
> BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
> FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
> COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
> INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
> BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
> OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
> ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
> TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
> USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
> DAMAGE.

This last bit is just the standard disclaimer that some US
jurisdictions used to require.

So basically what Intel is trying to hand out is an "open source"
license very much like the SSH.COM license for ssh. That license also
said "free operating system users may use our commercial ssh product".

Intel is being an Open Source fraud.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Oct 2 08:03:02 2006