Secure boot/signed images and GPL code
Doman, Jonathan
jonathan.doman at intel.com
Wed Nov 4 09:59:14 AEDT 2020
(Also not a lawyer and not speaking for my employer.)
On Tue, 2020-11-03 at 14:56 -0600, Patrick Williams wrote:
> In the context of a server, I don't think most companies would want a
> way to disable secure boot. It does provide fairly important protection
> to the integrity of the server. But, it is valuable to many customers
> to have a method to transition the trusted signing keys from one entity
> to another.
According to one analysis [1] of the GPL, this desire to keep
enterprise systems locked down is why v3 contains language defining
"User Products". If your device is not a User Product ("for personal,
family, or household purposes" or "for incorporation into a dwelling"),
then you are not obligated to provide Installation Information
containing signing keys (or whatever information might be needed).
1: https://copyleft.org/guide/comprehensive-gpl-guidech10.html#x13-850009.9.2
More information about the openbmc
mailing list