Re: Question re correctness of module license check

[Robbie Harwood]

George Barrett <bob@bob131.so> writes:

> The module loader contains the following check:[1]
>
>     /* Me, Vladimir Serbinenko, hereby I add this module check as per new
>        GNU module policy. Note that this license check is informative only.
>        Modules have to be licensed under GPLv3 or GPLv3+ (optionally
>        multi-licensed under other licences as well) independently of the
>        presence of this check and solely by linking (module loading in GRUB
>        constitutes linking) and GRUB core being licensed under GPLv3+.
>        Be sure to understand your license obligations.
>     */
>     static grub_err_t
>     grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
>     {
>       Elf_Shdr *s = grub_dl_find_section (e, ".module_license");
>
>       if (s == NULL)
>         return grub_error (GRUB_ERR_BAD_MODULE,
>                      "no license section in module %.63s", mod->name);
>
>       if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0
>           || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0
>           || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0)
>         return GRUB_ERR_NONE;
>
>       return grub_error (GRUB_ERR_BAD_MODULE,
>                    "incompatible license in module %.63s: %.63s", mod->name,
>                    (char *) e + s->sh_offset);
>     }
>
> IANAL, but my understanding is that GRUB's license is complied with when
> the loaded module is covered by a license that can be "subsumed"[2] by
> the GPLv3 (or that can subsume the GPLv3, like a future GPLv4).  As
> noted by [2], this includes Apache, MPL, etc.
>
> As for the "GNU module policy", I could not find what this references:
>  - The commit introducing the check doesn't mention what this policy is,
>    where it comes from or where it was discussed.[3]
>  - Neither does the mailing list thread in which the GRUB change was
>    discussed.[4]
>  - Looking up variations of "GNU module licensing policy" didn't reveal
>    any clues either (only [5], which seems to further support the notion
>    that licenses other than GPL might be acceptable).
>
>>From the above, it is my conclusion that
>  (a) usage of other compatible licenses for modules is legally
>      permissible, contrary to the suggestion of the quoted comment; and
>  (b) any such GNU policy mandating modules be GPL licensed is either
>      disused to the point of obscurity or never truly existed in the
>      first place (i.e. was the result of some ad-hoc process or
>      misunderstanding, etc, rather than some officially promulgated and
>      promoted policy.  I don't intend to insinuate deliberate
>      untruthfulness).
>
> Is this fair/accurate?  If so, can the check be relaxed to accept
> compatible licenses and the comment clarified?
>
> [1]: 
> https://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/kern/dl.c?id=65bc45963014773e2062ccc63ff34a089d2e352e#n451
> [2]: https://www.gnu.org/licenses/license-compatibility.html#combining
> [3]: 
> https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e745cf0ca64f94fa072d777cde8186aca2b78c1f
> [4]: https://lists.gnu.org/archive/html/grub-devel/2011-04/msg00089.html
> [5]: https://www.gnu.org/licenses/gpl-faq.en.html#GPLModuleLicense

Despite having patched this code, I don't understand what this license
check is intended to accomplish.  The usual caveats apply: I don't like
proprietary software either, I'm not a lawyer, etc..

First, on secureboot platforms (which is "lots" of them), the modules
have to be baked into grub at image creation time.  There's no point in
a license check there.

That aside, theoretically grub modules can either come from within the
grub source tree, or externally.  If they're internal to the tree, then
they must already have compatible copyright - else they would not have
been committed.

We're not aware of anyone trying to use external modules, and as
discussed previously on the list that's fraught anyhow, but suppose they
were.  Even if the license on their module were maximally incompatible
with grub's, all that does is render them non-redistributable.  (This is
akin to the situation ffmpeg can get into when certain GPL-incompatible
pieces are built.)  There's no basis for refusing to load the module
outright.

But even then, suppose there were.  As your post points out, the process
of deciding what's "compatible" is much more complicated than strcmp.
We would need a list of acceptable licenses, which we keep updated
somehow - and if we're being intellectually honest, the capability to
parse and understand full SPDX expressions (or similar).  I doubt any of
us seriously want that in the bootloader.

So to return to the start, if it's not generally going to do much as-is,
then why do I care?  Unfortunately, the module license checks is pretty
much the first thing that handles a module.  If either the module or its
containing signed image is malformed, truncated, etc., then we can get
errors in the license check.  They're not helpful and an end-user
certainly can't act on them properly.

Be well,
--Robbie

signature.asc
Description: PGP signature