GPL Issues Surrounding Commercial Device Drivers?

Demiurg asks: "My company has recently decided to support Linux for it's embedded networking products which means that I'm starting to write Linux device drivers for our hardware. The company was very concerned about GPL issues and consulted a lawyer - who advised us to go for a user-space driver, saying that this is the only safe way to avoid GPL issues. I tried to give them a few examples of companies distributing binary only drivers (NVIDIA and Rational) but was told that these companies do not distribute binary only drivers - they only allow you to download them from a web site (which is not an option for an embedded product). What does Slashdot have to say about the issue? Is writing a user-mode (and hence not very efficient) driver the only way for a company to protect it's intellectual property? Please refrain from giving answers like 'all code should be GPL' - although I personally may agree, such answers will not help me convince management to make the change." Are there any lawyers (or readers with the right legal knowledge) out there that can confirm or contradict this recommendation?

lawyers

[Dionysus]

So, you got your advice from a legal consul, and you're thinking about ignoring it in favor of advice from the /. crowd? Is that smart?

Re:lawyers

[nicodaemos]

Many times the corporate lawyer is a liberal arts person who doesn't understand the finer points of technology and licensing. As such they don't have the background to come up with creative ways for you to achieve your goals while still remaining in compliance with licensing.

I personally had to convince a VP of Development to consider my alternatives over the simple no answer that came from the corporate lawyer. It wasn't easy, but I was able to pursuade 2 other directors who backed up my ideas. No, this wasn't a dot-com startup, but a nasdaq listed company with a strong 25 year history. The conservatism and resistance to change was mind boggling.

My advice is to do exactly what you're doing. Brainstorm the heck out of this and see if you can make it work. Good luck!

Re:lawyers

So, you got your advice from a legal consul, and you're thinking about ignoring it in favor of advice from the /. crowd? Is that smart?

FLAME ON--
Actually yes and no. It is incredibly wise to ask the ./ crowd because there are a few of us out here who a) aren't school/college age geeks and b) have ACTUALLY DONE THIS IN A COMMERICAL PRODUCT and worried over the issue ourselves. It's dumb to take the ./ crowd advise in place of your lawyer's advice. Instead the rational thing to do is to ask here and if something looks interesting point it out to the lawyer.
FLAME OFF--

It is relatively well known the Linus has essentially modified the terms of the GPL under which the kernel is distributed w.r.t. loadable modules to allow exactly this functionality. You write a closed source driver for your odd exceeding proprietary hardware, make it a loadable module (not compiled in) and your driver does not have to be released under GPL. As soon as you distribute a version with the module compiled in "all your IP are ours", but as long as you dynamically load it your ok.
Tell you lawyer to contact Linus to confirm this in writing; he's the freakin' copyright holder.

Re:lawyers

"No, this wasn't a dot-com startup, but a nasdaq listed company with a strong 25 year history. The conservatism and resistance to change was mind boggling."

There may be a connection between `resistance to change` and `strong 25 year history`.

Re:lawyers

[ajs]

I'm getting very tired of this mistake. It's being pushed by MS, but it was started by the likes of Slashdotters who don't understand the terminology.

The GPL is not viral, copyright law is. The GPL is an optional license which you can opt out of by simply never accepting its terms. In which case, it has no sway over you at all, and you can walk away unscathed.

However, like all copyrighted works, GPLed software cannot be modified and "made your own". A modified (or "derived") work is just that.

When you use something like a compiler, there's some grey involved as to what the end product is. It has incorporated some headers and libraries that are part of the compiler suite (crt0.o, for example), so it's not just a "printing press for computers". This means that applications which incorporate parts of themselves into their ouput must make a special exception in their licensing terms in order to clarify the status of that output.

Now, here's the kicker... this is true regardless of what license you use! Yep, you can use the MIT/X license, the BSD license, the GPL, Microsoft's EULA (which is legally on much shakier ground than the GPL, BTW because it relies on this idea that you do not own the software that you purchased, which has been defeated as a tactic for books).

The only difference between using the GPL and a weaker license like the MIT/X or BSD licenses is that those licenses allow you to do nearly everything that Copyright law takes away. Not that I'm comparing those licenses to the GPL for any real reason. They're both very good licenses for what they are meant to do.

However, to say that it's the GPL that's viral is silly. Try cutting up a magazine, reassembling the articles and then publishing the result. I think you'll find that copyright law has infected your creative work without the GPL (or any other license) coming anywhere near you.

Re:lawyers

[paulbd]

Dude, you are completely full of shit. Copyright law is a little bit viral, but the GPL is ebola viral. The major difference is that if you include a copyrighted image/paragraph/etc in your original work (whether by permission or via fair use) the copyright on the cited work does not infect the remaining 90% of your original work. How can you gloss over a detail like that. It makes ALL the difference.

Who's full of shit here? You would be able to reprint/reissue your work without the copied work, but until you did that, continued duplication of your work would be a violation of copyright law (and you would remain in violation of it for the prior duplication).

Get a sense of proportion. There is a huge difference between someone who wants to take a GPL'ed app, tweak it a bit, and sell it under a non-GPL license, and someone who wants to take a GPL'ed library and include it as a small part of a non-GPL'ed program. That would be stretching the definition of "derivative work" beyond the level of common sense.

If someone's work is copyrighted then you have no rights whatsoever to duplicate or use it unless they give you such rights. The author of the GPL'ed library has decided to give such rights only to people who give her and others the same rights in return. The author could have chosen to give you no rights whatsoever, in which case, they need not bother with a license at all. When you use somebody else's code, whatever license it is under, it is only legal if they have given express permission to do so. If they have not, or if they have added conditions under which you may use it, the law does not permit you wriggle out of this with lines like "get a sense of proportion."

Again, you're full of shit. Each of the excerpts is covered by its own copyright; they aren't infecting each other. If you take some excerpts from Tom Clancy and mix them in with some quotes from Charles Dickens, it doesn't mean that Tom Clancy gets copyright over the Dickens quotes, nor does the public domain status of the Dickens quotes cause the Clancy quotes to fall into the public domain. *THAT* would be viral licensing, and that's what the GPL does.

You need to be careful with that "shit" term. You are right about the lack of "transfer of copyright" in the domain of the printed word. But the same thing applies to software too. The GPL cannot cause transfer of copyright between owners. If there is an existing body of GPL'ed source code and it is merged with or used to derive new source code, the exact same rules apply as they would with books: genuinely new work is copyright the new author, quoted work is copyright of the old author. The point is: without a license of some sort, you have NO permission to use the existing work in any way, not to copy, not to quote, not to use to derive new work from. If the work was GPL'ed, the author has given you permission to use it as you wish, as long as you use the same license for your own work. The author has no copyright claim on your own original work whatsoever. You are free to issue work that is entirely your own under any license you wish. Work that is derived from the original work (and "derived" here is a technical term that may include compile time linkage, but never includes run time execution) is controlled by the copyright holder of the original work. the copyright holder may choose to prohibit you from using HER work unless you choose a certain license. If you don't agree with that, then you have no permission to use her work; if you do so anyway, you are in violation not of the GPL, but of US and international copyright law.

Re:lawyers

[paulbd]

Another absurd statement, but I digress. "Rights" is such a loaded word; it makes laws sound like unalienable laws. Copyright gives certain "rights" to the author at the expense of the consumer. The GPL takes away some of those rights from the author and gives them to the consumer. There is always a conservation of rights. If society gives you the "right" not to be murdered, it impinges on my "right" to murder you. Our perception of which laws are "rights" is coloured by our nature and nurture; there are no absolute rights.

Another absurd troll. Copyright law removes more or less all rights on the part of anyone except the copyright holder. A license is a way for the copyright holder to grant some rights to others. It is their choice which rights they wish to grant and under what terms. If they decide to use the GPL, then they are issuing you with various rights in exchange for your agreement to use the GPL in any work you do that is related to their work in some specific, enumerated ways. If you don't wish to follow this agreement, they transfer no rights to you, and you may not legally use their work at all. If you do agree to their agreement, then you can use their work. The GPL hasn't given or taken or away any rights - the copyright holder has used the GPL to detail under what terms you have permission to use their work in ways that would otherwise violate copyright law. The copyright holder giveth, the copyright holder taketh away - thats the law. The GPL is just a particular codification of their conditions for you having some rights to their work.

Tried asking the FSF or lkml directly?

[StandardDeviant]

Seems like you might get good info by directly talking to the FSF or linux kernel mailing list... I'm sure some people would piss and moan about binary this and proprietary that, but in the end I think you'd find more people eager to help expand linux's reach in an optimally efficient manner. IIRC the FSF's head legal eagle is a guy named Eben Moglen (there was something posted on /. just yesterday that involved his name, again IIRC.) Personally, although IANAL, making something available for public download from a website sounds pretty much like "distributing" something. True, the user has to decide to download it, but then again your users would have to decide to buy your particular widget (thus potentially getting the linux driver) also...

Distribution Method

[ShadowFlyP]

Nvidia and others do "distribute" binary-only drivers. Just because they don't actively send out CD's with their drivers does not mean they do not distribute them. Under the GPL both methods are concidered a distribution. As far as writing drivers, as long you use the driver module method and do not need to directly change any preexisting kernel code, I do not believe there is any problem at all. That is how Nvidia and others can get away with that.

Protect?

[OttoM]

Why should a hardware company protect the driver? If you make a quality, high performance driver, more people would want to buy the hardware. If you make a lousy, slow driver, not many people would buy the hardware to use on Linux.

So you your company should go for the best possible driver, to increase hardware sales. If that means GPL'ing the driver, you can also benefit from the expertise of a lot of developers.

The counterexample is NVidia

[Isle]

Ask your lawyer how distributing something over the internet is not distributing?

NVidia are distributing binary-only drivers. They do a trick however, where the code that needs to be loaded into the kernel is (L)GPL, and then this cpde interfaces their binary driver. This both allows a buffer to the GPL code but also to support various different versions of the kernel with the same driver.
Moreover it allows for a lot of naive trolls claiming that Nvidia is distribting the source-code because they have seen this little module.

What are they trying to protect?

[CaptainAlbert]

I don't quite see what is lost by releasing a device driver under GPL.

You get:

1) an army of geeks who will instantly worship your company and buy your products;

2) a slightly smaller army of geeks who can actually help you fix bugs in your own product FOR FREE.

You lose... erm, nothing?

The only drawback is that the interface to your hardware (register maps etc.) are no longer as secret as they were. Perhaps you're concerned about competitors stealing your ideas based on that knowledge? Well, think about it this way - if they badly want that information, they will already be reverse engineering your products and your binary-only drivers with a debugger and some elbow-grease.

IMO - you have nothing to lose. Embrace the future... :)

Re:What are they trying to protect?

[Art+Popp]

Though I agree that those should be important considerations in this company's decision, the dangers involved are neither imagined nor trivial.

1) In a technology sector where "time to market" is a crucial feature, distributing source for your drivers gives your competition a considerable edge. Everyone reading this who codes will know exactly what I mean when I say that having a known-good chunk of software to modify is vastly easier than starting from #include <linux/kernel.h>. Drivers are, in fact, a bitch to get right. On a device of median complexity you probably save your competitors a month of dev. time by presenting them with all your clever ideas and a working model on which to base their clone. On a truly clever device you may save them several months.

2) More importantly for some applications, if there are over-broad patents that concern your device, supplying source code can easily make the difference between your opponents having grounds for suit and not having them. Your source code reveals your intent behind your arrays, and the purpose of your function calls. When a lawyer is trying to prove your product is infringing, this is significantly better ammunition than hundreds of lines of debugger output that has to be "interpreted" by their experts.

An earlier poster had what I'd consider the best suggestion. Embed the secret stuff in your app. If your device supports it, make the kernel driver little more than a tool for getting data quickly in and out of user space. This approach has several advantages, among the better is that I (or any user who mucks about with these things) can then upgrade the kernel and recompile your trivial kernel space driver (say past an unrelated, but nasty bug) without begging for your help. I can do this to fix bugs you haven't encountered and present you with fixes for bugs you can't easily recreate, but others may be suffering from.

Best of luck.

Re:Another Winner

[dasmegabyte]

Easy. People ask slashdot because slashdot readers have actually had to deal with these matters on a day to day basis. Your average lawyer may see a handful of case studies.

Now, he may have gone to the sort of lawyer that specializes in software licenses (what sort of lawyer is this? a very very rich sort), in which case you're right that it is kind of stupid to approach the trolls and IANALs. But if he went to Joe Q. Publicstein of Publicstein, Stern and Lowe, chances are he'll get a much more specific answer and leads on a case he may be able to point his legal eagle towards. Which could result in a much more informed decision.

By the by, I've got a feeling that the people who MIGHT press a case on the GPL have bigger fish to fry than a company writing a device driver. If they can't catch Microsoft biting GPL code, why are they going to hunt down developers expanding the OSS market?

Living With The GPL

[Compulawyer]

I am a patent guy, so my licensing experience with the GPL is rather limited (except for using GPL'ed software). However, upon a cursory review, it seems as if this section of the GPL is the cause of most of the concern:

If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

I think the keys here are what count as distribution and separate works. Obviously, the GPL was drafted with traditional software in mind and is not tailored toward embedded systems. You have to answer the questions "Is this a work based on the Program [a piece of software covered by the GPL]?" and "Is this an independent and separate work?" Unfortunately, I don't have enough facts about your system, and we don't have an attorney-client relationship, so I can't give you an answer. What I can tell you is that you should make sure your lawyer is familiar with your code development processes and distributions systems and knows enough about software development so that he can draw principled distinctions between different ways of doing things.

Re:What exactly are you trying to keep secret?

[misterhaan]

this is the same reason device drivers are free. granted they're often only available in binary form, but if i get a piece of hardware by itself i can just go download the driver from the manufacturer (if i can find it).

if you're a hardware company, then until everyday people copy your hardware, there is no need to place restrictions on device drivers. even opening up the source in most cases will not hurt your company, unless you're trying to protect how the device communicates.

if you're selling hardware, sell the hardware. give away the software--it's no good without the hardware anyway.

OT: Law School for Geeks?

[Vagary]

Does the legal community realise that they are in desperate need of lawyers with technical background? If so, are the law schools doing their best to fulfill this need such as lowering admission requirements for people with technical backgrounds or targetting recruiting? Are law schools completely full of English and Philosophy majors that need to get a job or is there some diversity there?

I'm asking because in a year or so I'm going to have a Master's in CompSci and I'm considering my options afterwards. While a PhD would be nice, I've also been looking at law school. I don't think I could resist getting an emphasis in technology law, however I'm not sure what to expect...

GPL questions are very fact-intensive

[n8ur]

IAAL, so unlike most of the posters here, I'm not going to give you a black-and-white answer :-)

My gut feeling is that a loadable module that does not itself incorporate any GPL'd code does not fall under the GPL just because it's run in conjunction with a GPL'd kernel. After all, even if the kernel + driver are considered together to create a derivative work, it's the user, and not you, who creates that derivative work at runtime.

And, the fact that you're using GCC to compile the module doesn't mean anything in and of itself. The real question is the license status of any libs that are linked into the resulting object code file. Whether they are under GPL, LGPL, or something else makes a big difference.

Now for the shades of gray part... any time you're dealing with GPL questions, you have to look at the genealogy of the running executable, working backwards to see what licenses govern the component pieces. It's a very fact-intensive process, and without understanding where all the code came from, you can't come close to giving a reasonable answer.

Re:What exactly are you trying to keep secret?

[Jaeger]

if you're selling hardware, sell the hardware. give away the software--it's no good without the hardware anyway.

I personally agree with you, but I can see two reasons why companies might think this is a bad idea:

• Suppose most of the interesting work takes place in the driver (as in the case of a software printer or modem -- although I imagine this could be the case in other devices as well). The driver then provides an emulation layer between the rest of the operating system and the hardware. Some enterprising clone maker could easily throw a DSP, a transformer, and an RJ-11 jack on a PCI card, copy the driver, and sell a software modem for far less than the original manufacturer.
• There are plenty of companies in the world who still think that it is possible to ship a device that cannot be reverse-engineered, and that any additional information released to the general public is additional information that the Asian clone manufacturerers will use to screw them in the marketplace. They ignore the fact that said Asian clone manufacturerers have enough manpower to disassemble their drivers line-by-line and pour over wall-sized X-ray blowups of their chips to reverse-engineer the silicon at a transistor level. The only people they're hurting in this situation are those who use free operating systems -- and, by extention, their own market share, because those who use free operating systems won't buy their products.

Use FreeBSD or NetBSD or OpenBSD instead of Linux

[Skapare]

I'm assuming that since this is mentioned as an embedded product, your choice of Linux is not for the purpose of making your device work in other people's Linux systems, but is instead, for the purpose having a embedded operating system inside your embedded product. If this assumption is true, then I recommend instead to use one of the BSDs for it, e.g. FreeBSD or NetBSD or OpenBSD. The licensing issues are so much easier. FreeBSD is actually the foundation OS in many a network device on the market over quite a range of sizes from small handheld devices to huge WAN switches. Linux is, too, but if the GPL licensing is the big issue, then give BSD a serious look-see.

If the above assumption is not correct, and you are making a device which is to be accessed by a hosted Linux system, then I can at least say this: I won't use your device in my managed network engines (Linux based) unless the source code is open. This is due to the need to be able to fully audit the entire security and not wanting to have to negotiate for NDA source. Lack of source can cut into your market share, especially where security is an issue (affects network devices far more than high performance video cards). So if you have intellectual property in a network device intended for a hosted system (e.g. for example a 10GB ethernet card or an OC-192 WAN line card), try to keep the intellectual property locked up in the device itself as much as possible.

Re:Linus allows an exception for device drivers

[0x0d0a]

Two posts (parent and grandparent), neither of which links to any comments, which claim that a second person flatly contradicts himself. Lovely.

Why the hell can't you people find links, anyway?