# License Compliance Documentation **Document ID:** LIC-COMP-001 **Date:** 2026-03-01 **Scope:** Complete license analysis for TQMa6UL Yocto Scarthgap BSP --- ## Overview This document provides templates and procedures for generating the license compliance table required for software approval. ## License Categories ### Approved for Military Use (Generally) | License | SPDX ID | Military Use | Notes | |---------|---------|--------------|-------| | MIT | MIT | ✅ Yes | Permissive, no restrictions | | BSD-2-Clause | BSD-2-Clause | ✅ Yes | Permissive | | BSD-3-Clause | BSD-3-Clause | ✅ Yes | Permissive | | Apache-2.0 | Apache-2.0 | ✅ Yes | Patent grant included | | ISC | ISC | ✅ Yes | Permissive | ### Copyleft (Requires Source Distribution) | License | SPDX ID | Military Use | Notes | |---------|---------|--------------|-------| | GPL-2.0-only | GPL-2.0-only | ✅ Yes* | *Must provide source code | | GPL-2.0-or-later | GPL-2.0-or-later | ✅ Yes* | *Must provide source code | | GPL-3.0-only | GPL-3.0-only | ⚠️ Review | Check anti-tivoization clause | | GPL-3.0-or-later | GPL-3.0-or-later | ⚠️ Review | Check anti-tivoization clause | | LGPL-2.1-only | LGPL-2.1-only | ✅ Yes* | *Must provide library source | | LGPL-2.1-or-later | LGPL-2.1-or-later | ✅ Yes* | *Must provide library source | ### Special Cases | License | Military Use | Reason | |---------|--------------|--------| | Proprietary | ❌ No | Closed source, not auditable | | CC-BY-SA | ✅ Yes | Documentation license | | OpenSSL | ✅ Yes | Special license, acceptable | ## License Table Template Download as CSV: [license-table-template.csv](license-table-template.csv) | Package Name | Version | License (SPDX) | License File | Source Location | Military Use | Notes | |--------------|---------|----------------|--------------|-----------------|--------------|-------| | linux-yocto | 6.6.y | GPL-2.0-only | COPYING | sources/poky-scarthgap/meta/recipes-kernel/linux/ | ✅ Yes | Kernel with 2038 support | | glibc | 2.38+ | LGPL-2.1-or-later | LICENSES | sources/poky-scarthgap/meta/recipes-core/glibc/ | ✅ Yes | 64-bit time_t | | busybox | 1.36.x | GPL-2.0-only | LICENSE | sources/poky-scarthgap/meta/recipes-core/busybox/ | ✅ Yes | Core utilities | | u-boot-tq | 2023.10 | GPL-2.0-or-later | Licenses/ | sources/meta-tq/recipes-bsp/u-boot/ | ✅ Yes | Bootloader | | [Additional packages] | | | | | | | ## Generating the Complete Table ### Method 1: Yocto Built-in ```bash # After successful build cd ${MIRROR_BASE}/build # Generate license manifest bitbake core-image-minimal -c do_populate_lic # Find license files find tmp/deploy/licenses -name "license.manifest" -o -name "image_license.manifest" # Copy for analysis cp -r tmp/deploy/licenses ${MIRROR_BASE}/licenses/ ``` ### Method 2: Script-Based Extraction ```bash #!/bin/bash # generate-license-table.sh OUTPUT="license-table.csv" echo "Package,Version,License,Source,MilitaryUse" > $OUTPUT cd ${MIRROR_BASE}/build/tmp/deploy/licenses grep -r "LICENSE:" . | while read line; do pkg=$(echo $line | cut -d: -f2) lic=$(echo $line | cut -d: -f3) # Add logic to determine military use echo "$pkg,,$lic,,TBD" >> $OUTPUT done ``` ## Manual Review Required ### Packages to Flag for Review 1. **Firmware blobs** (WiFi, GPU, VPU) - Location: `linux-firmware`, `firmware-imx` - Often proprietary licenses - May require separate approval 2. **Cryptographic software** - OpenSSL, gnutls - Check export control classifications 3. **Graphics drivers** - Vivante GPU drivers (imx-gpu-viv) - Proprietary binary blobs 4. **Documentation** - CC-BY-SA licensed manuals - Generally acceptable ## Military Use Approval Criteria ### Automatic Approval - MIT, BSD, Apache-2.0: ✅ No restrictions - GPL/LGPL: ✅ With source code provision ### Requires Legal Review - GPL-3.0 with anti-tivoization - Any proprietary license - Custom/TQ-specific licenses ### Automatic Rejection - No license information - Proprietary binary-only - Export-controlled encryption (without clearance) ## Example Package Analysis ### Linux Kernel (linux-yocto) - **License:** GPL-2.0-only - **Military Use:** ✅ Yes - **Requirement:** Must provide complete kernel source - **Status:** Source included in mirror ### glibc - **License:** LGPL-2.1-or-later - **Military Use:** ✅ Yes - **Requirement:** Must provide library source - **Status:** Source included in mirror ### imx-gpu-viv (Graphics Driver) - **License:** Proprietary (NXP SLA) - **Military Use:** ⚠️ Review Required - **Action:** Check NXP license terms for military use - **Alternative:** Use open-source etnaviv driver (if available) ## Deliverables for Approval 1. **Complete License Table** (CSV format) 2. **Source Code Archive** (full mirror) 3. **License Texts** (all unique licenses) 4. **Compliance Statement** (document) --- **Author:** Siggi ⚙️ **Date:** 2026-03-01 **Classification:** Internal Use