In association with heise online

21 October 2008, 15:45

Tracking down license infringements with the GPL Compliance Engineering Guide

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Armijn Hemel, who works with Harald Welte at, has published a guide describing how the project tracks down GPL- or LGPL-licensed software in embedded devices. The 26 pages of the GPL Compliance Engineering Guide (PDF) explain how their process works; A firmware analysis is carried out including a detailed examination of bootloader, boot sequence, filesystem, compression techniques and executable files. The document also describes the relevant research tools, such as binutils, hexdump, file, strings, tar, gunzip/zcat, lzma, squashfs-tools and mtd-tools. If the bootloader is not available in a firmware update, then a connection to the examined device can is established via a serial console or JTAG connector.

In the last part of the guide, Hemel lists software, including Linux kernel modules, C libraries and the BusyBox tool collection, which is often present in these devices. Although most GPL and LGPL infringements can be found in connection with Linux based devices, Hemel also addresses Compliance Engineering for Windows. Cygwin, which is used for porting POSIX programs to Microsoft Windows and is available under GPL, is used in several expensive routers says Hemel. He concludes the guide with a check list and action plan detailing what to do if a licence infringement has been discovered. Hemel is an employee at Loohuis Consulting, a Dutch company which offers GPL Compliance Engineering as a service.

The GPL licensing requirements stipulate that software which uses GPL licensed open source software must in turn be released under a GPL and that the source code must be made available. The project examines embedded devices, looking for potential violations and takes legal action against companies who don't adhere to the GPL and LGPL regulations.

In July last year the Munich regional court ruled that VoIP provider Skype violated the GPL by selling a Linux based VoIP phone by SMC Networks without making the source code available.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit