This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

OTA DFU licensing

Hi,
 
I know this is a license question and the default answer is "contact a lawyer if you don't understand the license". But this can hardly be the first time someone has this issue, so I figured I'd ask anyway.
 
We looking into using the Secure DFU bootloader for our application. I was reading through this article and the following note:
 
uECC library is needed for the bootloader to decrypt the signature. uECC is an external library and have to be downloaded from github here. Note: there is a license requirement comes with it.
 
uECC used BSD-2-clause license, which requires us to "Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution."
 
It's a closed source application and the users cannot update the firmware (and thus never handle firmware files, etc). Its managed by service personnel. This has us confused where to put the mentioned notice.
 
I'm seeing the following alternatives:
  • Nowhere since we're not distributing the binary to the end-user
  • In a text-file accompanying the firmware distribution sent to the service personnel
  • In the service manual since its the service personnel that will be using the bootloader
  • In the user manual since even though the user is not actually using the bootloader "its there"

Thank you for any guidance on the issue!

Related