Update: As Intel alluded to doing, it has gone and removed the benchmarking restriction from its microcode license. It now reads:
Redistribution and use in binary form, without modification, are permitted, provided that the following conditions are met:
- Redistributions must reproduce the above copyright notice and the following disclaimer in the documentation and/or other materials provided with the distribution.
- Neither the name of Intel Corporation nor the names of its suppliers may be used to endorse or promote products derived from this software without specific prior written permission.
- No reverse engineering, decompilation, or disassembly of this software is permitted.
“Binary form” includes any format that is commonly used for electronic conveyance that is a reversible, bit-exact translation of binary representation to ASCII or ISO text, for example “uuencode.”
Original Story: Intel has been issuing microcode updates for several weeks now address a range of side channel attack vectors affecting its processors, including Spectre, Meltdown, and more recently one called an L1 Terminal Fault. For whatever reason, Intel updated the license for its most recent microcode update to forbid sites from publishing benchmark data.
Here is the controversial snippet of the updated license, with the important part bolded (by us):
"You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results," the license states.
The reason this restriction is problematic is because it seemingly prevents sites from publishing benchmark data highlighting any potential performance penalties from applying microcode updates. And in fact, the small print is precisely why Debian withheld issuing a microcode package to deal with security concerns, The Register reports.
Open source programmer Bruce Perens brought widespread attention to the issue in an article of his own, noting that "lots of people are interested in the speed penalty incurred in the microcode fixes, and Intel has now attempted to gag anyone who would collect information for reporting about these penalties, through a restriction in their license."
That would be a big deal, if true, though this might be a case of someone at Intel not taking into account the larger picture of including such a restriction. Or it could mean that Intel's latest microcode updates are having a bigger impact than anticipated. In any event, Intel provided a statement to TomsHardware saying it's in the process of updating its license once again.
"We are updating the license now to address this and will have a new version available soon. As an active member of the open source community, we continue to welcome all feedback," Intel said.