UPDATE: Intel has been in contact in regards to this piece, providing a statement on the situation from an Intel spokesperson.
"We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version. As an active member of the open source community, we continue to welcome all feedback and thank the community."
The updated version of the Intel license can be viewed here, but here it is in full:
Redistribution and use in binary form, without modification, are permitted, provided that the following conditions are met:
- Redistributions must reproduce the above copyright notice and the following disclaimer in the documentation and/or other materials provided with the distribution.
- Neither the name of Intel Corporation nor the names of its suppliers may be used to endorse or promote products derived from this software without specific prior written permission.
- No reverse engineering, decompilation, or disassembly of this software is permitted.
“Binary form” includes any format that is commonly used for electronic conveyance that is a reversible, bit-exact translation of binary representation to ASCII or ISO text, for example “uuencode.”
The good news then is Intel is listening and has altered its license agreement in order to reflect this.
Original Story: 23-Aug-2018 - Intel EULA Agreement Forbids Linux Users From Sharing CPU Benchmarks of L1TF Performance Hit
Intel has pushed out new microcode updates for its CPUs running on Linux distributions designed to mitigate potential attacks, such as the recently published ‘Foreshadow’ L1 Terminal Fault processor vulnerability.
But, and you just knew there would be a but, tucked inside the EULA (End User License Agreement) that must be agreed to prior to the installation, there is a section prohibiting the publication of CPU benchmarks associated with the update. This would prevent, for example, someone comparing the before and after performance hit from installing the microcode update.
"You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results."
It’s the bit in bold we’re primarily interested in, letting users know they are forbidden from publishing benchmark results or providing results for others to publish. This represents a rather gross invasion of consumer rights and naturally highlights the potential performance hit that Intel is attempting to cover up. Trying to hide this data isn’t going to help anyone, acting as a Streisand effect rather blocking coverage.
Needless to say, these EULA’s aren’t worth a jot in the European Union and plenty of other places too, making Intel’s attempted cover-up seem all the more futile. Naturally, a few Linux-focused sites have already benchmarked the update prior to the discovery of the EULA terms, identifying varying degrees of performance impact depending on system tasks.
While at the moment this is limited to Linux users running Intel CPUs, this is perhaps a more worrying portent of how Intel could attempt to prevent CPU benchmarks wholesale.
What are your thoughts, is this a step too far from Intel? Is this a blatant infringement of consumer rights? Let us know your ponderings!