and add the Enterprise / Commercial licensing option.
Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
* Community Edition: AGPLv3 (strong copyleft, including network use).
* Enterprise / Commercial Edition: proprietary license for production /
multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
ENTERPRISE.md and clarifying how companies can obtain a commercial license.
Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
alternative proprietary license that allows internal, large-scale, or OEM
use (bulk provisioning, policy enforcement, inventory / revocation,
custom attestation, signed builds) without AGPL disclosure obligations.
This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
If present, when requested enterpriseAttestation==2 for MC, this certificate is returned in the x5c field. If not present, a batch attestation is returned.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
Once enabled, it allows to generate a CSR in the device, which is sent to our PKI. If valid, it returns a signed certificate by an intermediate CA that will be used for attestation.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
To do this a MSE command is added, to manage a secure environment. It performs a ephemeral ECDH exchange to derive a shared secret that will be used by vendor commands to convey ciphered data.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
It is a self implementation, based on CBOR command.
data[0] conveys the command and the contents mapped in CBOR encoding.
The map uses the authConfig template, where the fist item in the map is the subcommand (enable/disable at this moment), the second is a map of the parameters, the third and fourth are the pinUvParam and pinUvProtocol.
With this format only a single vendor HID command is necessary (0x41), which will be used for all my own commands, by using the command id in data[0] like with CBOR.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
