[Battlemesh] Fwd: Re: [internet-freedom] openWRT vs. FCC - forced firmware lockdown?

Mitar mitar at tnode.com
Sat Sep 5 05:54:29 CEST 2015 

Hi!

Some more activity on this topic.


Mitar

-------- Forwarded Message --------
From: Andrew McConachie <amcconachie at berkeley.edu>
Subject: Re: [internet-freedom] openWRT vs. FCC - forced firmware lockdown?

Hey Internet Freedomers,

I wanted to provide an update on this as things have changed.

The original language from the FCC that we discussed is no longer in the
proposed rule change. The specific reference to DD-WRT has been removed,
and it now looks like the below language is what governs this.

"(i) For devices including modular transmitters which are software
defined radios and use software to control the radio or other parameters
subject to the Commission's rules, the description must include details
of the equipment's capabilities for software modification and
upgradeability, including all frequency bands, power levels, modulation
types, or other modes of operation for which the device is designed to
operate, whether or not the device will be initially marketed with all
modes enabled. The description must state which parties will be
authorized to make software changes (e.g., the grantee, wireless service
providers, other authorized parties) and the software controls that are
provided to prevent unauthorized parties from enabling different modes
of operation. Manufacturers must describe the methods used in the device
to secure the software in their application for equipment authorization
and must include a high level operational description or flow diagram of
the software that controls the radio frequency operating parameters. The
applicant must provide an attestation that only permissible modes of
operation may be selected by a user."[0]

In my opinion the FCC has rightly limited their concern of software
update to anything which relates to software controlled radios. The
requirement for device manufacturers will be limited to showing that a
software update cannot reprogram a software controlled radio to cause
interference. In practice, this will most likely mean that binary
drivers will be required to run OS's like OpenWRT, and manufacturers
like Marvel/Avago will continue to obfuscate their hardware APIs. This
is a compromise I think we're going to have to live with.

Below is the comment I made to the FCC(tracking number 1jz-8kvr-4z96).

"
Please do not do anything to interfere with the development of OpenWRT,
DD-WRT or similar alternative firmware. It is important that consumers
maintain the right to change the OS of any devices they own.

For the purposes of preventing spectrum interference it is necessary
that software controlled radios not be easily reprogrammable. However,
this requirement should in no way interfere with the legitimate right of
consumers to change the general purpose OS's of their legally purchased
devices.
    Sincerely,
    Andrew McConachie
"

Comments close on Sep 8, only 7 more days to go. Speak now or forever
hold your bits.

Also, if anyone knows someone at the LibrePlanet SaveWiFi wiki their
page has the wrong comment deadline.[1] Their page says October 9, but
the FCC deadline is September 8.

Thanks,
Andrew

[0]
https://www.federalregister.gov/articles/2015/08/06/2015-18402/equipment-authorization-and-electronic-labeling-for-wireless-devices
[1] https://libreplanet.org/wiki/Save_WiFi/Individual_Comments

On 7/25/15 10:41 PM, Andrew McConachie wrote:
> There is no real way to do this short of getting Linux to relicense.
> Even then, home router manufacturers can always use a BSD Unix. Most
> home routers are nothing but a 4-5 year old UNIX with a buggy
> proprietary web interface anyways. I give money to the FSF and have been
> a member for over 10 years, but sadly there was never a way to fix this
> with the GPLv3.
> 
> Two doubts I have:
> 1) Chipmakers like Avago/Marvel are doing more and more in their
> proprietary binary drivers. Given this, they might just lock them down
> such that frequencies cannot be changed regardless of the OS ontop. Some
> chips already do this. Or they'll produce chips which cannot physically
> change their frequencies.
> 
> 2) Home router manufacturers are notoriously terribly at locking down
> their devices. They sell cheap devices with terribly low margins. They
> don't want to spend any developer time or extra HW on this requirement.
> 
> On the other hand the FCC states that home router manufacturers must
> answer this question:
> "What prevents third parties from loading non-US versions of the
> software/firmware on the device?
> Describe in detail how the device is protected from “flashing” and the
> installation of third-party firmware such as DD-WRT."[1]
> 
> This really does suck. Because it looks like if Netgear were to ship a
> device that could be flashed with DD-Wrt/OpenWrt the FCC might penalize
> them.
> 
> --Andrew
> 
> [1]
> https://apps.fcc.gov/kdb/GetAttachment.html?id=1UiSJRK869RsyQddPi5hpw%3D%3D&desc=594280%20D02%20U-NII%20Device%20Security%20v01r02&tracking_number=39498
> 
> On 7/25/15 8:04 PM, Jethro Beekman wrote:
>> Too late now, but you should have developed GPL3-licensed software and forced it
>> upon AP manufacturers/pressured widely used software on AP's (e.g. Linux,
>> BusyBox) to relicense GPL3.
>>
>> --
>> Jethro Beekman
>> Graduate student researcher
>> 719 Soda Hall
>> Department of Electrical Engineering and Computer Sciences
>> University of California at Berkeley
>> jbeekman at eecs.berkeley.edu
>>
>>
>> On 25-07-15 17:44, Mitar wrote:
>>> Hi!
>>>
>>> Have you seen this, from Battlemesh V8 agenda
>>> (http://battlemesh.org/BattleMeshV8/Agenda). Doesn't look good.
>>>
>>> The new FCC rules are in effect in the United States from June 2nd 2015
>>> [1] for WiFi devices such as Access Points. They require to have the
>>> firmware locked down so End-Users can't operate with non-compliant
>>> parameters (channels/frequencies, transmit power, DFS, ...). In
>>> response, WiFi access point vendors start to lock down firmwares to
>>> prevent custom firmwares (such as OpenWRT) to be installed, using code
>>> signing, etc. Since the same type of devices are often sold world wide,
>>> this change does not only affect routers in the US, but also Europe, and
>>> this will also effect wireless communities.
>>> We would like to discuss:
>>> * What are your experiences with recently certified WiFi Hardware
>>> * How can we still keep OpenWRT on these devices
>>> * What can we suggest to Hardware vendors so that they keep their
>>> firmware open for community projects while still compliant with the FCC?
>>>
>>> [1]
>>> https://apps.fcc.gov/oetcf/kdb/forms/FTSSearchResultPage.cfm?id=39498&switch=P
>>>
>>>
>>> Mitar
>>>
>>


-- 
http://mitar.tnode.com/
https://twitter.com/mitar_m

More information about the Battlemesh mailing list