A Solution To the Security Guidelines Proposed By FCC For Home Routers (imgtec.com) 55
An anonymous reader writes: Back in March 2015, the United States Federal Communications Commission (FCC) issued a security document that included a series of provisions related to the use of wireless devices. In order to comply with these security guidelines, some manufacturers of home routers and other networking equipment decided to lock down the software powering these devices. This caused an outcry from the open source community who demanded that the FCC and manufacturers would not restrict the free use of the operating system and associated software running on their devices. Now Imagination Technologies is presenting a proof of concept demonstration that addresses the next-generation security requirements mandated by the FCC and other similar agencies. The demo makes use of a feature of MIPS Warrior CPUs called multi-domain, secure hardware virtualization. This technology allows developers to create system-wide, hardware-enforced trusted environments that are much secure compared to current solutions. The platform used for the demonstration runs three virtual machines (VMs) on a MIPS P-class CPU integrated in a router-type evaluation kit; this approach securely separates the OpenWrt operating system from the Wi-Fi driver, allowing them to co-exist in isolation and thus comply with the FCC guidelines.Ars Technica has more details.
That makes it impossible to use open wifi-drivers (Score:5, Insightful)
As I see it, this non-solution is incompatible with open source. How about just simply shipping them with an OS that complies with the FCC rules and let it be the user's responsibility not to put software on it that doesn't comply with the FCC rules?
Re: (Score:2)
Really? I thought reporting news was supposed to be unbiased.
Re: (Score:2)
since the summary explicitly mentions that one of the VMs is running OpenWRT, I'm unsure quite how you mean this. Can you explain?
Re: (Score:2)
Re: (Score:2)
Ah, gotcha. I had interpreted it as meaning "you can't put any open software on it". Barring hardware-only enforcement of the radio restrictions (unlikely for economic reasons) I don't see a solution that doesn't have some proprietary unchangeable software, but I see your point.
Re: That makes it impossible to use open wifi-driv (Score:5, Interesting)
The FCC rules mandate that the end user isn't able to, in any practical manner, use Wi-Fi channels that aren't part of the unlicensed spectrum in the US. This whole thing came about precisely because people running open source software on their routers were using channels that are only legal in Europe and Japan, thus causing interference with other equipment that's licensed to use that spectrum in the US.
Essentially, they just need a way to make it so that radios shipped in the US aren't capable of hitting licensed spectrum, but that's not practical from an economies of scale perspective (I.e manufacturers save on cost by making the same chips for all markets, and then using software to disable different channels on a regional basis.)
In principle, I like the idea of making the radio subsystem be virtualized, and just have a software interface that controls the radio. This could actually improve open source compatibility because you don't even need to worry about i.e closed source broadcom drivers. Kind of like how running Linux or BSD in a virtual machine means you don't have to worry about whether or not your physical hardware is compatible with your chosen OS.
Re: (Score:2)
This whole thing came about precisely because people running open source software on their routers were using channels that are only legal in Europe and Japan, thus causing interference with other equipment that's licensed to use that spectrum in the US.
The report originally cited by the FCC [fcc.gov] doesn't say anything about open source firmware. As far as we can tell, the interference was caused by devices running proprietary software that either was buggy or had been modified to not comply with the local regulation. If you know otherwise, please share your sources.
Re: (Score:2)
or had been modified to not comply with the local regulation.
And how, pray tell, was it modified? Be specific.
Re: (Score:2)
FTFY.
Re: (Score:2)
We tried that. Too many open source users can't be arsed to comply with the FCC rules, or expose every option possible and damn the rules (not their responsibility, as you suggest), so that now open source as a whole will pay the price.
Now you've lost open source access to Wi-Fi radios. Police your community or you can bet
Re: (Score:1)
Or ... just STOP USING SHITTY SOFTWARE DEFINED RADIOS THAT CAN BE MODIFIED AT RUNTIME.
There is absolutely no need for that. Make your chips not suck, get the god damn firmware right the first fucking time, embedded it in ROM and leave it the fuck alone. Don't allow changes to functions/parameters that allow non-legal settings.
THE REST OF THE SYSTEM THEN CAN'T DO ANYTHING THE FCC PREVENTS EVEN IF IT IS RUNNING OSS SOFTWARE.
This isn't difficult in the least, its that no one cares about the handful of people
Re: (Score:2)
The problem I imagine (being only minimally aware of the field), is that the entire point of software-defined radio (SDR) is that you save tons of money by letting a cheap commodity computer handle all the signal processing instead of having hardware do it. Looking at this image as reference:
https://en.wikipedia.org/wiki/... [wikipedia.org]
It appears that the software is probably completely responsible for generating a digitally encoded waveform that's then fed to the hardware - a simple D-to-A converter and amplifier driv
Re: (Score:2)
Price premium (Score:2)
.
"...system-wide, hardware-enforced trusted environments..."
Sounds expensive already...
FCC isn't doing this for us... (Score:2)
It seems a huge part of what the FCC doesn't like are people setting their radios to other regulatory areas and using the nice "clean" spectrum allocated for commercial/government use. None of their proposed solutions really solve the problem, as motivated individuals can just pick up a device next time they are out of the country and put it in their apartment building anyway. Given how low power wifi is already, its likely they would never catch you.
But all this is just BS, because running an out of spec w
Re: (Score:2)
The problem isn't just use of bands outside of the permissible frequencies, it's also power levels and broadcast patterns. Ultimately it all falls under limiting interference, and with both licensed and unlicensed spectrum.
Re: (Score:2)
Wifi is 2 way, you need a way to be able to receive signals from the other wifi devices on the network. Boosting the power through the sky on the AP, and attaching large MMIO antennas won't really get you that far picking up signals from someones cheap cellphone. Yah, you will boost your range, but not by much.
Re: (Score:2)
The explosion of technologies in the extremely limited ISM bands suggests at just how useful this spectrum could be, instead of sitting around mostly unused.
There are valid reasons to have licensed spectrum and communications systems that don't have to be at the mercy of a yahoo with an unlicensed source of interference.
Imagine the result had that joker with the cellphone jammer in his car been stuck in a traffic jam because of and near a multi-car accident, and his jammer was happily disrupting the emergency service providers trying to handle the situation. Is that how you want all communication systems to operate?
Imagine an "open airwaves" white-space netwo
Re: (Score:2)
There are valid reasons to have licensed spectrum and communications systems that don't have to be at the mercy of a yahoo with an unlicensed source of interference.
Sure there are, but by percentage what portion of all the spectrum the FCC allocates is open? There are what the ISM bands and CB. The ham guys have a little more, but we aren't really talking a complete free for all. Licensed devices != licensed operators.
Re: (Score:2)
The idea is just to stay with local gov approved provider(s) no matter the low speed or lack of any local network investment. With ever more gov regulations its back to POTS, costly last mile partial networks of optical or coax from your gov approved monopoly or cozy duopoly network provider.
How a group of neighbors cre
Re: (Score:2)
I have AT&T U-Verse and it is already slower and more expensive than the 768/768 SDSL that I had 10+ years ago.
Re: (Score:2)
Any solution which does not include rent seeking is not a solution.
Or... (Score:2)
Maybe we should just stop looking for solutions and legislation to fix things that aren't a problem?
I mean it's not like the FCC is very good in enforcing the rules they have.
Licensed amateur operation (Score:3)
Does this address the problem of FCC licensed amateur operators that can legally operate on adjacent frequencies and higher power levels?
I thought that the solution.... (Score:2)
Secure?? (Score:2)
So one of the VMs can nicely include the NSA backdoor? How convenient.
Not a solution (Score:2)
Having a WiFi driver that the developer is locked out of repairing is no kind of solution. Having a WiFi driver that can't handle new features developed after the user gets the product is no solution either. And locking hams, who can legally use different frequencies and more power, out of the system is no solution either.
Alternate solution (Score:1)
Stop buying routers. Instead get a Raspi and USB wifi adapter capable of master mode. Put together a preconfigured "router" distro for it that can simply be loaded onto an SD card and configured via a web interface like a normal router.
Re: (Score:2)
Stop buying routers. Instead get a Raspi and USB wifi adapter capable of master mode.
The Pi has a single 100Mbit Ethernet hooked off the USB 2.0 bus. You're putting both the Ethernet and the wifi on the USB, which is going to get congested.
A typical home router has one or two gigabit Ethernet ports hooked directly to the SoC, with one of the interfaces connected to an internal manageable switch. It has one or two WiFi interfaces connected to a high-speed, low-latency bus. The WNDR3700 [openwrt.org] is a good example of the type of hardware people like to run OpenWRT on.
As far as I am aware, there
Or just make your own router (Score:2)
Cheapo Mini-itx system that has on-board ethernet with a wireless card adaptor. That's what I have at my house.