DaemonForums  

Go Back   DaemonForums > Miscellaneous > Off-Topic

Off-Topic Everything else.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st September 2015
fn8t's Avatar
fn8t fn8t is offline
Real Name: Ego
Shell Scout
 
Join Date: May 2014
Location: Tao
Posts: 120
Default FCC wifi firmware lockdown

Do you think that the proposed FCC wifi firmware lockdown in the U.S. will force secure boot on laptops sold with newer wifi radios?
Reply With Quote
  #2   (View Single Post)  
Old 1st September 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

There is a proposed rule under consideration. This is a week old, and proposes specific governance changes for Software Defined Radios, which affects WiFi on any device -- routers, handsets, workstations, refrigerators... Relevant excerpt:
Quote:
To minimize the potential for unauthorized modification to the software that controls the RF parameters of the device, grantees would have to implement well-defined measures to ensure that certified equipment is not capable of operating with RF-controlling software for which it has not been approved. All manufacturers of devices that have software-based control of RF parameters would have to provide specific information about the software capabilities of their devices. The Commission proposed to require that an applicant for certification explicitly describe the RF device's capabilities for software configuration and upgradeability in the application for certification. This description would include all frequency bands, power levels, modulation types, or other modes of operation for which the device is designed to operate, including modes not enabled in the device as initially marketed. Also, an applicant for certification would have to specify which parties will be authorized to make software changes (e.g., the grantee, wireless service provider, other authorized parties) and the software controls that are provided to prevent unauthorized parties from enabling different modes of operation.
The second is not a proposal, it is a guidance document for U-NII (IEEE 802.11a) certification. Of note is a requirement to address Third-Party Access Control, which asks the vendor:
Quote:
What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from “flashing” and the installation of third-party firmware such as DD-WRT.

Last edited by jggimi; 1st September 2015 at 03:28 PM. Reason: clarity, adjusted a link
Reply With Quote
  #3   (View Single Post)  
Old 1st September 2015
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

Quote:
What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from “flashing” and the installation of third-party firmware such as DD-WRT.
This is particularly interesting as there are several router vendors, Buffalo in particular, that offer products specifically designed for, and pre-loaded with, DD-WRT.
Reply With Quote
  #4   (View Single Post)  
Old 1st September 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

The ruling regarding U-NII certification one year earlier required the vendor to secure the devices from unauthorized modification. And, in their applications, vendors must clearly describe their security and authentication mechanisms, and firmware installation governance.

Most likely, Buffalo has not applied for certifications since March 31, 2015 for their 802.11a devices, since they mention loading anyone else's build of DD-WRT voids the warranty.

But let us conduct a thought experiment. Suppose a vendor has applied. Suppose they stated clearly that their firmware they supply is a vendor-controlled build of DD-WRT, that firmware upgrades require customer authentication with physical access, and that they use TLS encryption to transfer firmware builds to the customer, with SHA256 hash signatures. Let us further state that they *permit* the authorized customer to load their own firmware, but that this voids their warranty.

The 2014 ruling specifies that only authorized firmware, as defined by the vendor, should be able to be installed. (A third-party DD-WRT load would violate that requirement.)

I guess that the FCC would deny the certification of this type of product today.

For the 5Ghz band, new products must have a way to authenticate firmwares to be installed, and the vendor's firmware installation procedures must authenticate the firmware before installing. But I also guess that the firmware could be a vendor build of DD-WRT, such as Buffalo uses.
Reply With Quote
  #5   (View Single Post)  
Old 3rd September 2015
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

Quote:
Originally Posted by jggimi View Post

Most likely, Buffalo has not applied for certifications since March 31, 2015 for their 802.11a devices, since they mention loading anyone else's build of DD-WRT voids the warranty.
:
:
:

I guess that the FCC would deny the certification of this type of product today.

For the 5Ghz band, new products must have a way to authenticate firmwares to be installed, and the vendor's firmware installation procedures must authenticate the firmware before installing. But I also guess that the firmware could be a vendor build of DD-WRT, such as Buffalo uses.
There does not appear to be much of a future for DD-WRT except for those who tenaciously hold on to legacy hardware. I have not looked a 5GHz wireless cards - are there any that do not require firmware.

Thinking out loud about the possibility of making my own OpenBSD arm based wireless router.
Reply With Quote
  #6   (View Single Post)  
Old 15th November 2015
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

An update.

Quote:
One of our key goals is to protect against harmful interference by calling on manufacturers to secure their devices against third party software modifications that would take a device out of its RF compliance. Yet, as the record shows, there is concern that our proposed rules could have the unintended consequence of causing manufacturers to “lock down” their devices and prevent all software modifications, including those impacting security vulnerabilities and other changes on which users rely. Eliciting this kind of feedback is the very reason that we sought comment in an NPRM and we are pleased to have received the feedback that will inform our decision-making on this matter.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Issue with wpi firmware jenright OpenBSD Packages and Ports 10 5th February 2015 11:48 PM
Which firmware file for intel wifi 5300 ? Angevin OpenBSD General 5 31st October 2014 02:15 AM
how to upgrade firmware? tls OpenBSD Installation and Upgrading 9 30th April 2012 10:50 PM
lockdown lumiwa FreeBSD Security 6 12th September 2008 10:36 PM
location for wpi-firmware-.tgz bsdnewbie999 OpenBSD General 1 18th June 2008 04:20 AM


All times are GMT. The time now is 11:52 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick