OpenBSD Activism Shows Drivers Can Be Freed

grey writes "The Age has a story up about how the OpenBSD community has been contacting wireless chipset vendors to license their firmware binaries under terms that would allow for free redistribution. This is important, because even with existing GPL and BSD licensed drivers for these chipsets, the drivers don't function without first loading onerously licensed firmware binaries which can only be acquired from the vendor, not shipped by an OSS provider." (Read more, below.)

grey continues "This means that currently, these wireless NIC's don't work out of the box on OSS install or boot media. In just the first 4 days, hundreds of users wrote and called vendors, and already 2 vendors freed their firmware, and several others are in discussions with Theo de Raadt about taking similar steps.

We need your help! TI has still not responded at all. You can call or write to Bill Carney, - Director of Business Development of TI's WNBU to add to the approximately 400 well written messages the OpenBSD community has already sent to TI. We hope that you'll help, and if you do please keep messages polite and to the point. Please remember, we are not asking for the vendors to open source their firmware under the GPL or BSD licenses (though we wouldn't complain if they did). Instead, ask if they would simply email Theo to open discussions on licensing their firmware binaries under terms that allow for free redistribution. If changed, these firmware binaries would then be able to be included with OSS software and function with existing BSD and GPL licensed device drivers from the start.

You can find other contacts for target vendors here, here, here, and here, and it can't hurt to sign this petition. These changes aide all OSS efforts, not just OpenBSD. As you can see from the OpenBSD community's results already, contacting these vendors really does make a difference. We're sure that with the numbers of OSS minded readers in the Slashdot community you can really help with the heavy lifting where fewer numbers of BSD users have already begun to succeed, and all Open Source Software users will benefit."

If you love your driver

You must set it free.

Why NOT?

[TexasDex]

Really. I never understood the reason for such restrictive licenses on drivers. I could distribute the drivers far and wide, but without buying the company's hardware (read: paying them money) they are really really useless.

So why do companies have a problem with free driver distribution?

Re:Why NOT?

[Coneasfast]

They don't want you getting a driver from some shady site that put a virus in it, and thus giving their company a bad name (at least for dumb-computer-users).

1) most people should know to download drivers from the computer manufacturer / device manufacturer. and if someone wanted to do that, they could without having the source code, just have to put a virus in the installer or reverse engineer the code.

2) i don't think this is the issue here, look how many drivers are in the BSD/linux source code, has this really become a problem? no. will it ever? probably not.

Re:Why NOT?

[cmowire]

A variety of reasons, and there's probably a bunch more that I'm not aware of:

• Legal counsel decides it's a bad idea because it could expose them to liability
• It really does expose them to liability. For example, you could exceed FCC restrictions on the ISM bands by programming your card to emit more power than it should on frequencies it's not allowed in the US to be in.
• They are selling the same hardware as three different products with only the drivers different.
• You could make a linux-based device cheaper than their stand-alone equivelent.
• There are bits of licensed code in the driver that aren't theirs to give out.
• They are using a reference design and the driver contains features unique to their product. If they let the driver out, people will be able to buy the cheaper implementation of the same reference design and get those features.

Re:Why NOT?

[SydShamino]

Dude, note that this is for FIRMWARE, not drivers. Big difference.

Hardware used to do things using discrete transistors, resistors, diodes, etc. These days most of that (and more) can be done better in high-density logic devices. But the "top of the line" high density logic, ASICs, still have too great a startup cost for many companies. Plus, they cannot be field upgraded.

The next best logic, FPGAs, are not hard-coded with the firmware. Instead, they load it from a memory source on the hardware - or they load it from the operating system on boot or plug-in. The advantage of the latter is that you don't have to pay for the EEPROM or flash to store the firmware on board, and updating the firmware is as simple as downloading a new binary to your computer. (Overwriting EEPROM or flash firmware on hardware can be dangerous, as a failure could prevent the hardware from being recognized to try again.)

So, firmware (i.e. code for the hardware) ships with the software driver, but is separate from it. Your next question will be: Why don't they open-source their firmware, too?

And the answer here is simple. They have to pay someone to design that firmware, lay out the PCB, spec in parts and materials, and then provide hardware to build those units. If their firmware is available to all, then someone else can take that code, copy their PCB, and produce the exact same board except with no overhead of R&D. Heck, they could even provide (under the table) vendor and device information so that it looked exactly like the primary company's product, would work with their driver, etc.

Why would any company want to do that? One of the early competitors of my company, 15 years or so ago when we used TTL parts, copied the entire product exactly. Reverse engineered the PCB. Then ran advertisements showing the two boards side-by-side, explaining how they were identical except that theirs cost less because they have no research overhead.

So, of course, my company leveraged its research "overhead" to produce a better, faster product that also happened to not be so easily copied. This resulted in our first ASIC. There is no way that we or most other existing hardware companies would return to the days where anyone can copy their products.

Re:Why NOT?

Dude, this article is about -licensing- the firmware in such a way that it can be shipped by OSS vendors - NOT about Open Sourcing it (quote: "Please remember, we are not asking for the vendors to open source their firmware under the GPL or BSD licenses"). Stop trying to answer a question no one was asking, you're either making yourself look foolish or intentionally misleading people when you do such things.

Anyone who wanted to reverse engineer the firmware would have just as tough a time doing it _now_ as they would if the firmware was able to be shipped on a knoppix or OpenBSD CD instead of downloading it from a website with an Intel licensing splash page.

You have some worthwhile points and you explain the distinction between drivers and firmware well, but your argument and company's experience is not relevant in this instance. Getting companies like TI and Intel to license their firmware in a way that allows for other vendors to provide it out of the box is just going to help users - other companies which might be helped or hindered by open sourced firmware will be completely unaffected, because the challenge will remain the same as it is now.

Let's take that intellect and argumentative skills and point it at contacts for TI and intel instead of veering off course.

Re:Why NOT?

[Bastian]

While I agree that most of those are good reasons, I must say that I think that something is terribly wrong with the legal system if the vendor can be liable for my intentional misuse of their product.

I envision a similar situation in which Detroit gets sued because they are liable for a person's speeding ticket. Only the person had to override some sort of speed limiter device in order to do it.

Re:Why NOT?

[RedLeg]

So why do companies have a problem with free driver distribution?

A: In the case of wireless, the FCC plays a part.

An 802.11 Wireless Card is a software controlled radio, and must be licensed per FCC regs (in the USA, your country's rules might be different). Since the 802.11 PHY operates over several channels within the specified band, it must be able to select and switch between these channels via software, and to adjust its transmit power for optimum performance based on the changes in temperature of the transmitter, and changes in the frequency, among other things.

But different regulatory domains (countries) allow different channels within the bands, meaning a card in the US may be able to operate on a channel in the B band which is not licensed for another country, or vice versa. This is particularly true in the A band, where a whole middle "chunk" is not legal for use in the US.

Bottom line is that in order for the producer to get a license for the radio (and trust me, you do NOT want it to be the case that you, the operator, have to secure that license), he is NOT ALLOWED to expose the controls for power, et al, to the end user.

Now, if the driver / firmware (distinction / similarity discussed elsewhere in the thread) is open source, then by definition the controls in question are exposed to the end user. There would be nothing to prevent an end user from operating his card at a higher than legal power, or outside the legal freqs for the local regulatory domain.

NOW, all that being said, that is not to say that SOME hardware manufacturers haven't tried to do the right thing, and strike a compromise.

The MAD-WiFi Project http://sourceforge.net/projects/madwifi, (FAQ here) produces an open driver for the cards with Atheros chipsets. The bulk of the code is open, and under a good license. To meet the FCC requirements, they implement the "required to be secret" controls in a binary-only Hardware Abstraction Layer (HAL), but the rest of the code is open, free for you to read and modify.

And it works. I'm typing this through a Netgear card, running the MAD-WiFi driver (with TKIP encryption, IEEE 802.11i 4-way handshake and authentication handled by wpa_supplicant) on Gentoo Linux.

Credit is due to Sam Lefler and most importantly to Greg Chesson (of Atheros). Yes, it's that Greg Chesson, the same one mentioned of late by Rob Pike in his recent ./ interview.

Note that, AFAICT, all of this happened without Theo de Raadt pimping around or making an ass of himself, as he is want to do. Disclaimer: I lost patience with Theo and TheoBSD a long time ago.

Re:Why NOT?

[Chandon+Seldon]

Remember:

Bittorrent is no different than, say, HTTP when it comes to this sort of thing.

If you're bittorrenting down a ISO from, say, the Knoppix official tracker - You know it's fine - same as if you downloaded it by HTTP from the same site.

Now if you're randomly downloading stuff from Hack-My-Computer.com, that's a different issue.

Re:Salient point:

[gl4ss]

*Why settle for binary only?*

because it's doable and reasonable, and most importantly something that the vendors could agree to.

(they don't really lose anything if they allow the binary versions to be distributed along the os's, all they lose is that people won't dl the files from them directly)

Theo

[CaptainPinko]

People have criticised Theo for being agressive and less than baby-ass smooth --hell he got booted from NetBSD for it-- but he's gotten results first with the quality of OpenBSD and now with this. I think he has earned the right be hostile if he wants to- it works.

I wonder if Linus could do something similar to get ATI and NVidia to open up...

what's with 'related links' ?

[ch-chuck]

comparison shop for 'your rights online' ? wtf???

That's like the old Lycos at one time put in this automated advertising thing, so you search for libstdc++-devel-3.2.2-5 and it comes back with "Find bargains on libstdc++-devel-3.2.2-5 at Amazon.com!", "See what people are saying about libstdc++-devel-3.2.2-5 on movietalk.com!"

firmware are not the crown jewels

The hardware -design- is the "keys to the kingdom" not the firmware, and they're not even asking for the firmware binaries to be open sourced - merely licensed so that they can be distributed freely by OSS vendors. Feels like I'm just quoting the article here, so I guess you might need to reread it more carefully.

If you've dealt with traditional firmware it's called "firm" because it's usually written to a flash memory of some sort on the device (be it CD Burner, NIC, etc.) in this case these vendors are cheaping out on an inexpensive piece of flash memory, and instead designing the 'firmware' to be loaded by the driver, thus unless the driver loads it each time the computer is turned on, then it disappears, it is not static. As such, it makes the hardware utterly useless unless you not only have a device driver, but also this firmware binary loaded. If they had spend a few cents extra and invested in a flash chip that moved with the hardware, this wouldn't be an issue. Instead, they've turned a hardware design issue into a software problem, and if they don't allow for that firmware blob to be redistributed with software drivers (be they proprietary or otherwise) from other vendors - the hardware is useless.

Rather than making a strawman argument about this issue which you didn't take the time to fully understand despite the large amount of text and background links in the story, it would really help everyone if people would write the vendors in question and ask for them to make a minor change. No one is asking them to open their designs a la opencores.org, merely license their firmware blobs in such a way that the firmware can be shipped with other Operating systems that -already- have OSS drivers.

(Going to write and call now instead of waste more breath on slashdot responses)

This is what I'm gonna do.

First; Write your letter to the hardware company.
Second; Sign the above mentioned petition.
Third; Only buy hardware from companies that are OSS friendly, that make good products for which they do not rely on disabling the expensive features in software.
Forth; Send a(nother) letter to the hardware company that makes the devices that you would have preferred to buy, and tell them why you didn't buy it.

Re:Bahh

[ComputerSlicer23]

Oddly enough, what this is doing, is precisely the way that the PWC/PWCX should be handled. He could have easily started shipping a module that was compiled out of tree, or as a patch, then no GPL violations happened (if you compile your own and don't distribute, there's literally nothing that is illegal you can do, it's only at the point that you distribute binaries that you get into trouble). He could have designed the other module to merely hook into it if it was loaded as opposed to designing it to require a function pointer. That was where it all went so badly wrong. If the binary only module was loaded inplace of the GPL'ed version it would have been fine. The problem was that the GPL'ed one was runtime linking to non-GPL'ed code. The code he was putting into the binary only version was clearly developed independently of Linux in the same fashion that the NVidia driver was (it was used in a different OS first, and it used essetially the same interface to the kernel as userspace does, thus passing Linus's criteria for not being a derived work).

The problem was that there was a hook there that had the sole purpose of explicitly violating the GPL. Here, the firmware isn't linking with the GPL'ed code. So it's all good. This is uploading firmware from userspace via the kernel. Requiring it to be GPL'ed is like requiring that the files I read and write be GPL'ed because they passed thru the kernel.

The firmware loading is there to resolve several pseudo GPL violations (I believe Adaptec has long strings of stuff that is a binary code that gets loaded into the firmware that people claim "we should have the source"). I've always held the believe that that code is not linking with the GPL'ed code, it is merely data as far as the kernel is concerned (you don't have to GPL the constants you use in drivers). While the firmware is intersting and it's plausible that OSS could improve it, it just saves the costs of burning a ROM in case there are bugs that have to be fixed.

This all came up not that long ago and was a possibly blocking problem with the next debian release, but they choose to overlook the problem. The firmware loading is clever because it solves several problems, and is more flexible, and moves the problem outside of the kernel, and turns it into a data problem, not a code problem.

Kirby

What the hell were they thinking?!

[FyRE666]

Honestly, why would someone submit this to Slashdot? I mean, they've managed to submit hundreds of "well written" messages to vendors, and now they're about to fuck it all up by encouraging the illiterate, and largely uninformed masses here to send in their own special brands of wisdom.... Then there's the goatse fans, tubgirl gang, "BSD is dying" trolls and other shining stars of the forum just waiting to get in on the fun... ... oh well, it could have worked ;-)

"You have 1,000,000 new messages"

[IgD]

Here is the reply I got when e-mailing him:

"This is an automatic reply.
I will be away from the office on business in Europe from 12n Monday 11/1 through Friday 11/5. During this time, there may be a delay responding to your email. /b"

I wonder what his expression will be on Monday when he checks his e-mail...

Firmware is not drivers

[iabervon]

This is about firmware, which is code which gets sent to the device and helps the device work. These are not drivers, which you run on your processor. Typically, firmware is written either for some weird variant of C, or for a completely non-sequential language (for FPGAs). You'd probably have a really hard time compiling it if you had the source. One set of firmware I know of only builds with a particular non-current version of a $10K/seat commercial compiler; this isn't unusual. Furthermore, they're often signed, if only to keep people from messing up their hardware by loading a broken version into it.

In any case, these aren't programs for your computer, and it is merely a matter of convenience that they aren't sealed into the device at the factory (so you can update them without sending the device back). It doesn't make any more sense to want the source for the firmware for your NIC than it would be to ask for the source to the firmware for your microwave.

Previously, the firmware was only available from the manufacturers directly, and licensed such that you weren't supposed to redistribute it. OpenBSD people complained that making people go online to update their NIC so that it works is a bit annoying, and that they'd like to be able to get it from OpenBSD, whose CD they would be getting and who would be happy to download the firmware for them.

Re:Don't help distribute problems.

[ComputerSlicer23]

More importantly, the location of the software and how it is installed in the device is a red herring

Well, that's an interesting point. However, in this case, the firmware could effectively be in silicon. It's just easier to make it not be in silicon. Do you ask Intel for the rights to their Microcode? Intel/AMD CPU's (that's pretty much definitely hardware), have microcode patches.

Do you demand Transmeta software. Their CPU is a big software translation engine, but they burn their software into a piece of silicon because it executes faster.

Do you ask Intel for the plans to their CPU so you can use the Free Software concepts to fix up their CPU designs? They are nothing but big pieces of software that are turned into hardware by a very precise etch-a-sketch.

The problem is that hardware is software, and software is hardware. Especially at the level of firmware. If it's programming an FPGA, that's literally hardware that is changeable. You are configuring a bunch of AND and OR gates. If it's running an ARM, you might have a development environment.

However, if it's say the Adaptec SCSI firmware, you have a non-standard instruction set, with non-documented hardware. A non-existant tool chain. What do you want the source for? The only reason they do things in firmware, is so they can avoid soldering wires, flashing the PROM, or forcing you to physically pull the ROM and replace it if they find a problem. If they document it's behaviour and say "avoid that", it effectively becomes a hardware problem, the same as if they burned it to silicon.

Open Source is a fairly practical solution to an Engineering problem. It's applying the age old solution of scientific peer review to the world of software. The freedom is incidental, but most of the original great science was fairly publicly available. At the level you are talking about, you are beginning to approach, "Well, is it a wave, or is a particle", when discussing "is it software, or is it hardware". I mean the CPU is flash upgradeable, and I'd say the CPU is about as hardware like as hardware gets.

I agree that most of the time, all software should be open. However, in the case of the firmware, I think several different issues come up. Not the least of which are, you'll need the vendor to open the docs on the specifications of the hardware internals (this works at a lower layer then the driver does). You'll needs a tool chain for an assembler that might literally be a one-off designed in house by a hardware engineer. At some point, they'll be a layer of software, that until there is an open hardware maker that will be inheriently propritary (documenting the firmware properly essentially draws a blueprint for the hardware). The economics of the situation make no sense for the hardware makers to make it public knowledge. I'm not saying it's a good thing, but economics makes the computer world go around. The economics of hardware is what made writting software a possibility for so many of us. To blindly ignore them is naive. I wish that there was more open hardware that was actually made and sold as high quality equipment. I know I'd pay a premium for it to get hardware that was open all the way down to the traces on the board level.

Kirby