A Solution To the Security Guidelines Proposed By FCC For Home Routers

An anonymous reader writes: Back in March 2015, the United States Federal Communications Commission (FCC) issued a security document that included a series of provisions related to the use of wireless devices. In order to comply with these security guidelines, some manufacturers of home routers and other networking equipment decided to lock down the software powering these devices. This caused an outcry from the open source community who demanded that the FCC and manufacturers would not restrict the free use of the operating system and associated software running on their devices. Now Imagination Technologies is presenting a proof of concept demonstration that addresses the next-generation security requirements mandated by the FCC and other similar agencies. The demo makes use of a feature of MIPS Warrior CPUs called multi-domain, secure hardware virtualization. This technology allows developers to create system-wide, hardware-enforced trusted environments that are much secure compared to current solutions. The platform used for the demonstration runs three virtual machines (VMs) on a MIPS P-class CPU integrated in a router-type evaluation kit; this approach securely separates the OpenWrt operating system from the Wi-Fi driver, allowing them to co-exist in isolation and thus comply with the FCC guidelines.Ars Technica has more details.

Re: That makes it impossible to use open wifi-driv

[ArmoredDragon]

The FCC rules mandate that the end user isn't able to, in any practical manner, use Wi-Fi channels that aren't part of the unlicensed spectrum in the US. This whole thing came about precisely because people running open source software on their routers were using channels that are only legal in Europe and Japan, thus causing interference with other equipment that's licensed to use that spectrum in the US.

Essentially, they just need a way to make it so that radios shipped in the US aren't capable of hitting licensed spectrum, but that's not practical from an economies of scale perspective (I.e manufacturers save on cost by making the same chips for all markets, and then using software to disable different channels on a regional basis.)

In principle, I like the idea of making the radio subsystem be virtualized, and just have a software interface that controls the radio. This could actually improve open source compatibility because you don't even need to worry about i.e closed source broadcom drivers. Kind of like how running Linux or BSD in a virtual machine means you don't have to worry about whether or not your physical hardware is compatible with your chosen OS.