Fwd: Re: [Mesh] openWRT vs. FCC - forced firmware lockdown?
3 views
Skip to first unread message
The Doctor
Jul 29, 2015, 2:37:53 PM7/29/15
to Byza...@hacdc.org
Even though Project Byzantium appears to be in cryogenic suspension (I
nearly wrote 'cryptogenic suspension'...) I think it would behoove us to
step forward and tell the FCC that this cannot stand.
Here's a link to the FCC's proposal:
https://apps.fcc.gov/oetcf/kdb/forms/FTSSearchResultPage.cfm?id=39498&switch=P
Following is a breakdown of the salient point.
--
The Doctor [412/724/301/703/415] [ZS]
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/
"The world is not a match for you and me/No matter what we used to say!"
--InSoc
-------- Forwarded Message --------
Subject: Re: [Mesh] openWRT vs. FCC - forced firmware lockdown?
Date: Tue, 28 Jul 2015 13:31:11 -0700
From: Marc Juul <ju...@labitat.dk>
To: Mitar <mi...@tnode.com>
CC: mesh <me...@lists.sudoroom.org>
On Tue, Jul 28, 2015 at 1:25 PM, Marc Juul <ju...@labitat.dk
<mailto:ju...@labitat.dk>> wrote:
On Sat, Jul 25, 2015 at 5:18 PM, Mitar <mi...@tnode.com
<mailto:mi...@tnode.com>> wrote:
Hi!
From Battlemesh V8 agenda
(http://battlemesh.org/BattleMeshV8/Agenda):
The new FCC rules are in effect in the United States from June
2nd 2015
[1] for WiFi devices such as Access Points. They require to have the
firmware locked down so End-Users can't operate with non-compliant
parameters (channels/frequencies, transmit power, DFS, ...). In
response, WiFi access point vendors start to lock down firmwares to
prevent custom firmwares (such as OpenWRT) to be installed,
using code
signing, etc. Since the same type of devices are often sold
world wide,
this change does not only affect routers in the US, but also
Europe, and
this will also effect wireless communities.
We would like to discuss:
* What are your experiences with recently certified WiFi Hardware
* How can we still keep OpenWRT on these devices
* What can we suggest to Hardware vendors so that they keep their
firmware open for community projects while still compliant with
the FCC?
Fucking hell. I just sent emails to TP-Link and Ubiquiti stating
that we rely on this for our organization and asking what they're
planning to do.
Ubiquiti already locked down channel selection and made separate
EU/US models so it's not unthinkable that they'll actually do the
right thing. TP-Link also already has Chinese and US/EU versions of
some routers. Maybe we can get the EFF to help launch a campaign for
device freedom to make the manufacturers aware that this is important?
Hopefully we can scale quickly enough using current-generation gear
that we'll be able to have our own routers FCC certified and mass
produced before it becomes an issue. If need be we can create a
meta-organization for all the world's mesh groups to make a few
types of routers that we need.
Maybe we can convince the router manufacturers to interpret the FCC
regulations such that opening the case on a router and soldering a
connection is required to flash the router. That would be super easy
for them to implement and very convenient for us. If we got EFF
lawyers to interpret the new FCC regulations and issue a statement
that they believe this is legal (they did something similar for
their open wireless movement) then we could take that statement to
all the relevant folks.
Ok I just actually read it. Quote:
"An applicant must describe the overall security measures and systems
that ensure that:
1. only properly authenticated software is loaded and operating the
device; and
2. the device is not easily modified to operate with RF parameters
outside of the authorization."
Here it is:
https://apps.fcc.gov/kdb/GetAttachment.html?id=1UiSJRK869RsyQddPi5hpw%3D%3D&desc=594280%20D02%20U-NII%20Device%20Security%20v01r02&tracking_number=39498
It is specifically an anti-openwrt measure (well, they list dd-wrt).
So... yeah that's insanely broad and it looks like we're fucked.
--
marc/juul
nearly wrote 'cryptogenic suspension'...) I think it would behoove us to
step forward and tell the FCC that this cannot stand.
Here's a link to the FCC's proposal:
https://apps.fcc.gov/oetcf/kdb/forms/FTSSearchResultPage.cfm?id=39498&switch=P
Following is a breakdown of the salient point.
--
The Doctor [412/724/301/703/415] [ZS]
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/
"The world is not a match for you and me/No matter what we used to say!"
--InSoc
-------- Forwarded Message --------
Subject: Re: [Mesh] openWRT vs. FCC - forced firmware lockdown?
Date: Tue, 28 Jul 2015 13:31:11 -0700
From: Marc Juul <ju...@labitat.dk>
To: Mitar <mi...@tnode.com>
CC: mesh <me...@lists.sudoroom.org>
On Tue, Jul 28, 2015 at 1:25 PM, Marc Juul <ju...@labitat.dk
<mailto:ju...@labitat.dk>> wrote:
On Sat, Jul 25, 2015 at 5:18 PM, Mitar <mi...@tnode.com
<mailto:mi...@tnode.com>> wrote:
Hi!
From Battlemesh V8 agenda
(http://battlemesh.org/BattleMeshV8/Agenda):
The new FCC rules are in effect in the United States from June
2nd 2015
[1] for WiFi devices such as Access Points. They require to have the
firmware locked down so End-Users can't operate with non-compliant
parameters (channels/frequencies, transmit power, DFS, ...). In
response, WiFi access point vendors start to lock down firmwares to
prevent custom firmwares (such as OpenWRT) to be installed,
using code
signing, etc. Since the same type of devices are often sold
world wide,
this change does not only affect routers in the US, but also
Europe, and
this will also effect wireless communities.
We would like to discuss:
* What are your experiences with recently certified WiFi Hardware
* How can we still keep OpenWRT on these devices
* What can we suggest to Hardware vendors so that they keep their
firmware open for community projects while still compliant with
the FCC?
Fucking hell. I just sent emails to TP-Link and Ubiquiti stating
that we rely on this for our organization and asking what they're
planning to do.
Ubiquiti already locked down channel selection and made separate
EU/US models so it's not unthinkable that they'll actually do the
right thing. TP-Link also already has Chinese and US/EU versions of
some routers. Maybe we can get the EFF to help launch a campaign for
device freedom to make the manufacturers aware that this is important?
Hopefully we can scale quickly enough using current-generation gear
that we'll be able to have our own routers FCC certified and mass
produced before it becomes an issue. If need be we can create a
meta-organization for all the world's mesh groups to make a few
types of routers that we need.
Maybe we can convince the router manufacturers to interpret the FCC
regulations such that opening the case on a router and soldering a
connection is required to flash the router. That would be super easy
for them to implement and very convenient for us. If we got EFF
lawyers to interpret the new FCC regulations and issue a statement
that they believe this is legal (they did something similar for
their open wireless movement) then we could take that statement to
all the relevant folks.
Ok I just actually read it. Quote:
"An applicant must describe the overall security measures and systems
that ensure that:
1. only properly authenticated software is loaded and operating the
device; and
2. the device is not easily modified to operate with RF parameters
outside of the authorization."
Here it is:
https://apps.fcc.gov/kdb/GetAttachment.html?id=1UiSJRK869RsyQddPi5hpw%3D%3D&desc=594280%20D02%20U-NII%20Device%20Security%20v01r02&tracking_number=39498
It is specifically an anti-openwrt measure (well, they list dd-wrt).
So... yeah that's insanely broad and it looks like we're fucked.
--
marc/juul
Reply all
Reply to author
Forward
0 new messages