Interview: Harald Welte (part 1) [LWN.net]

Gadgets running Linux are a lot of fun, but much of the value of using Linux is lost if the resulting device is locked down and not hackable. In cases where the device has been opened up, no end of creative hacks have resulted; see, for example, the OpenWrt project. It is hard, however, to imagine a device with more fun hacking potential than the Linux-running Motorola a780 cellular telephone. There is no end of interesting things which could be done (and annoyances which could be fixed) if that platform were to be opened up.

The good news is that Harald Welte has managed to open the a780 and install new software onto it. With the OpenEZX Project, he is working on creating a full replacement for the stock software for Motorola's EZX phone platform. The following interview, the first in a two-part series, discusses the current and future state of OpenEZX.

LWN: What is the status of the OpenEZX project now? Is it at a point where relatively casual users might want to play with it?

I would say it's at a state where the casual linux developer can play with it, i.e. we have a 2.6.16.x based kernel running on the phone, with support for framebuffer, flash, microSD, touchscreen, usb-device (usb-net mode), usb-host.

We have both a working debian-arm root filesystem and an OpenEmbedded one. You can boot your phone using 100% Free Software (blob boot loader, linux kernel, ...), ssh into it via usbnet, start a KDrive X11 server, use your stylus, etc.

However, one of the most fundamental pieces (interaction with the actual 'phone' part, i.e. making calls) is not yet there. After Motorola has released (after much pressure) the sources for the formerly-proprietary kernel modules implementing this, I'm half way through to port them to 2.6. and integrate them.

However, since I'm virtually the only guy working on the -ezx kernel tree, and I have many other projects and real-world issues to take care of, progress is quite slow.

I expect that within one month, we'll have the phone part working, and can work on the remaining sound + camera drivers.

What obstacles remain before an a780 or similar phone will actually be useful as a phone while running a free 2.6 kernel? How can interested people help?

At this time people can start to work on OPIE, GPE, etc. on the phone. They can develop userspace programs, but they can only use the device as a PDA and not as a phone yet.

For getting the phone part working, somebody with kernel device driver development, esp. in the tty layer, usb driver and networking area (in this priority) would be required. For me, the tty layer is new, I'm only familiar with networking and usb driver development.

Once the basics have been taken care of, do you have a shopping list of improvements to make which would take these phones beyond what Motorola ships?

My most important list:

add cryptographically secure storage for all personal data such as contacts, calender, SMS, etc.
make sure nobody can just dump the flash contents by plugging in a USB cable (like it is the case with the stock models)
get the Linux native IPsec code running over GPRS
add support to use a Bluetooth keyboard with the phone
add a Jabber IM client to the phone. Who wants SMS if they can send and receive Jabber messages over GPRS?

Is Motorola cooperating with (or hindering) this project in any way?

As for OpenEZX itself, I haven't really had any direct positive or negative contact with them.

As for the general GPL compliance (which helps OpenEZX, but which is a legal requirement): Hard to say. To my impression, on the one hand, there are some technical people who really like to help the GPL compliance, and who are pressing for releasing the source of formerly-proprietary modules. They actually also want to get me phone samples in order to help them identify any remaining GPL issues, which is good.

On the other hand, there seem to be some corporate/legal folks who try to play hard, cause delays, and have very rude negotiation skills. I guess they don't really understand what they're doing there.

On the technical front, I've heard some rumors that the A1200 and especially the later models will make use of the TPM (yes, the PXA270 has a TPM!) in order to ensure nobody boots non-Motorola-signed kernels. To me, this would be a clear violation of the intent of even GPLv2, and should those rumours become true, I'll certainly do anything to enforce my position on this. But as said, all rumours, nothing definitive known yet.

Many thanks to Harald for answering these questions. Stay tuned for part two of this interview (covering Harald's GPL enforcement activities), which will appear within the next week or two.

(Log in to post comments)

TPM & GPLv2

Posted Jun 14, 2006 7:47 UTC (Wed) by coriordan (guest, #7544) [Link]

When DRM prevents users from being able to adapt GPL'd software to suit their needs, it violates the "spirit", the "licensor's intent", and implicit provisions ("complete source code") in GPLv2.

These things have legal value, but GPLv3 makes these things explicit so as to create a more solid base for free software copyright holders to stand on if they should need to enforce their licence. Making things clear and explicit is important because every court case involves a certain amount of chance, and interpretations and precedents may differ around the world.

Also, making things clear and explicit may deter some infringements. People won't base a business model on something that will obviously fail in court.

What does Linus want / not want? I haven't been able to understand his comments.

TPM and GPL(v2)

Posted Jun 15, 2006 10:00 UTC (Thu) by simlo (subscriber, #10866) [Link]

> On the technical front, I've heard some rumors that the A1200 and
> especially the later models will make use of the TPM (yes, the PXA270 has a
> TPM!) in order to ensure nobody boots non-Motorola-signed kernels. To me,
> this would be a clear violation of the intent of even GPLv2, and should
> those rumours become true, I'll certainly do anything to enforce my
> position on this. But as said, all rumours, nothing definitive known yet.

Well, I see nothing in GPLv2 which says you have to be able to run the software on a specific device. You can always build your own hardware or a simulator.

Would it also be against GPL to put the kernel on a ROM? Then you have to solder to update the software. That is doable, but what if that ROM is build into the CPU chip?
Going to the other extreme: Someone gives you a PC with Linux on a CDROM in the CDROM-drive. Oh! That is read-only, you can only change the Linux kernel by changing CDROM, i.e. changing hardware. Is that forbidden too?

I think using TPM technologies are not always evil. Legal requirements might make it illegal to sell phones where the user can manipulate the transmitter. TPM is a way to make it legally possible to use Linux on such phones. The only other alternative would be to use another OS and not publish the source code at all. Then I would prefer a phone running Linux, although I can't change the kernel. (Ofcourse, a good compromise would be if the phone can boot your own kernel, but just wouldn't be able to transmit, if it isn't signed.)
I can come up with other exambles, where having a device running a TPM locked Linux is the most preferable solution. I have before mentioned the idea of having intelligent electricity, water, heat meters running a trusted (by the provider, not the home owner) Linux.

TPM and GPL(v2)

Posted Jun 18, 2006 16:48 UTC (Sun) by tialaramex (subscriber, #21167) [Link]

The legal requirement for radio transmission is that the user cannot /normally/ tweak the radio parameters outside those licensed. That means the manual shouldn't explain how to do it, and no amount of twiddling with the knobs, changing preference settings or other "user-type activity" can be permitted to exceed the licensed specifications - But it /doesn't/ mean you need to seal the entire product in resin, or that you must keep the source code secret. It should suffice to ensure that anyone modifying the system to exceed licensed specifications must be aware of their actions.

We /already know/ that people hack the existing binary-only firmware for 802.11 devices to uprate their power, and the relevant government agencies haven't done anything to punish the manufacturers because they quite reasonably blame the /users/ not the manufacturers for this unlicensed use.

Therefore the argument that software needs TPM to obey legal restrictions is a bogus one.

TPM and GPL(v2)

Posted Jun 19, 2006 13:24 UTC (Mon) by sepreece (subscriber, #19270) [Link]

I think this substantially understates the legal requirements that radio manufacturers (for radios that transmit) must meet.

It also totally ignores the question of network operator requirements. Neither the network operator or you, as a customer, would be happy if it were easy for another user to initiate a denial-of-service attack by modifying her phone to transmit continuously on the paging channel or to repeatedly place emergency calls in a tight, infinite loop. Manufacturers who build phones that allowed such modifications to be easy would find themselves unable to sell to network operators.

One way to balance things might be to have a hard separation between the radio-control software and the user environment. Most Linux-based phones today do have such a divide, including the ones Welte is working with, but it has typically been designed that way for engineering reasons (separating real-time from non-real-time concerns), and without any attention to protecting the radio side from malicious user-side software.

For further thought, here's an excerpt from the FCC regulations on SDR; note that paragraph (b) says that unless that division between domains is hard, the manufacturer MUST take steps to assure that only trusted software is used:

2.944 Software defined radios.

(a) Manufacturers must take steps to ensure that only software that
has been approved with a software defined radio can be loaded into the
radio. The software must not allow the user to operate the transmitter
with operating frequencies, output power, modulation types or other
radio frequency parameters outside those that were
approved. Manufacturers may use means including, but not limited to
the use of a private network that allows only authenticated users to
download software, electronic signatures in software or coding in
hardware that is decoded by software to verify that new software can
be legally loaded into a device to meet these requirements and must
describe the methods in their application for equipment authorization.

(b) Any radio in which the software is designed or expected to be
modified by a party other than the manufacturer and would affect the
operating parameters of frequency range, modulation type or maximum
output power (either radiated or conducted), or the circumstances
under which the transmitter operates in accordance with Commission
rules, must comply with the requirements in paragraph (a) of this
section and must be certified as a software defined radio.

(c) Applications for certification of software defined radios must
include a high level operational description or flow diagram of the
software that controls the radio frequency operating parameters

Interview: Harald Welte (part 1)

Posted Jun 16, 2006 17:39 UTC (Fri) by mogul (subscriber, #3163) [Link]

Nice to see this happening.

I'd also like information on the similar project to get a fully-featured environment Linux running on the Palm Treo 650, which has tons of potential. The Treo has a keyboard, bluetooth, mouse (stylus), IR, and there's even an SD WiFi card available. The existence of Palm emulators for Linux means that in addition to Linux binaries, a hacked Treo can run all the myriad existing Palm software, even stuff sitting in the original firmware, when the need arises. (Oh MetrO, where would I be without you? Probably rotting dead in a London sewer somewhere...)

There's a bunch of info here:
http://www.handhelds.org/moin/moin.cgi/PalmTreo650

...but I'm not seeing a feed or some other way to easily keep up with changes. One thing to note, though, is that this port is already able to dial the phone...!

As it stands, I already use the Treo 650 in place of numerous devices: Phone, USB thumbdrive (via Softick cardexport and bluefiles/obexfs), eBook reader, music player, video player (TCPMP), RSS reader (via Bloglines), etc. Not only does it do these things, but it does them so well that I feel dumb carrying around a PSP, which only does half those things, and rather poorly (the PSP is great at games, which the Treo is not, however).

Things it doesn't do well? The ssh clients out there suck. The only decent XMPP client is proprietary and also fairly suck (Chatopus). The web browser sucks for any but the most basic sites, and half my life is now server-side in Web 2.0 services (del.icio.us, gmail, google calendar, etc). While existing Linux apps for this kind of stuff are not intended for a mobile environment, I'd much rather start hacking there doing things like contributing to Minimo (mobile Firefox) than try to figure out how to write a better-than-stock web browser from scratch for Palm OS.

Joe Bob says check it out...