|
|
Subscribe / Log in / New account

TP-Link agrees to allow third-party firmware in FCC settlement

The US Federal Communications Commission (FCC) has announced a settlement with network-hardware manufacturer TP-Link, covering both the company's non-compliance with FCC transmission-power regulations and the company's plan to lock-out third-party firmware—including open-source firmware projects like OpenWrt. "While manufacturers of Wi-Fi routers must ensure reasonable safeguards to protect radio parameters, users are otherwise free to customize their routers and we support TP-Link’s commitment to work with the open-source community and Wi-Fi chipset manufacturers to enable third-party firmware on TP-Link routers." Under the settlement agreement, TP-Link will pay a $200,000 fine for shipping WiFi routers that could be configured to run above the permitted power limits, but it will also have to cooperate with open-source firmware projects to make sure they remain installable. TP-Link had moved to block user-installed firmware in March as its first attempt to satisfy the FCC's complaint about non-compliant power settings.


to post comments

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 1, 2016 19:25 UTC (Mon) by rvfh (guest, #31018) [Link] (6 responses)

Late April fool or early Xmas? Or did I miss something?

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 1, 2016 20:18 UTC (Mon) by drag (guest, #31333) [Link] (5 responses)

Just FCC making life difficult for open source projects. They are pretty much guaranteeing that there will never be such a thing as 'open source firmware' for wireless devices on consumer hardware.

FCC believes that people shouldn't be able to fiddle around with transmitting radios without a license and are forcing hardware manufacturers to cover the costs of enforcement.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 2, 2016 2:39 UTC (Tue) by Paf (subscriber, #91811) [Link] (1 responses)

Err, it pretty specifically requires that open source firmware be allowed - it just can't be allowed to modify the radio settings to move them outside of the region locked limits. The WHOLE POINT of this action is the FCC moving to prevent a company from blocking third party firmware. The FCC said they had to find a way to allow third party firmware while meeting one condition.

So, no, you can't make third party firmware do things which are illegal - but you are allowed to have third part firmware. And in fact companies (or at least this one) can't legally prevent you.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 2, 2016 15:23 UTC (Tue) by drag (guest, #31333) [Link]

> Err, it pretty specifically requires that open source firmware be allowed

Not for the actual radio itself. I am talking about /usr/lib/firmware firmware, not openwrt firmware.

In Cell phones they often use a separate embedded module that controls the radio separate from the OS. This represents a VERY significant risk to privacy and means that you really never are complete control of your phone.

It would be sad if such things happened to everything that has any radio transmitter on it.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 2, 2016 8:04 UTC (Tue) by ledow (guest, #11753) [Link] (2 responses)

I don't think they are restricting the radio, as such. You can still put whatever bits on the airwaves you want.

All they are restricting is the power you can transmit at. That could literally just be a burned-in dB value or a set resistance on a circuit. There's no need to configure that as, by law, tweaking it beyond normal parameters is illegal anyway. It's like saying that a TV card isn't "open-source" because you can't tune it down to receive at 0.5MHz.

There's also nothing saying the radio power can't be adjusted, just that the MAXIMUM must be respected. As I say, if they do this by putting a certain resistance into a circuit, that still lets open-source firmware dial the transmission down, like managed Wifi systems do, to increase global throughput.

Open-source is not about "you need to be able to do control every possible theoretical function of the system". It's about "if proprietary firmware can do it, so should we be able to". And the maximum transmission level is not something that proprietary or open-source firmware should be able to exceed, because of the laws around this.

Historically, the maximum transmission level wasn't even implemented. Now it will be implemented in hardware or at least outside the scope of ANY firmware. That means proprietary and open-source firmware are back on a level peg again.

Sure, it means you can't exceed the maximum transmission level, but control of the device for any legal purpose isn't hindered at all.

Sometimes OS-evangelism goes too far. Even if you were to make an OS router yourself, you wouldn't be able to get it FCC certified without literally removing the capability for users to tweak the maximum transmission power level. So restricting that isn't about removing your software freedoms as much as making devices that are legal to use, buy and sell.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 2, 2016 8:29 UTC (Tue) by jem (subscriber, #24231) [Link]

> All they are restricting is the power you can transmit at.

And the frequencies you can use. Which differ from one country to another.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 2, 2016 15:27 UTC (Tue) by drag (guest, #31333) [Link]

FCC doesn't want consumers to be able to fiddle with their hardware and it's up to the hardware manufacturers to cover the cost to enforce it if they want to be able to legally sell these devices.

Sometimes they care just about frequency and power, sometimes they care about a lot more then that. Depends on the device being sold.

I am much less concerned about 'OS-evangelism' and actual Freedom for people to innovate and move the technology forward as well as having the ability to protect oneself from the negative aspects of technology.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 1, 2016 20:32 UTC (Mon) by gioele (subscriber, #61675) [Link] (10 responses)

Couldn't router manufacturers fix these regional parameters in the HW of the radio chipset? Then the main CPU would be free to run whatever it wants.

To streamline the manufacturing process, they could manufacture a generic version, then blow an efuse that permanently sets the radio parameters according to the limits imposed by the FCC transforming the box into a USA-only 100% FCC-compliant router.

Am I missing some fundamental detail?

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 1, 2016 20:41 UTC (Mon) by luto (guest, #39314) [Link] (5 responses)

That would need wireless chipset support, and the chipset vendors may not want to do that.

More fundamentally, I think that one of the issues that the FCC cares about is radar detection (i.e. turn off or switch channels when radar is detected), and I think that's generally implemented in software.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 1, 2016 21:08 UTC (Mon) by pizza (subscriber, #46) [Link] (2 responses)

...and a good thing handling RADAR is implemented in software -- two of the devices I have running right now keep reporting RADAR pulses while running in the 2.4GHz band -- which is nonsensical.

The main thing the FCC is concerned about is out-of-band emissions. Within the legal bands, very few devices on the market come anywhere near close to the in-band power limits .

The thing is, unless the wifi chipset has some sort of onboard flash/efuse/etc holding parameters (and reads them without any software assistance) then the software can always muck with things. (I should know, I've written code to do said mucking with many times now)

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 2, 2016 9:05 UTC (Tue) by rcochran (guest, #105426) [Link] (1 responses)

Why nonsensical? There are S-Band marine radar out there...

Richard

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 2, 2016 9:55 UTC (Tue) by farnz (subscriber, #17727) [Link]

Because, for the purposes of 802.11, radar is only something you're supposed to notice in the 5 GHz band, not the 2.4 GHz band.

802.11 devices are only supposed to worry about radar when using bands where radar is the primary licensed user, and WLAN is a secondary permitted use; in the 2.4 GHz band, there's no primary licensed user, so 802.11 does not need to worry about interfering with the primary user. In the 5 GHz band, there are chunks where radar is the primary licensed user, and WLAN is permitted to use the spectrum as long as it does not interfere with radar operations; 802.11 has interpreted this as "when you detect radar on a channel, do not use it".

Thus, any radar detection on 2.4 GHz is wrong - the spec for 802.11 says to only do radar detection in the 5 GHz band; further, only 5 GHz devices are required to support channel change notifications and channel blacklisting, so reacting to radar detection in the 2.4 GHz band is not possible (you can't be confident that everything will respect the radar detection).

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 2, 2016 15:58 UTC (Tue) by jhhaller (guest, #56103) [Link] (1 responses)

To handle the radar detection while allowing third-party firmware is going to require a solution similar to what Ignition Design Labs is doing with radar detection and channel management in a separate dedicated CPU in their Portal router. Unfortunately, they don't seem to support third-party firmware, at least at this point. But, that dedicated CPU would never be changeable. The extra CPU is also unlikely to make it particularly inexpensive.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 8, 2016 21:27 UTC (Mon) by Arch-TK (guest, #103811) [Link]

And then you will have something like a regular ordinary cell phone which has a "cheap secondary CPU" running closed signed irreplacable firmware. Oh, and since manufacturers are cheap, they will incoprorate the main CPU and the secondary CPU into one giant blob through a shared memory space and effectively completely compromise all aspects of security, privacy, or replacing the main FW by making sure that if someone discovers a vuln in the baseband or a government has a known backdoor to the baseband, the entity can then go and take complete control of the device.

Maybe I should just route all my internet traffic through every major government's security organisation and save on the hassle?

On a serious note, offloading this to a proprietary blob running on a locked down chip is not the solution, the FCC makes tweaking this stuff illegal, and finding out that you've been doing something stupid isn't that difficult for the government to do. I mean you're broadcasting EMF over air, if someone wants to know the source, they will find the source.

Basically, this is all still doable despite the FCC's requirements on locking everything down, which is why it is also illegal. Why not just make it illegal and leave it at that instead of introducing lots of rules which harm either privacy, security or customisability?

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 1, 2016 21:06 UTC (Mon) by micka (subscriber, #38720) [Link] (2 responses)

I don't think not being able to use your hardware when you change country is sensible. Isn't that what CRDA is for?

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 1, 2016 22:59 UTC (Mon) by callegar (guest, #16148) [Link]

One reason for having things configurable via software is allowing users who travel taking their equipment with them not to have their equipment operate in violation of local regulations in the countries they visit. Because of this, even if some specific limits need to get hardwired in devices sold in the US, I believe it should remain possible to further reduce via software the capabilities of the device, to assure that it can be safely employed abroad. So the rules are not incompatible with CRDA. For instance, already "Linux allows changing regulatory domains in compliance with regulatory restrictions world wide, including the US FCC. In order to achieve this devices always respect their programmed regulatory domain and *a country code selection will only enhance regulatory restrictions*"

Indeed, this can result in devices that have a reduced functionality when used abroad (namely, they may end up operating well below what the local rules allow).

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 2, 2016 3:32 UTC (Tue) by flussence (guest, #85566) [Link]

That is exactly what CRDA does, yes. By default the kernel restricts wifi devices to "worldwide-safe" settings; with the CRDA userspace software installed it only allows legal settings for the configured country (or the intersection of those and what's hardcoded in the hardware/firmware). This is all cryptographically signed and verified by the kernel and used by every in-tree wifi driver, so it's painfully obvious if someone's tampered with Linux to enable running their hardware out of spec.

In this case, that someone is TP-Link... they had all these free safety belts and chose to ignore them and write NIH crapware instead. The $200k seems justified.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 1, 2016 21:11 UTC (Mon) by Jonimus (subscriber, #89694) [Link]

Basically the issue is that would cost the wireless chip makers money and mean having to keep more SKU's in stock.

Its the same reason TP-Link sold routers that had a built in region switch in the UI. It made it so they could produce one model for all regions rather than having to make multiple versions.

The FCC order does NOT say that TP-Link will allow third-party firmware!

Posted Aug 2, 2016 9:20 UTC (Tue) by brouhaha (subscriber, #1698) [Link] (4 responses)

It only says that TP-Link agrees to "investigate software and hardware solutions that would enable customers to install and operate third-party firmware".

The FCC order does NOT say that TP-Link will allow third-party firmware!

Posted Aug 2, 2016 13:40 UTC (Tue) by Wol (subscriber, #4433) [Link] (1 responses)

But they also have to file a report that says what they have done ...

Foot-dragging and obstructionism is likely to trigger a storm at the FCC. That's one that the FCC get dragged in to, not one that they started ...

Cheers,
Wol

The FCC order does NOT say that TP-Link will allow third-party firmware!

Posted Aug 3, 2016 8:30 UTC (Wed) by zoobab (guest, #9945) [Link]

"That's one that the FCC get dragged in to, not one that they started ..."

Actually, according to last Battlemesh talk on the subject, the radio lockdown was started by an European Commission advisory committee (based on a study on wifi 5Ghz and radars interference). There is one american expert speaker who said the FCC did not not had enough man power to make scientific studies on this issue.

The FCC order does NOT say that TP-Link will allow third-party firmware!

Posted Aug 2, 2016 21:54 UTC (Tue) by makomk (guest, #51493) [Link] (1 responses)

Not only that, but the actual settlement very specifically says that the part about third-party firmware is not in any way intended to restrict TP-Link's ability "to select, in its sole discretion, particular chipsets, that it will use in the manufacture of its devices". So they can continue to use hardware that relies on the driers to enforce the FCC rules and comply by locking down their routers against third-party firmware, and that would not in any way violate the settlement. This LWN article is simply wrong.

The FCC order does NOT say that TP-Link will allow third-party firmware!

Posted Aug 2, 2016 23:19 UTC (Tue) by mtaht (subscriber, #11087) [Link]

As someone who helped put together one of the biggest filings with the FCC on this matter, with 260+ other people (including our grumpy editor!)

http://fqcodel.bufferbloat.net/~d/fcc_saner_software_prac...

(in addition to 1300? 1700? filings from other orgs)

And later met in person with many of the top people there:

https://www.fcc.gov/ecfs/filing/60001306685

I am inclined to put this result in the "win" column, provisionally.

June 2 came and went, tp-link's router firmware returned to field upgradable, and other manufacturers did nothing to make flashing other firmwares any harder than it already was. Hopefully, our arguments buttressed the legal case ongoing at the time against tplink (I knew there was one, but not against whom, or over what, I hope to get more details).

This does not mean the war is won, however. Certainly binary blob firmware that completely controls the radio remains a problem - but progress is being made with the very thin firmware in the 802.11ac mt76 chipset, I am not aware of 5ghz ath9k chips requiring blobs, and other binary only firmwares are improving to support APIs that fq_codel on wifi needs.

http://blog.cerowrt.org/post/fq_codel_on_ath10k/

(Recently a few new *major* chipsets had wifi drivers submitted to the linux kernel, but I haven't looked at what, exactly the firmware controls. The state of most wifi drivers and firmware is thoroughly depressing - and a very smart and fast co-processor is seemingly needed to run at very high rates)

Five things I learned from this exercise:

1) If a legalistic solution can be vague, it will be. It then can be spun many ways for many audiences. Read Ed Bernays.

Still, sometimes what is said publicly, continues to matter, and the FCC has said some very nice things.

2) The FCC was not the enemy, but a harried organization attempting to fulfill its mandates. As minimally outlined, their problem was the FAA complaining about wifi interference with weather radars. The first solution was overbroad. They have a much better understanding of the roles of open source, third party firmware now - after the keruffle - of the usefulness of user control, better security, and more frequent updates.

The FCC has WAY bigger problems than linux wifi. The number of wireless capable devices requiring certification and testing is skyrocketing, among other things.

https://twitter.com/FCC is a good source for the FCC's other concerns.

3) If you really want attention in D.C., it is a good idea to make a good argument, with a lot of well known people, file it somewhere inside the agency's process, and then issue (buy) a press release, and make the biggest stink you can.

As it turned out many of the recommendations we made above cannot be implemented inside the FCC's mandates, but the FTCs.

4) Chipmakers can now no longer hide behind an argument that the FCC will not let them open up their firmware.

5) The best "proof of the pudding" I can think of would be to push through a new product with much more or entirely open wifi firmware through the FCC processes, using the CRDA library to enforce the rules. Lining up a vendor willing to try that has so far not happened, although I expected a few mt76 chipsets to enter the US by now, I have not been actively watching their RSS feed for progress.

All in all, honestly, I do think we moved the dial a few notches in the right direction, and I'm going to sleep pretty well tonight.

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 3, 2016 8:10 UTC (Wed) by mfuzzey (subscriber, #57966) [Link] (2 responses)

To me there is something fundementally wrong with making manufacturers responsible not for something their product *does* but something it *could be modified* to do.

I totally understand the necessity to regulate the spectrum to avoid interference to other users. But I think that if someone modifies their router to operate outside the rules *they* should be responsible, not the manufacturer.

It's like speed limits on roads. They are needed and drivers are responsible if they exceed them. We don't force manufacturers to only make cars that cannot exceed the speed limit.
Or (a bit closer to the wifi case), if I modify my car to improve performance, whilst violating emissions and safety regulations I'm the one who's going to prosecuted, not the manufacturer because their car could be modified...

TP-Link agrees to allow third-party firmware in FCC settlement

Posted Aug 3, 2016 10:13 UTC (Wed) by jezuch (subscriber, #52988) [Link]

> We don't force manufacturers to only make cars that cannot exceed the speed limit.

...yet.

BTW: it's not a new thing. http://spectrum.ieee.org/geek-life/history/the-man-who-in...

Limits on capability or use?

Posted Aug 3, 2016 11:05 UTC (Wed) by davecb (subscriber, #1574) [Link]

My reading is that the FCC wants the equipment to have limits on power and frequencies, such as, for example, a 300 horsepower limit for a car and no tires wider than 8", but that the owner is responsible if he's driving the unit too fast in a 30-mph zone or bouncing cross-country through a public park.

As usual with software, the boundaries can get awfully soft and fuzzy, and you have to work surprisingly hard to get what the lawyers call a "bright line" rule.


Copyright © 2016, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds