Re: [Cerowrt-devel] [bufferbloat-fcc-discuss] arstechnica confirmstp-link router lockdown

Re: [Cerowrt-devel] [bufferbloat-fcc-discuss] arstechnica confirmstp-link router lockdown

[dpreed]

As a software guy who can solder SMT chips and design PCBs, and a licensed amateur radio operator, let me add a couple observations.

The FCCs concern is not to lock up all software on  routers. All they call for is that at certification time and in users hands, radio emissions are restricted  to the rules of Part 15 operation.

So one can manufacture a router that can be certified, but with the ability to operate outside the legal 2.4 GHz channel and 5 GHz channels, and power limits and that quirky radar protection rule locked in via some difficult to break lock. It needn't be a perfect lock... If it requires the ability to solder or unsolder SMT chips, or spending $1000 for parts and services per device, that could satisfy. After all, just R-SMA connectors were sufficient for antenna mod prevention to be certified.

The WiFi protocols themselves are not a worry of the FCC at all. Modifying them in software is ok. Just the physical emissions spectrum must be certified not to be exceeded.

So as a practical matter, one could even satisfy this rule with an external filter and power limiter alone, except in part of the 5 GHz band where radios must turn off if a radar is detected by a specified algorithm.

That means that the radio software itself could be tasked with a software filter in the D/A converter that is burned into the chip, and not bypassable. If the update path requires a key that is secret, that should be enough, as key based updating is fine for all radios sold for other uses that use digital modulation using DSP.

So the problem is that 802.11 chips don't split out the two functions, making one hard to update.

Router vendors should like having this feature, in the standard chipsets, actually. Why? Because it makes their own products easier to certify, the same way a secure microkernel makes security properties easier to certify, in, say, L4. And because the rules about channels and power are different in each national market. Who wants to submit all their source code to each country's regulator?

So I personally would be frustrated that I would not be able to mod any router to operate under Ham rules(part 97 allows hams to operate in much of, but not all of, the two 802.11 bands with equipment we can make modify and operate with only self-certification, and the operator following Amateur operating rules, which are different, but allow 802.11 outside the unlicensed bands also, at higher power, too). But that matters less, because I can solder and validate my transmitters.

Perhaps there is common ground to be found. Dave Taht and I made the first move on this, with Dave's DC meeting with the FCC.

But it will take working with both the FCC and the chip vendors, and the home access point vendors with a common purpose and agenda. That agenda needs to be to find the minimum lock that will satisfy the FCC, and a sufficiently cheap implementation that, along with the cost saving on design certification, it is cheaper to make a router that is otherwise open, than to make one whose certification depends on review of all the code in the router.

This is a common design pattern. The DAA for phones is now purchasable as a single module, FCC precertified, so one can make any kind of cordless phone be certifiable, merely by using that part. That part is more expensive than one I could design myself, but it saves on certification cost, because the rest of the phone or modem doesnt need certification, so one can innovate.

Hope this helps. Happy to advise, and also help get the FCC on board when there is a need to. Before that, I'd suggest convo with Atheros, Broadcom, Marvell, etc. Or even Intel, which may want it for its WiFi embedded businesses.

Re: [Cerowrt-devel] [Make-wifi-fast] [bufferbloat-fcc-discuss] arstechnica confirmstp-link router lockdown

[Jonathan Morton]

> On 14 Mar, 2016, at 16:02, dpreed@reed.com wrote:
> 
> The WiFi protocols themselves are not a worry of the FCC at all. Modifying them in software is ok. Just the physical emissions spectrum must be certified not to be exceeded.
> 
> So as a practical matter, one could even satisfy this rule with an external filter and power limiter alone, except in part of the 5 GHz band where radios must turn off if a radar is detected by a specified algorithm.
> 
> That means that the radio software itself could be tasked with a software filter in the D/A converter that is burned into the chip, and not bypassable. If the update path requires a key that is secret, that should be enough, as key based updating is fine for all radios sold for other uses that use digital modulation using DSP.
> 
> So the problem is that 802.11 chips don't split out the two functions, making one hard to update.

To put this another way, what we need is a cleaner separation of ISO Layers 1 (physical) and 2 (MAC).

The FCC is concerned about locking down Layer 1 for RF compliance.  We’re concerned with keeping Layer 2 (and upwards) open for experimentation and improvement.

These are compatible goals, at the fundamental level, but there is a practical problem with existing implementations which mix the layers inappropriately.

 - Jonathan Morton

Re: [Cerowrt-devel] [bufferbloat-fcc-discuss] [Make-wifi-fast] arstechnica confirmstp-link router lockdown

[dpreed]

Well, the answer is basically no on there being a current chip that is only concerned with the PHY layer. Because chip count is a crucial part of system cost, years ago it became the practice to put the PHY and MAC, and now the protocol processing too, on the same mixed-signal chip. For example the ESP8266 (the IoT favorite WiFi maker gadget) has a 32 bit general purpose processor and all of the elements of basic MAC and PHY on the chip. You can program the ESP8266 and use its WiFi just fine.

But I would argue that it is no longer true that division by a hardware interface routed through the PC board need be the solution.  Modularity on board the chip (as in the ESP8266) is sufficient to do what I described - the PHY layer can isolated (even if it is implemented in updatable firmware) if the firmware that controls the transmission DAC is isolated, locked down, and enforces the band limit and power limit required by the FCC. It can even be updatable, as long as it is protected with an adequate barrier to consumer modification. It need not be secret - in fact it would be better if it could be reviewed by those concerned with ensuring it will actually limit the output.

Now in other radios, less integrated, there are separate chips for the transmit DAC path from the protocol path.  I use those chips in my experimental Part 97 transceivers on 2.4 and 5 GHz, and there are chips from MAXIM and Analog Devices for example, that might be appropriate if you want to design your own router, however they are never going to be part of consumer devices because using them is costly. If you want to enforce a filter, you can do that fairly easily. But to implement full 802.11ac OFDM + MIMO would be a bear of a DSP program to build from scratch for these chips, though in principle they are capable of doing that.

But in the fully integrated designs, there is enough modularity *on-chip* that one could make sure that there are no signals emitted that are outside the relevant band and power limits.  (one might even just do this by detecting that limits are exceeded and powering of the transmit amplifier, which would probably make the FCC even more happy... the algorithm to detect excess power or out-of-band emissions could be quite simple, compared to a filter spliced in the signal path).

An external "limit-exceeding signal detector" could also be very inexpensive, if it did not need to do ADC from the transmitted signal, but could get access to the digital samples and do a simple power measurement.






On Monday, March 14, 2016 12:16pm, "Wayne Workman" <wayne.workman2012@gmail.com> said:

> Is there an existing chip that is only concerned with layer 1?
> On Mar 14, 2016 9:15 AM, "Jonathan Morton" <chromatix99@gmail.com> wrote:
> 
>>
>> > On 14 Mar, 2016, at 16:02, dpreed@reed.com wrote:
>> >
>> > The WiFi protocols themselves are not a worry of the FCC at all.
>> Modifying them in software is ok. Just the physical emissions spectrum must
>> be certified not to be exceeded.
>> >
>> > So as a practical matter, one could even satisfy this rule with an
>> external filter and power limiter alone, except in part of the 5 GHz band
>> where radios must turn off if a radar is detected by a specified algorithm.
>> >
>> > That means that the radio software itself could be tasked with a
>> software filter in the D/A converter that is burned into the chip, and not
>> bypassable. If the update path requires a key that is secret, that should
>> be enough, as key based updating is fine for all radios sold for other uses
>> that use digital modulation using DSP.
>> >
>> > So the problem is that 802.11 chips don't split out the two functions,
>> making one hard to update.
>>
>> To put this another way, what we need is a cleaner separation of ISO
>> Layers 1 (physical) and 2 (MAC).
>>
>> The FCC is concerned about locking down Layer 1 for RF compliance.  We’re
>> concerned with keeping Layer 2 (and upwards) open for experimentation and
>> improvement.
>>
>> These are compatible goals, at the fundamental level, but there is a
>> practical problem with existing implementations which mix the layers
>> inappropriately.
>>
>>  - Jonathan Morton
>>
>> _______________________________________________
>> bufferbloat-fcc-discuss mailing list
>> bufferbloat-fcc-discuss@lists.redbarn.org
>> http://lists.redbarn.org/mailman/listinfo/bufferbloat-fcc-discuss
>>
> 

Re: [Cerowrt-devel] [Make-wifi-fast] [bufferbloat-fcc-discuss] arstechnica confirmstp-link router lockdown

[David Lang]

On Mon, 14 Mar 2016, dpreed@reed.com wrote:

> An external "limit-exceeding signal detector" could also be very inexpensive, 
> if it did not need to do ADC from the transmitted signal, but could get access 
> to the digital samples and do a simple power measurement.

I agree with this, but have concerns about how you can lock down part of the 
firmware and not all of it.

You still have the problem of telling the chip/algorithm which set of rules to 
enforce, and updating it when the requirements change.

David Lang

Re: [Cerowrt-devel] [Make-wifi-fast] [bufferbloat-fcc-discuss] arstechnica confirmstp-link router lockdown

[David Lang]

On Mon, 14 Mar 2016, Jonathan Morton wrote:

>> On 14 Mar, 2016, at 16:02, dpreed@reed.com wrote:
>>
>> The WiFi protocols themselves are not a worry of the FCC at all. Modifying 
>> them in software is ok. Just the physical emissions spectrum must be 
>> certified not to be exceeded.
>>
>> So as a practical matter, one could even satisfy this rule with an external 
>> filter and power limiter alone, except in part of the 5 GHz band where radios 
>> must turn off if a radar is detected by a specified algorithm.
>>
>> That means that the radio software itself could be tasked with a software 
>> filter in the D/A converter that is burned into the chip, and not bypassable. 
>> If the update path requires a key that is secret, that should be enough, as 
>> key based updating is fine for all radios sold for other uses that use 
>> digital modulation using DSP.
>>
>> So the problem is that 802.11 chips don't split out the two functions, making 
>> one hard to update.
>
> To put this another way, what we need is a cleaner separation of ISO Layers 1 
> (physical) and 2 (MAC).

The problem is that everything (not just in wifi chips, think about 'software 
defined networking/datacenter) is moving towards less separation of the 
different layers, not more. The benefits of less separation are far more 
flexibility, lower costs, and in some cases, the ability to do things that 
weren't possible with the separation.

Any position that requires bucking this trend is going to have a very hard time 
surviving.

David Lang

Re: [Cerowrt-devel] [bufferbloat-fcc-discuss] arstechnica confirmstp-link router lockdown

[David Lang]

On Mon, 14 Mar 2016, dpreed@reed.com wrote:

> But it will take working with both the FCC and the chip vendors, and the home 
> access point vendors with a common purpose and agenda. That agenda needs to be 
> to find the minimum lock that will satisfy the FCC, and a sufficiently cheap 
> implementation that, along with the cost saving on design certification, it is 
> cheaper to make a router that is otherwise open, than to make one whose 
> certification depends on review of all the code in the router.

This should never require review of all the code in the router. At most it 
should require review of the firmware code for the wifi chip.

Linux has had this sort of thing in the past, look at the ISDN code that 
required certification to operate.

> This is a common design pattern. The DAA for phones is now purchasable as a 
> single module, FCC precertified, so one can make any kind of cordless phone be 
> certifiable, merely by using that part. That part is more expensive than one I 
> could design myself, but it saves on certification cost, because the rest of 
> the phone or modem doesnt need certification, so one can innovate.

The problem is how much stuff gets stuffed in this certified component. Cell 
phones, with their 'baseband processor' are a good example of too much 
functionality being in the certified component.

We want to get more access to what's currently in the wifi chipset firmware, not 
have it all locked down more.

David Lang

Re: [Cerowrt-devel] [bufferbloat-fcc-discuss] arstechnica confirmstp-link router lockdown

[David Lang]

On Mon, 14 Mar 2016, Wayne Workman wrote:

> One thing Is for sure - if the FCC can't see this, they will have
> effectively handicapped yet another technology, they will basically kill
> wifi. In the public's minds it will become some gross slow thing.

Agreed.

David Lang

> Again, reminds me of what the FCC, RCA, and copyright courts did to FM back
> at its birth.
> On Mar 14, 2016 2:13 PM, "David Lang" <david@lang.hm> wrote:
>
>> On Mon, 14 Mar 2016, dpreed@reed.com wrote:
>>
>> But it will take working with both the FCC and the chip vendors, and the
>>> home access point vendors with a common purpose and agenda. That agenda
>>> needs to be to find the minimum lock that will satisfy the FCC, and a
>>> sufficiently cheap implementation that, along with the cost saving on
>>> design certification, it is cheaper to make a router that is otherwise
>>> open, than to make one whose certification depends on review of all the
>>> code in the router.
>>>
>>
>> This should never require review of all the code in the router. At most it
>> should require review of the firmware code for the wifi chip.
>>
>> Linux has had this sort of thing in the past, look at the ISDN code that
>> required certification to operate.
>>
>> This is a common design pattern. The DAA for phones is now purchasable as
>>> a single module, FCC precertified, so one can make any kind of cordless
>>> phone be certifiable, merely by using that part. That part is more
>>> expensive than one I could design myself, but it saves on certification
>>> cost, because the rest of the phone or modem doesnt need certification, so
>>> one can innovate.
>>>
>>
>> The problem is how much stuff gets stuffed in this certified component.
>> Cell phones, with their 'baseband processor' are a good example of too much
>> functionality being in the certified component.
>>
>> We want to get more access to what's currently in the wifi chipset
>> firmware, not have it all locked down more.
>>
>> David Lang
>> _______________________________________________
>> bufferbloat-fcc-discuss mailing list
>> bufferbloat-fcc-discuss@lists.redbarn.org
>> http://lists.redbarn.org/mailman/listinfo/bufferbloat-fcc-discuss
>>
>