Group:Hardware/ReverseEngineering

From LibrePlanet
Jump to: navigation, search

Introduction

A lot of hardware require software to work (often as drivers and/or firmware(s)). However when the only software to make a given hardware work is proprietary, there is no way to use that hardware in freedom.

When hardware documentation is available, is is a matter of writing the missing software. When it is not, the hardware has to be reverse engineered to either write such documentation and/or to write such software.

Which hardware should be prioritized ? We propose criterions and a few examples.

Is it a widely distributed hardware ?

For instance, millions of Raspberry PI have been sold. A functional free software firmware for the VideoCore IV GPU it uses would be beneficial to all existing users. Another example is the Samsung Galaxy SIII which sold over 70 million units and can easily be bought second hand world wide. A free software driver for the BCM4334 wifi chip could enable new Replicant users.

Is it the last step in completing the liberation of whole device(s) ?

For instance, consider the Allwinner A20 System on a Chip in the Olimex Lime2. If we can make it work with free software, all the hardware of that chip will become functional in the free world. All of the hardware in that single board computer will likewise become functional in the free world.

How long will it take ? (0 fast, 9 long)

How much time such work can take depends on:

  • how much the tasks at hand fits the skills of the people working on it. The various tasks can require very different skillets.
  • How much documentation there is and how much work there is to do
  • If making such software usable usually takes times. For instance a GPU driver often needs quite some time to get a low enough number of bugs.
  • In some case having access to debug hardware such as osciloscopes and logic analyzer can speed things up in several order of magnitude. It was the case with the port of a free software bootloader on the LG Optimus Black (P970)

Is reverse engineering needed?

Reverse engineering might not be needed as documentation might already exist, either published by the hardware manufacturer, or by people that did some reverse engineering on the hardware.

Examples:

  • The etna-viv project states: Nearly all of the reverse engineering work has been done, [...] However I don't have time nor will to do everything myself. This project needs developers that help with the Mesa driver for [...] I did my thing, now do yours. There is no point in waiting because whatever you want just won't happen out of itself.

How useful is the hardware for its users? (0 not really, 9 very)

For instance, in the Samsung mobile phones, the Wifi, GPS and bluetooth drivers need reverse engineering. The wifi driver is more useful than the bluetooth driver.

Is it crucial ?

It is in hardware that does a job that is crucial for us to support. A job can be crucial even if only few people need to do it.

For instance making possible to use certain kind of hardware with free software, when none work with free software would apply here such as:

  • Having very fast/powerful RYF certified computers would allow to do certain kind of work with free software, such as compiling huge quantity of software, like complete GNU/Linux distributions.
  • Having the ability to use big FPGAs with free software would allow to build SDR, osciloscope and many other tools that would work with free software, enabling free software in new areas.

Hardware and work list

Units Last step Difficult Long Useful Crucial
#Mali GPU >100M Yes 5/9 Yes 9/9 No
BCM4334 Wifi >70M No 9/9 9/9 No
BCM4334 Bluetooth >70M No  ?/9 2/9 No
BCM43438 Wifi >10M No 9/9 2/9 No
#Vivante GPU  ? No 5/9 2/9 No
#AMD/ATI GPU 2D support in linux-libre  ? No Easy Fast Very No

WiFi/Bluetooth chips for Smartphones and Tablets

The Openmoko Freerunner is the only smartphone that works without the need to load a firmware in the WiFi chip, as the firmware is provided on a separate flash chip.

On Most/All other (recent?) smartphones, a non-free firmware is required to make the integrated WiFi work.

The most problematic issues on smartphones and tablets is the WiFi: If a device manufacturer wants to design a device made to run 100% free software, the WiFi firmware will be the most problematic issue as the other issues can be solved by picking the right chips:

  • System on a chip compatible with free software bootloader (Such as many I.MX and AllWinner SOCs) a do exist and can be bought for a long time in low quantity.
  • Having the GPU work isn't strictly required as on most system on a chip, it is not connected to the display and is only used to do 3D acceleration. Some system on a chip even have separate 2D acceleration. Replicant and GNU/Linux don't require 3D acceleration to be usable.

Once common devices capable of running a free software bootloader become usable, they would also have the exact same issue and also not require a working GPU as explained above.

Note that smartphones or tablets that are able to connect to GSM/CDMA networks have many privacy issues. Some are described by Replicant

There are several approaches to fix the WiFi/Bluetooth issues:

  • Write a free WiFi firmware for a WiFi chip used by some widely available smartphone(s) that are used by free software smartphone distributions such as Replicant. This probably also require some reverse engineering work to understand how the chip work.
  • Write a free WiFi firmware for a WiFi chip that can be bought by device manufacturers wanting to have no non-free software required to use their device. Extra care must be taken to chose WiFi chips that can be bought in low quantity, and have a long lifetime, to enable potential device manufacturer to be able to actually buy and use such chips in the product they make.
  • Make it easier to use external (USB) WiFi dongles that are known to work with free software (such as the ones compatible with the ath9k_htc driver) with smartphones that fits into one of the two category above.


BCM4334 Wifi

The BCM4334 Single Chip IEEE 802.11 a/b/g/n MAC/Baseband/Radio with Integrated Bluetooth 4.0 + HS and FM Receiver is used in the Samsung Galaxy SIII which sold over 70 million units. It can easily be purchased second hand world wide. Reverse engineering would is very difficult. It would be very useful because it would enable Replicant. There are no ongoing reverse engineering projects for this chip.

BCM4334 Bluetooth

It is a part of the BCM4334 chip which also includes [[#BCM4334 Wifi|wifi], only it is less useful and the difficulty is unknown.

BCM43438 Wifi

The BCM43438 Single-Chip IEEE 802.11ac b/g/n MAC/Baseband/ Radio with Integrated Blue tooth 4.1 and FM Receiver is used in Raspberry Pi which sold over 10 million units. The user base is large and could upgrade to a free software driver. Reverse engineering would is very difficult. Although the bootloader is free software other hardware parts do not work wihout nonfree software. Since there also is an ethernet port, the availability of the wifi is not a blocker to operate the Raspberry PI.

Desktops and laptops WiFi

Intel WiFi

Intel WiFi cards are very popular in laptops, and have free software drivers. Unfortunately they are not usable in freedom as they lack a free software firmware.

Depending on the generation, they use different drivers:

Broadcom WiFi

Broadcom WiFi cards are also popular in laptops, unfortunately very few are usable in freedom. So far OpenWWF only support the following chips:

  • 4306
  • 4311(rev1)
  • 4318
  • 4320

Adding more recent chips would be useful.

Moreover chips cards are not even supported by free software drivers:

  • The b43 and b43legacy drivers don't support some chips, some of which are used in Macbooks like the Macbook 6,2

GPUs present in system on a chip(s)

Mali GPU

The Mali GPU can be found in a lot of Allwinner System on a chip, since the Cedrus project took care of the video decoding offloading, only the Mali GPU isn't usable with free software. Such System on a chip can be found in many boards or devices which can easily be bought.

The Lima project produced some free software demo code that is able to use the hardware, but it has to be converted to a proper driver to be useful.The project did not see much activity since 2016.

The Mali is also used in many Exynos System on a chip found in most Samsung phones (12) from the S2 to the S7 which sold over 100 million units combined (1, 2, 3).

Many of such devices are compatibles with Replicant, and can also be bought second hand worldwide, with or without Replicant being already installed on it.

Vivante GPU

The Vivante GPU is used in the i.MX_6 SoC which is used in the Novena laptop which sold ??? units. Reverse engineering is made easier because the driver is in user space and all dialogs with the hardware via a kernel driver published as free software. The Etnaviv project exists and is useable but it needs completion.

The only other part in the SoC requiring reverse engineering is the VDU.

Desktops and laptops GPUs

ATI/AMD GPUs are integrated in many laptops and desktops computers. Nvida GPUs are also integrated in many laptops. Both are also available as separate GPU cards that can be plugged in desktop computer.

AMD/ATI GPU 2D support in linux-libre

When a given ATI/AMD GPU isn't supported by linux-libre, the computer is very close to unusable with FSDG compatible GNU/Linux distributions as the Linux kenrel will refuse to load the radeon driver and instead fallback on drivers such as the VESA driver which:

  • It might not support the display native resolution (on netbooks, you might only have a 800x600 resolution instead of the native 1024x600, and several other choices)
  • It won't support multiple monitors setups
  • It will be really slow

It is however not the last step for this hardware as such GPUs require:

  • non-free video-bios to initialize the display in libreboot or similar boot software
  • non-free bytecode (which is loaded from the video-bios) to get the Linux driver initialize the card
  • non-free firmware to get 3D acceleration and other function working

Requirements:

  • An unsupported ATI GPU
  • The ability to compile and to run linux(-libre) kernel

Difficulty: It should be easy and fast, and there is even a tutorial on how to do it

Nvidia GPUs 3D acceleration firmware/microcode

Most of the Nvidia GPUs falls into either category:

  • The GPU is too recent and the firmware is signed (and non-free), and because of that it cannot be replaced unless a bug is found in the hardware signature check
  • The GPU firmware is unsigned and free software

However there is still some GPUs with unsigned firmwares where only non-free firmwares exists, such as the one in the Tegra K1 ARM SOC.

AMD/ATI 3D acceleration firmware/microcode

AMD/ATI or Nvidia video BIOS and video BIOS bytecode

This would enable libreboot to support many desktop GPUs.

Devices with system on a chip and bootloaders freedom

Smartphones

Very few smartphones have unsigned bootloaders. It would be useful to make them usable with free software smartphones distributions such as Replicant.

LG Optimus Black (P970)

The LG Optimus black has very basic support in upstream Linux and u-boot, it is not enough to be usable under free software smartphone distributions such as Replicant.

To be usable it would require:

  • To add better support in Linux (and optionally u-boot), and make more hardware peripherals work, such as the display.
  • To add proper support for devices using an upstream Linux kernel in Replicant. That part of the work can also be shared with the GTA04 smartphone.

GTA04

Very few units were produced, and the production is stopped due to manufacturing issues It has a free software bootloader and a linux kenrel close to upstream.

It needs to be integrated in free software smartphone distributions such as Replicant. That work can be shared with the LG Optimus Black.

Tablets

Many tablets have unsigned bootloaders. It would also be useful to make them usable with free software tablets distributions such as Replicant or GNU/Linux.

ARM computers

Many ARM computers can be used with only free software as they have a free software bootloader (the ARM equivalent of x86 boot software like BIOS or UEFI).

To be useful, such computers also need to be able to run a free operating system, fortunately several Free GNU/Linux distributions support arm, such as:

  • Parabola
  • Guix

However such distributions are targeted towards computers users that:

  • know how to configure their system trough the command line
  • want to spend time configuring their system by hand

There is currently (at the time of writing) the Free GNU/Linux distribution that are usable by people that do not know how to use the command line(such as Trisquel or PureOS) do not support ARM computers.

Enabling such distribution to work on ARM computers, and, in a second time making them easy to install on ARM devices would fix the problem.

Single board computers

Raspberry bootloader

millions of Raspberry PI have been sold.

The Raspberry Pis require non-free bootloader to start up, which is part of the GPU firmware. This is what makes this device "fattaly flawed"

A free software bootloader exists, but is not complete nor stable enough to make the device useful yet.

CPU Microcode

Manufactured hardware often have flaws, which sometimes can be fixed by software or configuration data.

This also applies to CPUs, and flaws can remain undetected for a very long time like with the spectre and meltdown issues. If unfixed, such bugs can potentially enable an attacker to remotely take control of computers trough JavaScript.

Some CPU flaws are also often publically documented in errata documents like this one for Core duo processors. Such flaws can usually be fixed either by:

  • Having software workarounds, which is not always possible
  • Microcode patches when the CPU supports microcode updates

Unfortunately microcode updates are non-free and often encrypted.

Recently there was some breaktrough in this area, some people succedded in documenting AMD K8 and K10 Microcode and microcode updates hardware mechanism, paving the road for free software microcode on such processors.

Having free software microcode would not only enable to fix very serious security issues, but also to do things that weren't possible before, such as having ways to trace instructions with very few performance impact.

The following mainboard are already supported by Libreboot and do support AMD K10 CPUs:

  • ASUS KCMA-D8 motherboard
  • ASUS KFSN4-DRE motherboard
  • ASUS KGPE-D16 motherboard

So having free software microcode on such CPU would make it possible to use computers with libreboot, while still having the latest security fixes.

FPGAs

FPGAs are chips with reconfigurable gate patterns, allowing them to do anything a chip would do such as a WiFi or Ethernet chip, a GPU, a CPU, etc.

They are also often used in fields where no chip are available to do a given task, or where reconfigurability is really important such as:

It is also widely used in:

To do such thing, one need to write some "source code" in a hardware description language, and use tools that looks like a compiler to produce a binary that the FPGA will load to reconfigure itself.

So to be usable in freedom, such tools needs to be free software.

So far the FPGAs usable with free software are from the Latice ICE40 family. Theses are tiny FPGAs.

Other attempts:

Home servers

There are a lot of low power single board computers that can be used to make home servers. While most of them can be used with fully free software, there are still issues on that area.

Raspberry pi

See #Raspberry_bootloader

WiFi

More and more Single Board Computers come with onboard WiFi chips. Theses are the same chips that are used in smartphones and tablets.

See [#WiFi.2FBluetooth_chips_for_Smartphones_and_Tablets] for more details

WiFi access point

There are several ways to connect a WiFi chip/card to a Single Board Computer:

  • Through mini-PCI(e)
  • Through USB
  • Through other busses such as sdio, SPI, etc

While PCI-(express)/PC-card cards/chips that can work with only free software driver do exists, such as:

  • The ones compatible with the ath9k or ath5k driver
  • Some chips compatible with the OpenFWWF firmware (which is compatible with the b43 driver)

mini-PCIe is rare among single Board Computers because of:

  • The lack of PCIe support from most system on a chip
  • The increased complexity in designing a board with PCIe

In another hand USB is very widely available, but the drivers that can make USB chips/card work with 100% free software suffer from some limitations that makes some project(s) chose cards working with other WiFi drivers (which require non-free firmware to work). Quoting the Internet cube project:

Free Software version (limited to 7 simultaneous connections, multissid up to 2 AP): MOD-WIFI-AR9271-ANT
Non Free Software version (multissid up to 8 AP) : MOD-WIFI-R5370-ANT

Some associations such as FDN reselling such hardware only sells it with the "non-free software version".

More details on the issue is available here. To fix, some of the things done in the free software firmware have to be moved in the free software driver.

TODO

This section is for tasks and hardware for when there is doubt if it belongs to the list or not.

ZFS

VDU used in the Novena

TBD

Less important

Storage devices proprietary firmwares

Most storage devices have proprietary firmwares, this includes:

  • Hard disk drives
  • SSDs
  • SD and microSD cards
  • eMMC

Some don't have firmwares such as:

  • NAND
  • SPI flash

Several attempts to have free software firmwares exist:

|FPGA]] that depends on a non-free "compiler" to use, whereas their older platform doesn't. I didn't check if the older platform could be used with fully free software.

  • A port of the Linux kernel to a hard disk
  • There is also information on microSD firmwares from Andrew 'bunnie' Huang: 1 [1] and SSD firmware update procedure from Samsung
  • Some Single Board Computers that can run fully free software(with u-boot and Parabola), and that also have NAND chips such as the A20-OLinuXIno-LIME2-n8GB are able, with some software configuration to be used as USB mass storage device (for instance by loading the g_storage driver module).

Storage devices with non-free firmwares are a security concern because:

  • They could hide data from the user
  • The operating systems expect them to behave correctly: If they don't, they can attack the operating system by changing the programs (either before they are loaded, or right after their integrity has been checked, to have the operating system load a modified version).

However there are a lot of more crucial work to do before having to care peripherals that can't be differentiated from hardware