Binary blob

Last updated

In the context of free and open-source software, proprietary software only available as a binary executable is referred to as a blob or binary blob. The term usually refers to a device driver module loaded into the kernel of an open-source operating system, and is sometimes also applied to code running outside the kernel, such as system firmware images, microcode updates, or userland programs. [1] [2] [3] [4] [5] [6] The term blob was first used in database management systems to describe a collection of binary data stored as a single entity.

Contents

When computer hardware vendors provide complete technical documentation for their products, operating system developers are able to write hardware device drivers to be included in the operating system kernels. However, some vendors, such as Nvidia, do not provide complete documentation for some of their products and instead provide binary-only drivers. This practice is most common for accelerated graphics drivers, wireless networking devices, and hardware RAID controllers. [7] Most notably, binary blobs are very uncommon for non-wireless network interface controllers, which can almost always be configured via standard utilities (like ifconfig) out of the box; Theo de Raadt of OpenBSD attributes this to the work done by a single FreeBSD developer. [8] [9]

Policy by project

Some FSF-approved projects strive to provide a free operating system and will remove all binary blobs when no documentation for hardware or source code for device drivers and all applicable firmware is available; such projects include Linux-libre kernel packaging from FSFLA, Parabola, Devuan, Trisquel, and LibreCMC. [10] However, the vast majority of open-source projects make a distinction between binary-only device drivers (blobs) and binary-only firmware (not considered blobs [11] :...), allowing for certain proprietary firmware to be freely distributed as part of their kernels, and, to the disagreement of some core contributors, also support the use of proprietary device drivers that are distributed externally, providing internal compatibility interfaces for such proprietary drivers and userspace components to work with their system. [12] [13] Projects following this policy include the Linux kernel itself, NetBSD, FreeBSD, DragonFly BSD, and most Linux distributions. [14] Some of these projects do provide options for building the system without proprietary firmware, thus excluding sourceless microcode on demand. [15]

The OpenBSD project has a notable policy of not only not accepting any binary device drivers into its source tree, but also officially not supporting any third-party proprietary device driver components on its platform, either; [16] :38... citing not only the potential for undetectable or irreparable security flaws, but also the encroachment onto the openness and freedom of its software. [17] The Free Software Foundation (FSF) is actively campaigning against binary blobs. [18] FSF also considers OpenBSD's policy confusingly worded, as "blobs" in the BSD community refer only to what it considers non-free drivers, and does not apply to proprietary firmware and sourceless microcode. [19] :BSD The Debian project included both free and non-free binary firmware from the Linux kernel, clearly marking and separating the non-free packages [20] according to the Debian Social Contract. As of Debian 6.0 those blobs were removed. [19] :Debian

For OpenBSD, project leader Theo de Raadt defends the policy of asking for distribution rights only for microcode firmware. "Once they are distributed... at least the device works." Implying that the alternative would be for the members of his small project to code free firmware themselves in the assembly language of many chipsets, he pleads "don't load us up with more tasks." Despite this he favours chipsets that run without firmware and speaks warmly of Asian designs which he describes as slower to market but more mature. [17]

The proprietary Linux graphic driver, .mw-parser-output .monospaced{font-family:monospace,monospace} libGL-fglrx-glx, will share the same DRM infrastructure with Mesa 3D. As there is no stable in-kernel ABI, AMD had to constantly adapt the former binary blob used by Catalyst. Linux AMD graphics stack.svg
The proprietary Linux graphic driver, libGL-fglrx-glx , will share the same DRM infrastructure with Mesa 3D. As there is no stable in-kernel ABI, AMD had to constantly adapt the former binary blob used by Catalyst.

In the Linux kernel development community, Linus Torvalds has made strong statements on the issue of binary-only modules, asserting: "I refuse to even consider tying my hands over some binary-only module", and continuing: "I want people to know that when they use binary-only modules, it's THEIR problem." [21] In 2008, 176 Linux kernel developers signed a Position Statement on Linux Kernel Modules that stated "We, the undersigned Linux kernel developers, consider any closed-source Linux kernel module or driver to be harmful and undesirable... We have repeatedly found them to be detrimental to Linux users, businesses, and the greater Linux ecosystem." [22] The Linux kernel maintainer Greg Kroah-Hartman has stated that it is illegal to redistribute closed source modules for the GNU General Public License-licensed Linux kernel. [23]

However, the Linux kernel contains closed-source firmware required by various device drivers. [24] [19] Alexandre Oliva, the maintainer of Linux-libre, a version of the Linux kernel that attempts to remove all binary blobs, including sourceless microcode, wrote in 2011: "Linux hasn't been Free Software since 1996, when Mr Torvalds accepted the first pieces of non-Free Software in the distributions of Linux he has published since 1991. Over these years, while this kernel grew by a factor of 14, the amount of non-Free firmware required by Linux drivers grew by an alarming factor of 83." [25]

Most of the drivers for mobile devices running the Android operating system are shipped in binary and are linked against a specific version of the Linux kernel. This makes it very hard to upgrade a kernel version because it may require reverse engineering, reimplementing the proprietary device drivers as free software, creating and debugging wrappers, binary patching, or a combination of these steps, all of which implies that legacy devices will never get the latest Android version.[ citation needed ]

Problems

There are a number of reasons why binary blobs can be problematic. [11]

Firstly, their precise operation cannot be known and bugs cannot be detected by auditing source code; bugs are frequently only diagnosed by painstaking investigation when a system begins to behave unexpectedly. Such undetected bugs may also silently expose users and systems to security hazards. The fitness for purpose of the driver thus cannot be checked, and even if a bug is found there is no easy way to fix it.

Secondly, as the source code is not available, the driver cannot be readily improved by its users, cannot be ported to architectures not originally supported, nor adapted to operate for slight variants of the hardware or updated it to be workable in new kernels having the changed API and architecture.

Thirdly, using this software would force users to trust vendors or third parties not to put backdoors, spyware or malicious code into the blob. As well, the hardware vendor can decide not to support a given operating system, abandon driver maintenance at any time, or, in the event the company goes out of business, leave the driver completely unsupported.

Finally, binary blobs can be seen as drawing a line between the portion of the community that believes in free software ideals, rejecting proprietary software, and the portion that sees open source as desirable for purely technical reasons, often lacking a strong opposition to binary blobs "as long as they work". This fragmentation, and the acceptance of a growing number of proprietary components into Linux, is seen as weakening the ability of the community to resist the trend of manufacturers to increasingly refuse to provide documentation for their binaries.

Use via wrappers

A wrapper is software which allows one operating system to use a binary proprietary device driver written for another operating system. Examples of wrappers are NDISwrapper for Linux, and Project Evil for FreeBSD and NetBSD. These wrappers allow these operating systems to use network drivers written for Microsoft Windows by implementing Microsoft's NDIS API.

Another example is providing compatibility layers so that foreign utilities could be used to service the hardware. Examples include some RAID controller drivers in FreeBSD, where the system administrator would have to enable Linux compatibility layer in FreeBSD and independently procure Linux-specific binary blobs directly from the hardware manufacturer in order to monitor and service the hardware. [12] [13] [26] Circa 2005, this state of affairs prompted OpenBSD to create and popularise its bio(4), bioctl and sensor drive concepts as an alternative solution for RAID monitoring, [27] [16] both of which concepts have subsequently found its way into NetBSD as well.

Device firmware

Firmware is the software required by the onboard microcontrollers that accompany some hardware, is generally not considered to be a binary blob. [28] [19] :BSD [11] :... In many devices, firmware is stored in non-volatile onboard flash memory, but to decrease costs and ease upgrades, some devices contain only static RAM and require the host operating system to upload firmware each time they are connected (especially USB devices). Although the firmware is thus present in the operating system driver, it is merely copied to the device and not executed by the CPU, removing concerns about extra security flaws compared to what's already possible with a DMA attack even if the firmware was already stored within the device at all times. The OpenBSD project accepts binary firmware/microcode images and will redistribute these images if the license permits; [28] [29] if free and unconditional redistribution is not permitted by the vendor, the machine instructions on fetching these images may be provided in the ports tree (which precludes some encumbered wireless devices (e.g., Intel Wireless) from being available during the initial install). [30] On Microsoft Windows implementations, the microcode binary may be embedded in the SYS / DLL / VXD device driver directly, as opposed to separated microcode file.

BIOS and UEFI

SeaBIOS, an open-source implementation of BIOS, running as coreboot payload on a Lenovo ThinkPad X60 Coreboot+seaBIOS+on-x60.JPG
SeaBIOS, an open-source implementation of BIOS, running as coreboot payload on a Lenovo ThinkPad X60

The BIOS, which functions as a bootloader and supports legacy real mode applications, is a crucial component of many IBM-compatible computers. In the late 1990s work started on EFI (Extensible Firmware Interface) with the objective to move legacy BIOS to a modern interface with a modular driver model. EFI is closed source and was eventually adopted by many industry leading hardware manufacturers as UEFI (Unified Extensible Firmware Interface). The EDK (EFI Development Kit) was developed to assist EFI firmware development projects. [31]

Also in the late 1990s, the coreboot project was started to create an open source alternative to legacy BIOS from scratch. [31] The coreboot developer community organises around Stefan Reinauer and is led by firmware developers with commit rights. [32] Despite closed source binary firmware having been at the heart of the x86 architecture coreboot only incorporates the few proprietary binaries that are necessary to provide users with a base level hardware support. [33] A completely open source alternative to BIOS and UEFI is libreboot, which was promoted by the Free Software Foundation (FSF). [34]

See also

Related Research Articles

<span class="mw-page-title-main">Free software</span> Software licensed to be freely used, modified and distributed

Free software, libre software, or libreware is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, not price; all users are legally free to do what they want with their copies of a free software regardless of how much is paid to obtain the program. Computer programs are deemed "free" if they give end-users ultimate control over the software and, subsequently, over their devices.

<span class="mw-page-title-main">Firmware</span> Low-level computer software

In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide hardware abstraction services to higher-level software such as operating systems. For less complex devices, firmware may act as the device's complete operating system, performing all control, monitoring and data manipulation functions. Typical examples of devices containing firmware are embedded systems, home and personal-use appliances, computers, and computer peripherals.

<span class="mw-page-title-main">UEFI</span> Operating system and firmware specification

Unified Extensible Firmware Interface is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the BIOS which was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10.

Freely redistributable software (FRS) is software that anyone is free to redistribute. The term has been used to mean two types of free to redistribute software, distinguished by the legal modifiability and limitations on purpose of use of the software. FRS which can be legally modified and used for any purpose is the same as free software. Non-legally modifiable FRS is freeware, shareware or similar.

coreboot Open-source computer firmware

coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.

<span class="mw-page-title-main">Free and open-source graphics device driver</span> Software that controls computer-graphics hardware

A free and open-source graphics device driver is a software stack which controls computer-graphics hardware and supports graphics-rendering application programming interfaces (APIs) and is released under a free and open-source software license. Graphics device drivers are written for specific hardware to work within a specific operating system kernel and to support a range of APIs used by applications to access the graphics hardware. They may also control output to the display if the display driver is part of the graphics hardware. Most free and open-source graphics device drivers are developed by the Mesa project. The driver is made up of a compiler, a rendering API, and software which manages access to the graphics hardware.

Dynamic Kernel Module Support (DKMS) is a program/framework that enables generating Linux kernel modules whose sources generally reside outside the kernel source tree. The concept is to have DKMS modules automatically rebuilt when a new kernel is installed.

<span class="mw-page-title-main">Comparison of open-source wireless drivers</span>

Wireless network cards for computers require control software to make them function. This is a list of the status of some open-source drivers for 802.11 wireless network cards.

These tables compare free software / open-source operating systems. Where not all of the versions support a feature, the first version which supports it is listed.

gNewSense Linux distribution

gNewSense was a Linux distribution, active from 2006 to 2016. It was based on Debian, and developed with sponsorship from the Free Software Foundation. Its goal was user-friendliness, but with all proprietary and non-free software removed. The Free Software Foundation considered gNewSense to be composed entirely of free software.

<span class="mw-page-title-main">Kernel-based Virtual Machine</span> Virtualization module in the Linux kernel

Kernel-based Virtual Machine (KVM) is a free and open-source virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It was merged into the mainline Linux kernel in version 2.6.20, which was released on February 5, 2007. KVM requires a processor with hardware virtualization extensions, such as Intel VT or AMD-V. KVM has also been ported to other operating systems such as FreeBSD and illumos in the form of loadable kernel modules.

The following outline is provided as an overview of and topical guide to free software and the free software movement:

Proprietary firmware is any firmware that has had its use, private modification, copying, or republishing restricted by the producer. Proprietors may enforce restrictions by technical means, such as by restricting source code access, firmware replacement restrictions, or by legal means, such as through copyright and patents. Alternatives to proprietary firmware may be free (libre) or open-source.

<span class="mw-page-title-main">OpenBSD</span> Operating system

OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.

<span class="mw-page-title-main">Linux-libre</span> Version of the Linux kernel without proprietary code

According to the Free Software Foundation Latin America, Linux-libre is a modified version of the Linux kernel that contains no binary blobs, obfuscated code, or code released under proprietary licenses. In the Linux kernel, they are mostly used for proprietary firmware images. While generally redistributable, binary blobs do not give the user the freedom to audit, modify, or, consequently, redistribute their modified versions. The GNU Project keeps Linux-libre in synchronization with the mainline Linux kernel.

<span class="mw-page-title-main">SeaBIOS</span> Open-source implementation of x86 BIOS

SeaBIOS is an open-source implementation of an x86 BIOS, serving as a freely available firmware for x86 systems. Aiming for compatibility, it supports standard BIOS features and calling interfaces that are implemented by a typical proprietary x86 BIOS. SeaBIOS can either run on bare hardware as a coreboot payload, or can be used directly in emulators such as QEMU and Bochs.

In computing, a devicetree is a data structure describing the hardware components of a particular computer so that the operating system's kernel can use and manage those components, including the CPU or CPUs, the memory, the buses and the integrated peripherals.

The bio(4) pseudo-device driver and the bioctl(8) utility implement a generic RAID volume management interface in OpenBSD and NetBSD. The idea behind this software is similar to ifconfig, where a single utility from the operating system can be used to control any RAID controller using a generic interface, instead of having to rely on many proprietary and custom RAID management utilities specific for each given hardware RAID manufacturer. Features include monitoring of the health status of the arrays, controlling identification through blinking the LEDs and managing of sound alarms, and specifying hot spare disks. Additionally, the softraid configuration in OpenBSD is delegated to bioctl as well; whereas the initial creation of volumes and configuration of hardware RAID is left to card BIOS as non-essential after the operating system has already been booted. Interfacing between the kernel and userland is performed through the ioctl system call through the /dev/bio pseudo-device.

References

  1. Michael Larabel (2012-08-06). "Coreboot: Replacing Intel's Binary Video BIOS Blob". Phoronix . Retrieved 2015-06-23.
  2. Chris Hoffmann (2015-02-13). "How Intel and PC makers prevent you from modifying your laptop's firmware". pcworld.com. Retrieved 2015-06-23.
  3. "BIOS Freedom Status". puri.sm. 2014-11-12. Retrieved 2015-06-23.
  4. Michael Larabel (2012-10-24). "Raspberry Pi GPU Driver Turns Out To Be Crap". Phoronix . Retrieved 2015-06-23.
  5. Jake Edge (2015-06-17). "Chromium suddenly starts downloading a binary blob". LWN.net . Retrieved 2015-06-23.
  6. "3.9: "Blob!"". OpenBSD Release Songs. OpenBSD. 2006-05-01. Blobs are vendor-compiled binary drivers without any source code.
  7. "Debian packages built from the source package 'firmware-nonfree' - Binary firmware for various drivers in the Linux kernel". 2010. Retrieved 2010-03-25.
  8. Constantine A. Murenin (2006-12-10). "Почему так важно иметь документацию по программированию железа". Linux.org.ru (in Russian).
  9. Theo de Raadt (2016-12-03). "Page 11: The hardware: ethernet". Open Documentation for Hardware. OpenCON 2006, 2–3 December 2006. Courtyard Venice Airport, Venice/Tessera, Italy. Only a few recalcitrant vendors remain closed. / ethernet 95% documented 99% working / Open documentation largely due to the effort of one man: Bill Paul
  10. "List of Free GNU/Linux Distributions". GNU Project . Free Software Foundation.
  11. 1 2 3 Andrews, Jeremy (2006-04-19). "Interview with Jonathan Gray and Damien Bergamini". kerneltrap.org. Archived from the original on 2007-12-11. Retrieved 2008-01-06.
  12. 1 2 Scott Long; Adaptec, Inc (2000). "aac(4) — Adaptec AdvancedRAID Controller driver". BSD Cross Reference. FreeBSD. If the kernel is compiled with the COMPAT_LINUX option, or the aac_linux.ko and linux.ko modules are loaded...
  13. 1 2 Achim Leubner (2013). "aacraid(4) — Adaptec AACRAID Controller driver". BSD Cross Reference. FreeBSD. If the kernel is compiled with the COMPAT_LINUX option, or the aacraid_linux.ko and linux.ko modules are loaded...
  14. Matzan, Jem (15 June 2005). "BSD cognoscenti on Linux". NewsForge. Archived from the original on 23 March 2006. Retrieved 2006-07-07. See Christos Zoulas's response to "Is sharing between Free/Open/NetBSD and the Linux kernel a common occurrence? And if so, does it go both ways?"
  15. "build/options/WITHOUT_SOURCELESS_UCODE". BSD Cross Reference. FreeBSD. 2012-02-04.
  16. 1 2 "3.8: "Hackers of the Lost RAID"". OpenBSD Release Songs. OpenBSD. 2005-11-01.
  17. 1 2 Andrews, Jeremy (2006-05-02), "Interview: Theo de Raadt", KernelTrap , Jeremy Andrews, archived from the original on 2006-06-03
  18. "Protest against ATI nearly led to the arrest of RMS". Free Software Foundation. 27 April 2006. Retrieved 2006-10-10.
  19. 1 2 3 4 "Explaining Why We Don't Endorse Other Systems". GNU Project . Free Software Foundation.
  20. "Debian firmware-linux packages". 2010. Retrieved 2010-03-25.
  21. "a/lt-binary". lwn.net.
  22. Greg Kroah-Hartman (June 2008). "A position statement on Linux Kernel Modules". The Linux Foundation.
  23. Greg Kroah-Hartman (2006). "Myths, Lies, and Truths about the Linux kernel". Linux Symposium.
  24. "Nonfree Firmware". GNU Project § Free System Distribution Guidelines (GNU FSDG) . Free Software Foundation.
  25. "::[FSFLA]:: Take your freedom back, with Linux-2.6.33-libre". fsfla.org.
  26. Jonathan Gray (2006-12-02). "Page 26: Only open for business: FreeBSD". Driver Architecture and Implementation in OpenBSD. OpenCON 2006, 2–3 December 2006. Courtyard Venice Airport, Venice/Tessera, Italy. Retrieved 2019-03-27. drivers designed for binary only Linux RAID management tools
  27. Theo de Raadt (2005-09-09). "RAID management support coming in OpenBSD 3.8". misc@ (Mailing list). OpenBSD.
  28. 1 2 "OpenBSD Works To Open Wireless Chipsets". KernelTrap. November 2, 2004. Archived from the original on 2006-06-20. Retrieved 2006-06-23.
  29. "/sys/dev/microcode/". OpenBSD .
  30. "sysutils/firmware". OpenBSD ports .
  31. 1 2 Vincent Zimmer; Jiming Sun; Marc Jones; Stefan Reinauer (2015). Embedded Firmware Solutions: Development Best Practices for the Internet of Things. Apress. p. 121. ISBN   9781484200704.
  32. Vincent Zimmer; Jiming Sun; Marc Jones; Stefan Reinauer (2015). Embedded Firmware Solutions: Development Best Practices for the Internet of Things. Apress. p. 61. ISBN   9781484200704.
  33. Vincent Zimmer; Jiming Sun; Marc Jones; Stefan Reinauer (2015). Embedded Firmware Solutions: Development Best Practices for the Internet of Things. Apress. p. 65. ISBN   9781484200704.
  34. "Campaign for Free BIOS". Free Software Foundation. 2006-11-29. Retrieved 2007-01-02.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.