Is it still possible to deblob FreeBSD now?

[Allen123456hello]

FreeBSD is wonderful, but there are some blobs in the source.
I have searched discussions about deblobbing FreeBSD, but the forums I've searched is very old.
I tried to deblob FreeBSD's kernel myself, but it is challenging because of two reasons:
1. I found it difficult to check the licenses of the source code. Though there are many files containing "SPDX-License-Identifier", many files lack explicit licensing information.
2. Even if a file contains "SPDX-License-Identifier: BSD-3-Clause", it still can be nonfree. An example: /usr/src/sys/dev/usb/wlan/if_zydfw.h

uint8_t zd1211_firmware[] = /*blobs*/

I tried to search "firmware" in all the files in order to find blobs, but it is not very accurate.
So is it possible to deblob FreeBSD (or deblob FreeBSD's kernel) easily?

 

[kent_dorfman766]

Which BLOBs are you referring to? There will always be device firmware BLOBs because so many peripherals have proprietary internals, To support a larger audience they create a HAL (hardware access layer) BLOB that makes the device API available. It also allows hardware manufacturers to upgrade firmware for their devices, as many use FPGAs and that code is loaded upon bootup.

 

[Allen123456hello]

I mean, I want to remove software included without source code, under nonfree licenses, or with obfuscated code. Most of them are firmware, but it is possible that some other nonfree code is in the FreeBSD source code.

 

[ralphbsz]

That code is under the BSD license. It is just difficult to read (being binary). I'm sure there are some experts out there who would be able to decompile it. And I hope you are aware how much firmware is (permanently) inside most other components. As an example, about 20 years ago, disk drives had so much firmware that they stopped storing it in EPROM or flash, and instead put it on the platters.

 

[Allen123456hello]

Yes, I am aware of the firmware inside other components. I am considering about buying a computer with something like "Respect Your Freedom Certification".

 

[ralphbsz]

Sadly, that computer will not have a CPU chip, nor a storage device. To my knowledge, there are no commercial CPUs usable for a desktop/laptop/server machine that are fully open without embedded firmware. Nor HDDs or SSDs.

 

[fmc000]

Sadly, that computer will not have a CPU chip, nor a storage device. To my knowledge, there are no commercial CPUs usable for a desktop/laptop/server machine that are fully open without embedded firmware. Nor HDDs or SSDs.

Not to mention graphic cards, network interfaces and so on.

 

[mer]

Sadly, that computer will not have a CPU chip, nor a storage device. To my knowledge, there are no commercial CPUs usable for a desktop/laptop/server machine that are fully open without embedded firmware. Nor HDDs or SSDs.

Yep, my first thought on this was "Well, if you can black box reverse engineer all the firmware on devices you need and design/create your own hardware, then it's possible to deblob"

 

[Phishfry]

OK we all realize blobs are just part of computing. It was never fully open and probably never will.
So with that said.

Who tests blobs? It seems you could setup a machine with blob running and setup a harness around blob. See what is coming in and out of blob.
Not for reversal but security.

To me it was a huge wakeup when I went from pfSense to maintaining my own firewall. The amount of UDP traffic from dummy old boxes on my network like APC Temp monitoring device.
Sending all kind of requests over the internet. Totally unsat. Removed from service.

My point is who has built a module monitor driver to capture what module is doing. Modules might not be the best test example.
What about the raw firmware files I see for many devices. Those would be interesting to harvest details from. How would you know it's leaking.
I wonder how much HardenedBSD does on that front.
Test what blobs are doing on FreeBSD.

If you find something you might get a free t-shirt or mug.

 

[Phishfry]

What is funny to me is when Intel NUC with Intel interface turns up in nmap

Nmap scan report for 192.168.1.104
Host is up (0.0016s latency).
MAC Address: 94:C6:91:12:XX:XX (EliteGroup Computer Systems)

Wait how did ECS get in the Intel Network firmware for an Intel device???
Maybe they were the OEM for Intel NUC boards.....
Still makes you wonder what is burned into firmware.

I know MAC can be changed. This was new NUC in sealed box.

 

[cracauer@]

First step is to ditch every wireless and use a wired connection for network and nothing for bluetooth.

 

[Phishfry]

Second step ditch the gun and grab a shovel. You can't kill it just beat it with a shovel then cover it up.

 

[Phishfry]

"Respect Your Freedom Certification".

You know this all started off flea market tables and computer shows? We took the scraps we could afford. Then IBM PC came along and changed the model.

Open Source Operating Systems are not a social cause. I consider it a technical choice. Choose what to run on your hardware.

Everybody wants freedom for everything. How willing are you to work for it?

Freedoms just another word for nothing left to lose.

 

[linimon@]

I mean, I want to remove software included without source code, under nonfree licenses, or with obfuscated code. Most of them are firmware, but it is possible that some other nonfree code is in the FreeBSD source code.

I think as close as you can get today is the PowerPC boxen made by Raptor Systems. (yes I have one). Even that is not 100% IIUC.