OpenBSD Journal

Why hardware documentation matters so much

Contributed by deanna on from the campaigns dept.

"... and why it is so hard to get" is a talk given by Theo de Raadt at OpenCON last weekend - the slides are now available. The presentation offers insight into issues such as -
  • Why vendor drivers are unacceptable
  • Why vendors' reasons and excuses are unacceptable
  • The users defending vendors phenomenon
And quite a bit more.

Also added today was Claudio Jeker's talk: Network Stack Changes in OpenBSD.

UPDATE: Michele Marchetto: OpenRIPD and Henning Brauer: OpenBGPD (European Peering Forum 2006)

Keep an eye on the events page; there are still more sets on the way.

(Comments are closed)


Comments
  1. By LeonYendor (218.214.194.113) on

    There seems to be a glitch in the linking in Theo's slides. I cannot go back and track the break exactly right now because my 6Mb/s link is only getting data at less than dialup speeds ATM.

    Clicking on the "next" link on each page got me to the slide about where the 802.11 devs were named and then straight to the last page.

    I went back to the index page and clicked on the image that should have been next and from there all was fine.

    Just one bad link, it seems.

    That said, it is a presentation that needs wider audiences. It just might peel the scales off a few eyes.

    Thanks for pointing it out.

  2. By Matt Van Mater (69.255.1.181) on

    I enjoyed Claudio's slides very much. Very interesting and informative. I'm tempted to set up some experiments at my home lab or with some spare gear at work.

    Keep up the good work guys!

  3. By Antonios (89.210.233.55) on

    I just read them, interesting network stuff indeed (as much as I could grasp anyway).
    Theo's slides are both entertaining and pretty informative. Should shut up a few mouths I guess. Including my own if I read them a couple of years ago :-)

  4. By Anonymous Coward (87.79.237.121) on

    Interestingly enough, a buffer overflow in Intel's
    drivers for their NICs was just found:

    http://www.intel.com/support/network/sb/CS-023726.htm

    Comments
    1. By Anonymous Coward (69.70.68.38) on

      > Interestingly enough, a buffer overflow in Intel's
      > drivers for their NICs was just found:
      >
      > http://www.intel.com/support/network/sb/CS-023726.htm

      Interesting! What I don't understand from there page, is how this exploit affects non-windows OS's? Scary to see things like this, imagine how many windows servers will require network downtime just to update this...

      Comments
      1. By Anonymous Coward (85.158.44.149) on

        > Interesting! What I don't understand from there page, is how this exploit affects non-windows OS's?

        Device drivers run as part of the kernel, they have a very high level of access to the system... This is one of the reasons why vendor-provided binary drivers are a big problem, and even vendor-provided source code (written by someone who wants to sell hardware, rather than written by someone as part of a secure OS) still involves a huge amount of extra work to bring up to quality.

        Intel provide open-source drivers for some of their hardware, this advisory covers the Linux driver but doesn't say whether or not it affects their FreeBSD driver (which OpenBSD tracks), and there's not a lot more information I could find to tell (other than diffing the old and new drivers to determine what was changed and assessing it). Nothing stood out in the changelogs (e100 and e1000).

        It's not the first time there's been a problem with Intel drivers (e.g. CVE-2004-0535 [local, on linux], CVE-2006-3596 [remote: triggered by frame contents, on cisco ids], CVE-2006-3992 and 2006-4022 [remote: triggered by frame contents, wireless nic drivers on windows]). From 2006-3992: "This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code[...] If a remote attacker within transmitting range of an affected wireless adapter sends a specially crafted frame to that adapter, they may be able to trigger this vulnerability". 'within transmitting range': that's quite a wide area for someone with the right equipment...

        > Scary to see things like this, imagine how many windows servers will require network downtime just to update this...

        Looks like it's only local, many won't bother, what's (yet) another local priv-escalation problem, especially when it's probably going to be tucked away in the 'hardware drivers' section of Windows Update with nothing to draw attention to the security problem?

  5. By Daniel Bolgheroni (201.93.207.239) on

    Are there any audio version for such presentations? It would be nice if these talks in audio version too.

    Thank you.

  6. By Anonymous Coward (69.70.68.38) on

    Cool! I didn't know about OpenRIP... Now what about openrip.org?

    Comments
    1. By Anonymous Coward (74.13.57.232) on

      > Cool! I didn't know about OpenRIP... Now what about openrip.org?

      Like OpenOSPF, OpenRIP falls in with OpenBGP.

  7. By Marc (194.245.32.131) marc_at_sanity_dot_de on

    hi folks,

    i contacted one of the sales droids of amcc for documentation of 3ware raid-controllers. after blurting that they don't deliver binary blobs and pointing me to freebsd and linux drivers, he also says, that they didn't ever recieved any customer questions for documentation of their driver and that they will support openbsd, if they get more customer requests:

    [quote]
    "3. We do not deliver 'binary blobs' for any of our supported open
    source operating systems.

    4. We will look into supporting OpenBSD, especially if we get
    several requests from customers for it, so far you are the first.
    If you would like, feel free to port the FreeBSD driver to OpenBSD." [/quote]

    If you also want to contact him, you can either use 3waresales@amcc.com or, if you want to write the guy who answered me (and contacted the tech department, which didn't answered my email), contact Fred De Vera at fdevera_at_amcc_dot_com.

    Comments
    1. By Jason Crawford (65.174.217.59) jasonrcrawford@gmail.com on

      > hi folks,
      >
      > i contacted one of the sales droids of amcc for documentation of 3ware raid-controllers. after blurting that they don't deliver binary blobs and pointing me to freebsd and linux drivers, he also says, that they didn't ever recieved any customer questions for documentation of their driver and that they will support openbsd, if they get more customer requests:
      >
      > [quote]
      > "3. We do not deliver 'binary blobs' for any of our supported open
      > source operating systems.
      >
      > 4. We will look into supporting OpenBSD, especially if we get
      > several requests from customers for it, so far you are the first.
      > If you would like, feel free to port the FreeBSD driver to OpenBSD." [/quote]
      >
      > If you also want to contact him, you can either use 3waresales@amcc.com or, if you want to write the guy who answered me (and contacted the tech department, which didn't answered my email), contact Fred De Vera at fdevera_at_amcc_dot_com.

      I have sent a personal request to Fred, and am crafting another one to 3waresales@amcc.com soon. I hope every user that reads undeadly can send a request to Fred so he can realize how many users would benifit from it, assuming that he doesn't go back on his word.

    2. By Anonymous Coward (69.70.207.240) on

      > hi folks,
      >
      > i contacted one of the sales droids of amcc for documentation of 3ware raid-controllers. after blurting that they don't deliver binary blobs and pointing me to freebsd and linux drivers, he also says, that they didn't ever recieved any customer questions for documentation of their driver and that they will support openbsd, if they get more customer requests:
      >
      > [quote]
      > "3. We do not deliver 'binary blobs' for any of our supported open
      > source operating systems.
      >
      > 4. We will look into supporting OpenBSD, especially if we get
      > several requests from customers for it, so far you are the first.
      > If you would like, feel free to port the FreeBSD driver to OpenBSD." [/quote]
      >
      > If you also want to contact him, you can either use 3waresales@amcc.com or, if you want to write the guy who answered me (and contacted the tech department, which didn't answered my email), contact Fred De Vera at fdevera_at_amcc_dot_com.

      Is it possible he's mis-interpreting a 'binary blob' as a 'binary driver', or that they would write the driver themselves only - or even only release documentation under an NDA? If so, that won't fly with OpenBSD... But if they're willing to understand clearly and to provide what the OpenBSD people actually want or need, then I'll send an email too.

      Comments
      1. By Jason Crawford (65.174.217.59) jasonrcrawford@gmail.com on

        > Is it possible he's mis-interpreting a 'binary blob' as a 'binary driver', or that they would write the driver themselves only - or even only release documentation under an NDA? If so, that won't fly with OpenBSD... But if they're willing to understand clearly and to provide what the OpenBSD people actually want or need, then I'll send an email too.

        You should just send him an email anyway, requesting Documentation and stating that you do NOT want binary drivers or source code, ONLY Documentation. If that's not what he ment, well he'll still see how many potential customers he's turning away.

    3. By Anonymous Coward (68.167.146.78) on

      Email sent. I work for a pretty large enterprise, and we buy Sun v20z and v40z servers at the present time (we're moving a lot of stuff from Windows to Linux). One of the major factors in my spec'ing these is that they come with LSI RAID controllers. The OpenBSD hardware compatibility list is a true Godsend.

    4. By Anonymous Coward (80.195.230.203) on

      > hi folks,
      >
      > i contacted one of the sales droids of amcc for documentation of 3ware raid-controllers. after blurting that they don't deliver binary blobs and pointing me to freebsd and linux drivers, he also says, that they didn't ever recieved any customer questions for documentation of their driver and that they will support openbsd, if they get more customer requests:
      >
      > [quote]
      > "3. We do not deliver 'binary blobs' for any of our supported open
      > source operating systems.
      >
      > 4. We will look into supporting OpenBSD, especially if we get
      > several requests from customers for it, so far you are the first.
      > If you would like, feel free to port the FreeBSD driver to OpenBSD." [/quote]
      >
      > If you also want to contact him, you can either use 3waresales@amcc.com or, if you want to write the guy who answered me (and contacted the tech department, which didn't answered my email), contact Fred De Vera at fdevera_at_amcc_dot_com.

      I too have contacted them in the past so they are clearly not telling the truth as they say that you were the first person to do so.

    5. By Matthias Kilian (91.3.24.64) on

      > "3. We do not deliver 'binary blobs' for any of our supported open
      > source operating systems.

      I'd a look at the 3ware-9.0 stuff last year, and that statement just isn't true. At least the management software is blobby, usable only on linux/i386.

      A RAID controller without proper management tools is just a pile of junk.

  8. By Arach (194.186.117.245) on

    Here is my small piece of contribution..

    ------
    Good time of day, mr. De Vera.

    As a user of OpenBSD OS and a customer (being a network/system administrator), I would like to have drivers for your company's RAID cards under my preferred production OS. If there will be the OpenBSD drivers, I and many other system administrators may (and probably will) buy and use 3ware hardware. Without the drivers, there are another vendors (LSI, for example) who support OpenBSD with FREE DOCUMENTATION and therefore writing, testing and debugging simple and robust open source driver code for their hardware already became possible.

    Please, support the OpenBSD project with FREE DOCUMENTATION (without the need to sing an NDA) for 3ware hardware, because porting (reverse-engineering) a driver from Linux or FreeBSD IS NOT THE SAME as having good free documentation and by that the ability to write well designed and well working open source drivers by OpenBSD developers themselves.

    Besides, I know that some vendors cannot donate documentation due to the fact that there are some internal commercial information (for example, future products' roadmap hints) spreaded all over the technical details. If this is the case, please, invite your company's technical experts to cooperate with the OpenBSD project. This kind of cooperation should not be expensive at all.
    -----

    My first message of this kind... Is something wrong (besides grammar :) or not quite right?

    Comments
    1. By mho (130.237.209.52) on

      >the need to sing an NDA)

      NDA, tra-la-la! Something for song41? :-)

      (Sorry, couldn't help myself)

      - mho

  9. By Terrell Prude' Jr. (68.167.146.78) on

    I got a response on this from a VP there, who shall, out of proper decorum, remain nameless at this time. This VP say that there is "intellectual property within our API documentation that cannot be released as open source." Now, while I question that, I nonetheless thanked him for his response, as he didn't actually have to bother even doing that. I also let him know that, if/when that does change some day, I'd be glad to give 3ware RAID cards a shot at my workplace.

    I think it's a shame that some vendors like to hide behind the phrase "intellectual property" and not tell us more specifically if it's copyrights, patents, or trade secrets. But at least we've got LSI Logic. Fortunately, LSI is the RAID engine in Sun's v20z and v40z server lines.

    Comments
    1. By Marc (84.62.41.219) marc_at_sanity_dot_de on

      > I got a response on this from a VP there, who shall, out of proper decorum, remain nameless at this time. This VP say that there is "intellectual property within our API documentation that cannot be released as open source." Now, while I question that, I nonetheless thanked him for his response, as he didn't actually have to bother even doing that. I also let him know that, if/when that does change some day, I'd be glad to give 3ware RAID cards a shot at my workplace.
      >
      > I think it's a shame that some vendors like to hide behind the phrase "intellectual property" and not tell us more specifically if it's copyrights, patents, or trade secrets. But at least we've got LSI Logic. Fortunately, LSI is the RAID engine in Sun's v20z and v40z server lines.

      so, did you ask him, why 3ware is supporting linux and freebsd then, when they have "intellectual property"in their drivers?

      Comments
      1. By Terrell Prude', Jr. (68.167.146.78) on

        > so, did you ask him, why 3ware is supporting linux and freebsd then, when they have "intellectual property"in their drivers?

        No, I didn't. I think we already know the answer, though. It's all about "magic numbers" and such. See, if you write drivers that obfuscate characteristics of the card (e. g. using unexplained constants, or "magic numbers"), then you don't have to release docs, but you can claim "look, see, we're open source." It's just like with the Marvell OLPC wireless chipset issue. There's a GPL'd Linux driver w/ magic numbers, but there are no docs without NDA.

        And yes, I suspect you already know all of this. :-) But a lot of newbies don't, and we need to educate them, hence the above text.

        Like I said, we have LSI Logic. They seem to be treating us right, so let's stick with them.

        Comments
        1. By sthen (85.158.44.149) on

          > Like I said, we have LSI Logic.

          Areca, too.

          Comments
          1. By Terrell Prude', Jr. (151.188.247.104) on

            > > Like I said, we have LSI Logic.
            >
            > Areca, too.

            Just took a look at their Web site. Has anyone put their RAID controllers through its paces w/ OpenBSD, GNU/Linux, or any other FLOSS platform?

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]