In the free software community, binary blob is a pejorative term for an object file loaded into the kernel of a open source operating system without publicly available source code. The term is not usually applied to code running outside the kernel, such as BIOS code, firmware images, or userland programs.
When computer hardware vendors provide complete technical documentation for their products, operating system developers are able to write hardware device drivers to be included in the operating system kernels. However, some vendors, such as NVIDIA, do not provide complete documentation for some of their products and instead provide binary-only drivers (binary blobs); this practice is most common for accelerated graphics drivers, networking devices and RAID controllers.[1]
Contents |
Acceptance
Some projects try to create a free operating system, and will not accept binary blobs if they cannot get documentation for hardware or source code for device drivers. Such projects include NetBSD, FreeBSD, DragonFly BSD, and most GNU/Linux distributions.[2]
The OpenBSD project has a notable policy of not accepting any binary blobs into its source tree, citing not only the potential for undetectable or irreparable security flaws, but also the encroachment onto the openness and freedom of its software.[3]
The Free Software Foundation (FSF) is actively campaigning against binary blobs.[4] It also considers OpenBSD's policy flawed, as 'blobs' in the BSD community refer to what it considers non-free drivers, and not non-free firmware.[5]
The Debian project includes both free and non-free binary firmware blobs from the Linux kernel, but it clearly marks and separates the non-free packages[6] according to the Debian Social Contract.
Problems
There are a number of reasons why binary blobs can cause problems[7]:
- Users are not free to improve the software and distribute modified versions.
- Blobs are unportable and typically limited to a few hardware architectures.
- The correctness of the driver code cannot be checked.
- The code cannot be audited for security by users or third parties.
- Users are forced to trust vendors not to put backdoors and spyware into the blob.
- In case of bugs or vulnerabilities, the driver cannot be repaired by operating system developers.
- The hardware vendor can decide not to support some operating systems, or to abandon driver maintenance at any time.
Use via wrappers
A wrapper is software which allows one operating system to use a binary blob driver written for another operating system. Examples of wrappers are NdisWrapper for Linux, and Project Evil for FreeBSD and NetBSD. These wrappers allow these operating systems to use network drivers written for Microsoft Windows. These wrappers implement Microsoft's NDIS API.
Device firmware
Firmware, the software required by the onboard microcontrollers that accompany some hardware, is generally not considered to be a binary blob. In many devices, firmware is stored in non-volatile onboard flash memory, but to decrease costs and ease upgrades, some devices contain only static RAM and require the host operating system to upload firmware each time they are connected (especially USB devices). Although the firmware is thus present in the operating system driver, it is merely copied to the device and not executed by the CPU, lessening concerns about hidden security flaws. The OpenBSD project accepts binary firmware images and will redistribute these images if the license permits.[8]
BIOS
The BIOS, which functions as a bootloader and supports legacy real mode applications, is a crucial component of many IBM-compatible computers. The BIOS is always 16-bit, often has networking functions, and can be a security backdoor (sometimes deliberate,[9] [10] and the operating system has no control over this backdoor).[11] The FSF promotes coreboot in its campaign for free BIOS firmware.[12]
See also
- Loadable kernel module
- Wireless security
- Proprietary firmware
- Proprietary software
- Opaque binary blob
References
- ^ "Debian packages built from the source package 'firmware-nonfree' - Binary firmware for various drivers in the Linux kernel". 2010. http://packages.debian.org/source/sid/firmware-nonfree. Retrieved 2010-03-25.
- ^ Matzan, Jem (15 June 2005). "BSD cognoscenti on Linux". NewsForge. http://os.newsforge.com/os/05/06/09/2132233.shtml?tid=8&tid=2. Retrieved 2006-07-07. See Christos Zoulas's response to "Is sharing between Free/Open/NetBSD and the Linux kernel a common occurrence? And if so, does it go both ways?"
- ^ Music composed by Ty Semaka and Jonathan Lewis. Recorded, mixed and mastered by Jonathan Lewis of Moxam Studios (1-403-233-0350). Vocals and Lyrics by Ty Semaka & Theo de Raadt. Bass guitar, organ and bubbles by Jonathan Lewis. Guitar by Tom Bagley. Drums by Jim Buick. "3.9: "Blob!"". OpenBSD. http://www.openbsd.org/lyrics.html#39. Retrieved 2006-06-22.
- ^ "Protest against ATI nearly led to the arrest of RMS". Free Software Foundation. 27 April 2006. http://www.fsf.org/blogs/community/rms-ati-protest.html. Retrieved 2006-10-10.
- ^ "Explaining Why We Don't Endorse Other Systems". GNU Project. July 13 2011. http://www.gnu.org/distros/common-distros.html#BSD. Retrieved 2011-09-10.
- ^ "Debian firmware-linux packages". 2010. http://packages.debian.org/firmware-linux. Retrieved 2010-03-25.
- ^ Andrews, Jeremy (2006-04-19). "Interview with Jonathan Gray and Damien Bergamini". kerneltrap.org. http://kerneltrap.org/node/6497. Retrieved 2008-01-06.
- ^ "OpenBSD Works To Open Wireless Chipsets". KernelTrap. November 2, 2004. http://kerneltrap.org/node/4118. Retrieved 2006-06-23.
- ^ http://www.intel.com/content/www/us/en/architecture-and-technology/vpro/vpro-technology-general.html
- ^ http://www.absolute.com/en/partners/bios-compatibility.aspx
- ^ as per IBM PC specs
- ^ "Campaign for Free BIOS". Free Software Foundation. 2006-11-29. http://www.fsf.org/campaigns/free-bios.html. Retrieved 2007-01-02.
External links
- McMillan, Robert (June 21, 2006). "Researchers hack Wi-Fi driver to breach laptop". InfoWorld. http://www.infoworld.com/article/06/06/21/79536_HNwifibreach_1.html. Retrieved 2006-06-23.
- KernelTrap article on Damien Bergamini's wpi(4) driver, a blobless ipw3945 alternative for OpenBSD
- KernelTrap interview with Jonathan Gray and Damien Bergamini regarding binary blobs
- The Black Hat Wireless Exploit Interview, Verbatim by Brian Krebs on the Washington Post's website, http://washingtonpost.com