Damien Bergamini [interview] recently announced wpi(4), "a blob-free driver for Intel PRO/Wireless 3945ABG 802.11 adapters as found in Centrino Duo laptops" for OpenBSD. His announcement came a little over two months after Intel released the controversial ipw3945 driver for Linux [story] which included a binary-only daemon described as necessary for enforcing regulatory limits for the radio transmitter on the wireless device. Curious to know more about Damien's efforts, I approached him for more information, asking him how his driver differs from the Linux driver.
Damien began, "the wpi(4) driver I committed in OpenBSD is a totally new driver which doesn't use any bits from Intel's ipw3945 driver for Linux and doesn't rely on any binary-only components," though the driver does require the firmware provided by Intel. He explained that in his reverse engineering effort he only referred to the Linux driver to determine things like register offsets, "I just instrumented the GPL'd part of the driver (which is of course perfectly legal) to display which commands were sent to the firmware. And it turned out to be very simple," adding, "I never tried to disassemble the binary only regulatory daemon, which the license prevents." In reviewing the GPL'd driver, Damien described it as unnecessarily complex with 18,000 lines of code "just for a wrapper around a firmware and a binary blob." In contrast, the OpenBSD driver is 3,000 lines of code, "I do my best to write drivers that are easy to read and simple to understand so that other developers can join the fun and help to improve them."
ipw3945 Linux Driver
The existence of a binary-only userland daemon for enforcing regulatory compliance as included with the ipw3945 Linux driver is unique among Intel 802.11 wireless network drivers. Damien explained that in previous drivers compliance was enforced by the firmware, "which probably got the region information from the onboard EEPROM." When asked why he thought Intel moved this responsibility out of the firmware, Damien replied that he wasn't sure, going on to suggest, "probably because they wanted to reduce the complexity of their firmware which were bloated and buggy."
"It is amazing how poorly this driver is designed," Damien commented about the ipw3945 Linux driver, describing how the interface between the driver and the binary-only daemon adds "a spectacular amount of complexity". He also noted that the driver doesn't use much of the Linux 802.11 stack, which was partially contributed by Intel, "they duplicate large portions of code and implement things directly in the driver that should belong to the 802.11 stack. I found it surprising coming from Intel since they've shown numerous times in the past that they can write high-quality code."
In his efforts to understand how the ipw3945 driver controls the firmware, Damien found that the binary daemon was simple to bypass, offering no real control. "I was able to make the daemon think it was in another regulatory domain," he explained, "just by adding a few lines of code into the GPL'd part of the driver." The binary-only daemon is described as necessary due to FCC regulations, causing Damien to retort, "I think Intel (and Atheros) use FCC rules as a pretext to hide intellectual property in the binary-only portions of their drivers." He went on to explain that the Intel regulatory daemon, as well as the Atheros HAL, implement a number of complex algorithms, including automatic calibration of the radio power based on temperature variations, and dynamic tuning of the radio sensitivity based on received signal strength. "These algorithms go far beyond the simple enforcement of regulatory compliance," he added, "and can really make the difference by extending the operating range of the adapter, improving throughput in various environmental conditions, and reducing power consumption. That is why vendors want to keep these algorithms secret."
Damien noted that it doesn't bother him that companies don't want to reveal all of their source code, "but what annoys me is that they still pretend to provide open source drivers while you only have access to the part of the code that drives the MAC and communicates with the blob."
When asked the likelihood that the wpi driver would be ported to Linux, Damien thought that this was unlikely. "I doubt the Linux community will ever leverage this work since Intel is developing a 802.11 layer for the Linux kernel," he said, "Linux kernel developers probably can't afford to upset Intel." He also pointed out that the blob-based driver is already in wide use among Linux distributions, "and the worst thing is that most users of these distributions will not even notice they're running some binary only stuff that has privileged access to the kernel because it's completely silent."
The wpi driver is not yet finished. "Basic operations work but performance is less than optimal," Damien explained. "I'll now work on improving the driver by using a better rate control algorithm and adding dynamic tuning of the radio sensitivity and transmit power." He pointed out that this will likely be one of the first open source implementations of these algorithms, an effort that will benefit other wireless drivers.
The wpi driver does not utilize a userland daemon to comply with FCC regulations. Instead enforcement is left to the driver, "with the regulatory domain and the maximum transmit power settings for each channel stored in EEPROM," Damien explained, "it's simple for the driver to enforce the regulations directly inside the kernel." He went on to add, "of course, if people want to bypass them by modifying the driver's source code, they can. But it's not different with Intel's binary only daemon as you can easily fool it into thinking it is in another regulatory domain by just lying about the EEPROM content."
The initial wpi driver was merged into the OpenBSD source tree on May 14, 2006:
CVSROOT: /cvs Module name: src Changes by: damien [email blocked] 2006/05/14 13:00:51 Modified files: sys/dev/pci : files.pci share/man/man4 : Makefile Added files: sys/dev/pci : if_wpi.c if_wpireg.h if_wpivar.h share/man/man4 : wpi.4 Log message: Initial import of wpi(4), a blob-free driver for Intel PRO/Wireless 3945ABG 802.11 adapters as found in Centrino Duo laptops. More to come but works well enough for me to commit this over a wpi(4).