This was originally written as a reply in a Reddit thread linking to https://www.fsf.org/news/libiquity-wi-fri-nd2h-wi-fi-card-now-fsf-certified-to-respect-your-freedom
Edit: holy balls I wrote this long-ass comment and realised only afterwards that this article is over 1 year old already.
Libiquity Wi-Fri ND2H Wi-Fi card now FSF-certified to Respect Your Freedom
by Donald Robertson — Published on Jan 30, 2020 11:50 AM
It's 2021 already! Definitely fooled me!
Oh well, all that I wrote still fully applies.
There we go (again)!
This is not as impressive as the FSF makes it sound. Let me add some context here.
Almost all computer peripherals require both drivers and firmware.
If you already know what firmware is and what it does for your wifi chipset, skip to the Three methods below.
A driver is software that runs on your main CPU, as part of the OS. In our case, as a Linux kernel module.
Firmware is software that runs on a tiny CPU on the device itself.
Drivers are relatively easy (if we ignore Nvidia for now). For the vast majority of wifi chipsets free drivers that work very well have been part of Linux mainline for years. Closed source drivers don't even exist for many of them.
Firmware however is much more often closed source. There are multiple reasons for this. The main one is to keep hardware designs secret. Firmware often contains lots of details about the hardware. One of its jobs is to abstract those details away to make driver development easier. So by hiding the source of this layer, you can keep more of your design secret while still allowing drivers to be open source. ^((I don't like this reason. I'd love to be able to study the firmware source and hardware designs for the laptop I'm typing this on. Maybe in the future?))
But for wifi chipsets, there is an even more specific reason: regulations. Radio devices are bound by very strict rules about how much power they can emit on what exact frequencies. Any device that can emit more power or the wrong frequencies is illegal to use in most of the world.
There rules can be quite complicated, and differ per region or country. Here's a list of 2.4 GHz channels and where you can use which. Look at the number of footnotes besides "most of world"! This is way too complex to do in hardware, you need to do this in software. But you also need to convince the regulatory bodies that the user cannot modify this software in a way that would break regulations. So, if the firmware is signed and you cannot run your own code on it anyway, then a large benefit of getting the source falls away. ^((It'd still be nice to at least look at it though.))
So now we know what firmware does, why it's usually closed source, and why you cannot just make your own. Let's look at Linux's perspective on this.
There's three methods of distributing firmware. The first is with the hardware, the second is with the drivers or the OS, the third is separately. Let's look at the up- and downsides for all three
Together with the hardware is the most traditional method. It means it will always be there, always work, and never require the user to do anything. It also allows the OS to be free of blobs. One downside is cost, it requires the device to have some sort of memory inside it. It's usually not much, but for devices that are a few dollars each it matters. Another downside is that updating the firmware is more complicated. Sometimes you can flash the firmware, which you usually don't want the average user to do. Sometimes firmware is on read-only memory and updating firmware required shipping new hardware. These downsides are not great for security.
The second method, together with drivers, is the most common one for modern hardware. The hardware has a tiny bootloader inside it, and when it starts up and the driver loads, it uploads the firmware and everything works from there. The major upside is that your firmware can be easily updated with your OS or driver updates. This is good for security. You could argue that this allows for targeted attacks on you, but you can easily verify that you are getting the exact same blobs as everyone else. Most package managers do this for you already. The downside is that the OS now needs to distribute closed source software. It doesn't run as part of the OS, but distribution still does so from a legal standpoint this is not great. At the same time, this is the most common method these days.
Some devices do a hybrid of these methods, the have old firmware on board, but you can optionally upload never firmware on boot. Best of both worlds!
The third method is to do neither of the above, and let the user figure it out themselves. Some Linux distributions are blob-free which means they rely on blobs that are already there. This works fine with hardware that does the first (or hybrid) method. It can also work with a lot of hardware that uses the second method if the user installs the firmware by themselves. The OS doesn't have to distribute it, but the user still needs to install this from somewhere. Usually the linux-firmware project. Most distributions have this installed by default, but a fully Libre distribution cannot do that.
Now let's look at the FSF article again.
They barely even mention firmware. Almost like they pretend it doesn't exist. That's possible with hardware that chooses the first method of firmware distribution. Let's look at the hardware in question. It's a 802.11n-only (WiFi 4) card with a chip from 2009. I think I had that same chip in my Pakcard Bell laptop when I was still in school. It actually worked fine back then.
They sell it for $60 while I can get another card with the same chip for $5 at Aliexpress. The only difference between them is what method if firmware distribution they use. The firmware itself is the same closed source blob, except the expensive one hides it in a flash chip somewhere, and the cheap one might get updates trough linux-firmware.
The reason it is so expensive is because they had to get certified by the FCC and probably others, while not selling many thousands or millions of them like a normal one would. To cite from their product page:
no proprietary firmware needs to be loaded onto it by your operating system. The firmware is part of the hardware, stored within the chipset and modifiable by no one, including the developer.
The "modifiable by no one" part is required by that FCC certification. It applies to every wifi chipset that you'll find outside the labs of Intel, Realtek, QualcommAtheros, Broadcom and Apple. Each combination of hardware and firmware is certified before they get released, including the updates in the linux-firmware repo (or the Windows Update servers for that matter).
I know what I prefer. And that is the Intel AX200 which is only $15, and much faster than this one. Its firmware is also in linux-firmware. And like I said in the beginning, the drivers are fully open source for all of the products mentioned here.