The following links can provide you with some background information on the Atheros-related issue that I'm talking about here, where operating systems are using an in-kernel closed-source component to allow the operating system to communicate with the hardware.

MADwifi FAQ
http://www.mattfoster.clara.co.uk/madwifi-faq.htm

The MADwifi HAL
http://www.mattfoster.clara.co.uk/madwifi-5.htm

FreeBSD Man Page: ATH(4)
http://www.freebsd.org/cgi/man.cgi?query=ath&sektion=4&manpa
th=FreeBSD+5.3-RELEASE

This article, however, is a discussion about vendors refusing to allow Open Source operating systems to ?freely? distribute firmware that is required for their devices to work:

Feature: OpenBSD Works To Open Wireless Chipsets
http://kerneltrap.org/node/view/4118

As someone else mentioned, there is some confusion in some of the public discussions (half of the people seem to have the two issues confused) of this article where some people are confusing the two. I simply meant to get people thinking about the trust-related concerns with *running* third-party binary-only code in the kernel of an open source operating system; it's a clash of two different philosophies.

As for searching Google for other examples, try something like "binary hal", "Linux binary HAL", or "Linux Binary Driver".

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/281/29357#29357