Virtualizing Around The FCC’s Firmware Modification Rules

Last year, the FCC introduced new regulations requiring router manufacturers to implement software security to limit the power output in specific 5GHz bands. Government regulations follow the laws of unintended consequences, and the immediate fear surrounding this new directive from the FCC was that WiFi router manufacturers would make the easiest engineering decision. These fears came true early this year when it was revealed a large router manufacturer was not following the FCC regulations to the letter by limiting the output of the radio module itself, but instead locking down the entire router.

The FCC’s rules regarding the power output of 5GHz routers was never a serious concern; the FCC is, after all, directed to keep the spectrum clean, and can force manufacturers to limit the power output of the wireless devices. The problem comes from how manufacturers implement this regulation – the easiest solution to prevent users from modifying the output of the radio module will always be preventing users from modifying the entire router. Developers don’t like it, the smart users are horrified, and even the FCC is a little flustered with the unintended consequences of its regulation.

While the easiest solution to preventing the modification of a radio module is to prevent modification to the entire router, there is another way. The folks at Imagination Technologies have come up with a virtualization scheme that allows router manufacturers to lock down the radio module per the FCC directive while still allowing the use of Open Source router firmware like OpenWrt.

A demonstration of the capabilities of this next-generation router comes from the prpl Security Working Group and uses MIPS Warrior CPUs to create multiple trusted environments. The control of the router can be handled by one secure environment, while the rest of the router firmware – OpenWrt included – can be run in an environment more conducive to Open Source firmware.

The demo of a compartmentalized, virtualized router uses a dev kit consisting of a dual-core MIPS P5600 CPU running at 1GHz, and a Realtek RTL8192 WiFi adapter plugged into the USB port. The driver for the WiFi adapter runs under a secure hypervisor, making it secure enough to pass the FCC’s muster.

This build wouldn’t be possible without hardware virtualization in microprocessors and microcontrollers. Imagination Technologies has been working on this for a while, and only a few years ago demonstrated a PIC32 with baked in virtualization.

In the video below, Imagination Technologies demonstrates a MIPS board running three virtual machines. The first machine is running OpenWrt, the second is running a WiFi driver, and the third is running third-party applications. Crashing one machine doesn’t bring down the others, and the WiFi driver is locked away in a secure environment in accordance with the FCC regulations.

While it’s hard to imagine a router based on a MIPS board that would be cheaper than the already inexpensive router SoCs found in today’s routers, this method of secure virtualization is the best way to give consumers what they deserve: an open source option for all their devices.

Continue reading “Virtualizing Around The FCC’s Firmware Modification Rules”

Hardware Virtualization in Microcontrollers

Look at any sufficiently advanced CNC machine or robot, and you’ll notice something peculiar. On one hand, you have a computer running a true operating system for higher-level processing, be it vision or speech recognition, or just connecting to the Internet. On the other hand, you have another computer responsible only for semi-real-time tasks, like moving motors, servos, and reading sensors and switches. You won’t be doing the heavy-lifting tasks with a microcontroller, and the Raspberry Pi is proof enough that real-time functions aren’t meant for a chip running Linux. There are many builds that would be best served with two processors, but that may be changing soon.

Microchip recently announced an addition to the PIC32 family of microcontrollers that will support hardware virtualization. This addition comes thanks to the MIPS M5150 Warrior-M processor, the first microcontroller to support hardware visualization.

Continue reading “Hardware Virtualization in Microcontrollers”

RCA DSB772WE teardown shows that this cheap streaming box might have potential

RCA-DSB772WE

[David Anders] wrote in to share some details of a cheap little gadget he picked up at his local Wal-Mart. He scored the RCA DSB772WE media streaming box for $48, and so far it looks like it could be a promising addition to his living room.

He started a project page for the box, detailing some of his findings thus far. The device is MIPS based and runs the Linux kernel version 2.6.28.9 right out of the box. The networking components are based on the Broadcom BCM7615 chipset, though it looks to [David] that the Ethernet jack was removed at some point during production.

So far, he’s managed to get a serial console running on the device, along with an additional USB host connection. That’s about all the poking around he has done thus far, but seeing as the box can output a 1080p signal over HDMI, it could be a cheap substitute for an Apple TV or similar device.

If you happen to have one of these at home, or are planning on buying one, be sure to check out his project page and contribute any information you might be able to glean from it. We’re sure [David] would appreciate it, and we certainly look forward to seeing what else comes out of his hacking adventures.