Binary blob
In the context of free and open-source software, a binary blob is a closed-source binary-only piece of software without publicly available source code. The term usually refers to a closed-source kernel module loaded into the kernel of an open-source operating system, and is sometimes also applied to code running outside the kernel, such as system firmware images, microcode updates, or userland programs.[1][2][3][4][5] The term blob was first used in database management systems to describe a collection of binary data stored as a single entity.
When computer hardware vendors provide complete technical documentation for their products, operating system developers are able to write hardware device drivers to be included in the operating system kernels. However, some vendors, such as Nvidia, do not provide complete documentation for some of their products and instead provide binary-only drivers (binary blobs); this practice is most common for accelerated graphics drivers, networking devices, and hardware RAID controllers.[6]
Acceptance
Some projects try to create a free operating system, and will not accept binary blobs if they cannot get documentation for hardware or source code for device drivers; such projects include Trisquel, Parabola and LibreCMC. Other projects make a distinction between binary-only software and binary-only firmware, and hence distribute firmware blobs; such projects include NetBSD, FreeBSD, DragonFly BSD, and some Linux distributions.[7]
The OpenBSD project has a notable policy of not accepting any binary blobs into its source tree (however, OpenBSD distributes firmware blobs), citing not only the potential for undetectable or irreparable security flaws, but also the encroachment onto the openness and freedom of its software.[8] The Free Software Foundation (FSF) is actively campaigning against binary blobs.[9] It also considers OpenBSD's policy confusingly worded, as "blobs" in the BSD community refer to what it considers non-free drivers, and not non-free firmware.[10] The Debian project included both free and non-free binary firmware blobs from the Linux kernel, clearly marking and separating the non-free packages[11] according to the Debian Social Contract. As of Debian 6.0 those blobs were removed.[12]
For OpenBSD, project leader Theo de Raadt defends the policy of only asking for distribution rights for microcode firmware blobs. "Once they are distributed... at least the device works." Implying that the alternative would be for the members of his small project to code free firmware themselves in the assembly language of many chipsets, he pleads "don't load us up with more tasks." Despite this he favours chipsets that run without firmware and speaks warmly of Asian designs which he describes as slower to market but more mature.[8]
In the Linux kernel development community, Linus Torvalds has made strong statements on the issue of binary-only modules, asserting: "I refuse to even consider tying my hands over some binary-only module", and continuing: "I want people to know that when they use binary-only modules, it's THEIR problem."[13] In 2008, 176 Linux kernel developers signed a Position Statement on Linux Kernel Modules that stated "We, the undersigned Linux kernel developers, consider any closed-source Linux kernel module or driver to be harmful and undesirable... We have repeatedly found them to be detrimental to Linux users, businesses, and the greater Linux ecosystem."[14]
However, the Linux kernel contains numerous binary blobs, primarily containing closed-source firmwares required by various device drivers.[15][16] Alexandre Oliva, the maintainer of Linux-libre, a version of the Linux kernel that does not contain binary blobs, wrote in 2011: "Linux hasn't been Free Software since 1996, when Mr Torvalds accepted the first pieces of non-Free Software in the distributions of Linux he has published since 1991. Over these years, while this kernel grew by a factor of 14, the amount of non-Free firmware required by Linux drivers grew by an alarming factor of 83. We, Free Software users, need to join forces to reverse this trend, and part of the solution is Linux-libre, whose release 2.6.33-libre was recently published by FSFLA, bringing with it freedom, major improvements and plans for the future."[17]
Legality
Prominent Linux kernel developer Greg Kroah-Hartman has stated that it is illegal to redistribute closed source modules for the GPL-licensed Linux kernel.[18]
Problems
There are a number of reasons why binary blobs can be problematic.[19]
Firstly, their precise operation cannot be known and bugs cannot be detected by auditing source code; bugs are frequently only diagnosed by painstaking investigation when a system begins to behave unexpectedly. Such undetected bugs may also silently expose users and systems to security hazards. The fitness for purpose of the driver thus cannot be checked, and even if a bug is found there is no easy way to fix it.
Secondly, as the source code is not available, the driver cannot be readily improved by its users, cannot be ported to architectures not originally supported, nor adapted to operate for slight variants of the hardware.
Thirdly, using this software would force users to trust vendors or third parties not to put backdoors, spyware or malicious code into the blob. As well, the hardware vendor can decide not to support a given operating system, abandon driver maintenance at any time, or, in the event the company goes out of business, leave the driver completely unsupported.
Finally, binary blobs can be seen as drawing a line between the portion of the community that believes in free software ideals, rejecting proprietary software, and the portion that sees open source as desirable for purely technical reasons, often lacking a strong opposition to binary blobs "as long as they work". This fragmentation, and the acceptance of a growing number of proprietary components into Linux, is seen as weakening the ability of the community to resist the trend of manufacturers to increasingly refuse to provide documentation for their binaries.
Use via wrappers
A wrapper is software which allows one operating system to use a binary blob driver written for another operating system. Examples of wrappers are NdisWrapper for Linux, and Project Evil for FreeBSD and NetBSD. These wrappers allow these operating systems to use network drivers written for Microsoft Windows by implementing Microsoft's NDIS API.
Device firmware
Firmware, the software required by the onboard microcontrollers that accompany some hardware, is generally not considered to be a binary blob. In many devices, firmware is stored in non-volatile onboard flash memory, but to decrease costs and ease upgrades, some devices contain only static RAM and require the host operating system to upload firmware each time they are connected (especially USB devices). Although the firmware is thus present in the operating system driver, it is merely copied to the device and not executed by the CPU, lessening concerns about hidden security flaws. The OpenBSD project accepts binary firmware images and will redistribute these images if the license permits.[20]
BIOS
The BIOS, which functions as a bootloader and supports legacy real mode applications, is a crucial component of many IBM-compatible computers. The BIOS is always 16-bit, often has networking functions, and can be a security backdoor (sometimes deliberate,[21][22] and the operating system has no control over this backdoor).[23] The FSF promotes libreboot in its campaign for free BIOS firmware.[24]
See also
References
- ↑ Michael Larabel (2012-08-06). "Coreboot: Replacing Intel's Binary Video BIOS Blob". Phoronix. Retrieved 2015-06-23.
- ↑ Chris Hoffmann (2015-02-13). "How Intel and PC makers prevent you from modifying your laptop's firmware". pcworld.com. Retrieved 2015-06-23.
- ↑ "BIOS Freedom Status". puri.sm. 2014-11-12. Retrieved 2015-06-23.
- ↑ Michael Larabel (2012-10-24). "Raspberry Pi GPU Driver Turns Out To Be Crap". Phoronix. Retrieved 2015-06-23.
- ↑ Jake Edge (2015-06-17). "Chromium suddenly starts downloading a binary blob". LWN.net. Retrieved 2015-06-23.
- ↑ "Debian packages built from the source package 'firmware-nonfree' - Binary firmware for various drivers in the Linux kernel". 2010. Retrieved 2010-03-25.
- ↑ Matzan, Jem (15 June 2005). "BSD cognoscenti on Linux". NewsForge. Retrieved 2006-07-07. See Christos Zoulas's response to "Is sharing between Free/Open/NetBSD and the Linux kernel a common occurrence? And if so, does it go both ways?"
- 1 2 Andrews, Jeremy (2006-05-02), "Interview: Theo de Raadt", KernelTrap, Jeremy Andrews, archived from the original on 2006-06-03
- ↑ "Protest against ATI nearly led to the arrest of RMS". Free Software Foundation. 27 April 2006. Retrieved 2006-10-10.
- ↑ "Explaining Why We Don't Endorse Other Systems". GNU Project. July 13, 2011. Retrieved 2011-09-10.
- ↑ "Debian firmware-linux packages". 2010. Retrieved 2010-03-25.
- ↑ "Explaining Why We Don't Endorse Other Systems # Debian". 2013. Retrieved 2013-03-29.
- ↑ "a/lt-binary". lwn.net.
- ↑ Greg Kroah-Hartman (June 2008). "A position statement on Linux Kernel Modules". The Linux Foundation.
- ↑ "Free System Distribution Guidelines (GNU FSDG) - GNU Project - Free Software Foundation". gnu.org.
- ↑ "Explaining Why We Don't Endorse Other Systems - GNU Project - Free Software Foundation". gnu.org.
- ↑ "::[FSFLA]:: Take your freedom back, with Linux-2.6.33-libre". fsfla.org.
- ↑  Greg Kroah-Hartman (2006). "Myths, Lies, and Truths about the Linux kernel". Linux Symposium. So, here's the simple answer to this issue: Closed source Linux kernel modules are illegal. That's it, it is very simple. I've had the misfortune of talking to a lot of different IP lawyers over the years about this topic, and every one that I've talked to all agree that there is no way that anyone can create a Linux kernel module, today, that can be closed source. It just violates the GPL due to fun things like derivative works and linking and other stuff. Again, it's very simple. Now no lawyer will ever come out in public and say this, as lawyer really aren't allowed to make public statements like this at all. But if you hire one, and talk to them in the client/lawyer setting, they will advise you of this issue. 
- ↑ Andrews, Jeremy (2006-04-19). "Interview with Jonathan Gray and Damien Bergamini". kerneltrap.org. Archived from the original on 2007-12-11. Retrieved 2008-01-06.
- ↑ "OpenBSD Works To Open Wireless Chipsets". KernelTrap. November 2, 2004. Archived from the original on 2006-06-20. Retrieved 2006-06-23.
- ↑ "Intel vPro Technology". Intel.com. 2012-05-14. Retrieved 2014-04-10.
- ↑ "BIOS & Firmware Compatibility". Absolute.com. Retrieved 2014-04-10.
- ↑ as per IBM PC specs
- ↑ "Campaign for Free BIOS". Free Software Foundation. 2006-11-29. Retrieved 2007-01-02.
External links
|  | Look up blob in Wiktionary, the free dictionary. | 
- McMillan, Robert (June 21, 2006). "Researchers hack Wi-Fi driver to breach laptop". InfoWorld. Retrieved 2006-06-23.
- KernelTrap article on Damien Bergamini's wpi(4) driver, a blobless ipw3945 alternative for OpenBSD
- KernelTrap interview with Jonathan Gray and Damien Bergamini regarding binary blobs
- The Black Hat Wireless Exploit Interview, Verbatim by Brian Krebs on the Washington Post's website, archived on May 5, 2012
- A creative example of the value of free drivers, LWN.net



