What's new

New ruling by FCC limits modification

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

red_pope

Regular Contributor
https://apps.fcc.gov/oetcf/kdb/forms/FTSSearchResultPage.cfm?id=39498&switch=P

Publication Number: 594280​
Rule Parts: 15C​
Publication Date: 03/18/2015
Keyword: Section 15.202 Software Configuration Control, Country Code Selection, Professional Installers Part 15C​
First Category: Equipment Authorization Process *
Second Category: General [Equipment Authorization Process]
Question: What are the software security requirements for non-SDR devices and what limitations apply to software configuration control for such devices?


Answer:
Attachment 594280 D01 Configuration Control provides guidance on permissible options and restrictions on configuration controls for devices not approved as Software Defined Radios.
Further, the Commission revised (FCC 14-30, ET Docket No. 13-39) the rules (effective June 2, 2014) for U-NII devices operating under Part 15 rules to require all devices to implement software security to ensure that the devices operate as authorized and cannot be modified. Attachment 594280 D02 UNII Device Security provides guidance on the information that must be provided in the application filing to show that proper security is implemented in the device.
The Commission has established a transition period as follows:
  • New devices will be permitted to be approved under the old rules for until June 1, 2015.
  • Starting June 2, 2016, permissive changes will not be permitted for devices approved under the old rules, unless they meet the requirements of the new rules.
  • All devices partially or completely approved under the old rules cannot be marketed starting June 2, 2016 unless they meet the requirements of the new rules in all the bands of operation.
  • Applications for devices for approval under the new rules must apply all of the applicable test procedures for such devices and provide software security documentation as discussed in the guidance 594280 D02 U-NII Device Security. This also applies to all applications for new devices and applications for permissive changes of previously approved devices under the new rules. Further SDR devices must also provide software security documentation as discussed in the guidance 594280 D02 U-NII Device Security and KDB Publication 442812.
  • For further information on transition rules and requirements for permissive changes of already approved devices refer to KDB Publication 926956.
Note: Effective January 1, 2015 equipment authorization applications for all new Wi-Fi Client devices capable of operating on Channels 12 and 13 (in 2.4 GHz band under Part 15 rules) must demonstrate compliance with the guidance in 594280 D01 Configuration Control. Wi-Fi Client devices capable of operating on Channels 12 and 13 approved prior to that date and otherwise relying on passive scanning modes may be marketed without modification after that date.
Attachment List:

594280 D01 Configuration Control v02r01
594280 D02 U-NII Device Security v01r02
 
So, this only applies to the USA?
 
I think the easiest way is to hard lock the chip's wifi settings because theres nothing to stop someone from isntalling a firmware version of another country. Its actually very difficult to prevent tempering because someone could just use a flash reader/writer and just flash another firmware/setting onto the router without having to deal with the security measures.
 
Sadly i think the day is coming in the USA were they will no longer allow third party firmwares at all. There ars just to many people developing code that bypasses region codes and power output allocations. :(
 
I think the easiest way is to hard lock the chip's wifi settings because theres nothing to stop someone from isntalling a firmware version of another country. Its actually very difficult to prevent tempering because someone could just use a flash reader/writer and just flash another firmware/setting onto the router without having to deal with the security measures.

A read-only bootloader could require the firmware to have a valid RSA signature to allow booting from it. It's already being done with various devices.
 
So, this only applies to the USA?
That is a good question.
Normally, only applies to USA made routers.
My question rises, If the routers are branded, such as ASUS, Belkin, those fabricated, assembled and sold in other parts of Asia will this ruling affect them to the point to be ban from US market because their WiFi is none US government certified.
 
That is a good question.
Normally, only applies to USA made routers.
My question rises, If the routers are branded, such as ASUS, Belkin, those fabricated, assembled and sold in other parts of Asia will this ruling affect them to the point to be ban from US market because their WiFi is none US government certified.

They can be manufactured anywhere - it's devices sold in the US - these do need FCC certs...

This topic has been discussed in depth over in the ASUS sub-forums already.

Signed bootloaders is one approach - a potential loophole, is to just use signed wifi chipset drivers - which would a) comply with the FCC rules, and b) still allow 3rd Party SW for the routing aspects...

Then it turns into a win-win...
 
A read-only bootloader could require the firmware to have a valid RSA signature to allow booting from it. It's already being done with various devices.

yeah and a firmware could be compiled in a way to have a valid RSA, some routers have that for example the zyxel p-2812fnu requires a specific key to be calculated and added when a new firmware is flashed from zboot.
 
Other way to do it is that US routers have the radio firmware hardcoded. Nothing the OS firmware can do about it though. Plenty of routers have had that for ages. Doesn't matter if you try to boost the radio Tx power to 600mW in DD-WRT if the radio firmware rejects all commands to boost it over 150mW (a number of netgear routers). Same thing with non-standard channels. It is quaint if you try to enable channel 13 if the radio firmware locks the channels to 1-11.
 
Other way to do it is that US routers have the radio firmware hardcoded. Nothing the OS firmware can do about it though. Plenty of routers have had that for ages. Doesn't matter if you try to boost the radio Tx power to 600mW in DD-WRT if the radio firmware rejects all commands to boost it over 150mW (a number of netgear routers). Same thing with non-standard channels. It is quaint if you try to enable channel 13 if the radio firmware locks the channels to 1-11.

exactly what i was saying but it would be interesting to see what manufacturers do now with this new rule.
 
ugh -_- some router companies kinda use alt fw as a selling point like netgear. most of thier models are very easy to work with. This is almost making me sick....

the fcc needs to back off the alt fw stuff. instead they need to go after moto/zebra tech for thier crappy radios that flip out all the time, or another router company that is known for "high power" that is very unstable
 
Marlin

I'm curious, Which devices?
Thank You

Media players like the WDTV for instance. The kernel must be signed, so you can't replace it with your own self-compiled kernel.
 
yeah and a firmware could be compiled in a way to have a valid RSA, some routers have that for example the zyxel p-2812fnu requires a specific key to be calculated and added when a new firmware is flashed from zboot.

You need the private signing key for what I'm describing, which you don't have - only the manufacturer does.
 
You need the private signing key for what I'm describing, which you don't have - only the manufacturer does.

Theres always brute force, leaks, hacks. People will still find a way to crank up their wifi and use illegal channels even though it is impractical. I still dont like that just because one country is imposing strict rules that it will affect products sold all over the world. Not being in the US and yet the US is making things worse for consumers in other countries. I really hope manufacturers come out with a US-only version instead of having a whole chain of products made and sold everywhere but complies with the stricter regulations of the US which makes it worse for people elsewhere who rely on having inexpensive routers and 3rd party firmware on them not to mention that 3rd party firmware or even your firmware is better than stock firmware in features and reliability.

The more restrictions placed on wifi the more people will take notice and the more the wrong people will try to break it thinking it'd make things better for them when wifi benefits more from having more channels instead of bigger throughputs. Unlike commercial wireless devices like radar the maximum transmit power that you can get is limited by the PSU if you are mad enough to overload output in wireless which would burn the PSU and the chip whereas the PSU of a router is typically around 20-30W. Consumer wifi chips already are low powered that they cant be modified to output more without burning out long before it has any effect on anything important.
 
Wait! France and others have far more stringent regulations on max radiated power than the US.
I worked on a project in Oman where they had a 2.4GHz regulation prohibiting outdoor unlicensed operation.

In the US and other places, the 2.4 GHz band is not exclusively unlicensed. The US rules permit licensed stations to operate in 2.4GHz with quite high power. And it's done by law enforcement (robots/video). Amateur radio Part 97 rules) can radiate high power in the band - but few hams us 2.4GHz.

DD-WRT and others fake the user with a GUI that offers power choices way beyond what the chipset *will* do. The vendors know what RMS power the PA is capable of for a certain mode of 802.11b/g/n (peak to average ratio), and the firmware ignores calls from the GUI for more than can be done without excessive distortion (Rho) -- OR -- violating the regulatory domain EIRP limits.
 
this will ruin it for people that don't want to turn up the power but just want better features!!!

See the parts where a few of us have said that the FCC rules won't preclude alt firmware. The radios themselves in every single implementation I have seen have their OWN firmware, which is separate from the kernel firmware and is almost always ROM only. It is what actually controls power limits and channel selection. If the kernel request a power limit or channel that the is outside of the bounds of what the radio firmware allows, the radio firmware pretty much just ignores the kernel request.

This is been done in a lot of routers for, at least 7 or 8 years based on some of the older 11n Netgear routers I've probed. I don't think the FCC rule change is going to make any difference really. All you'll see is more stuff controlled by the radio firmware. Example, most of the routers I have bought/gotten in the last 2 years, have not allowed you to change the region selection. A number of the older routers did and those allowed selection of channels 12-14 for example. I'd bet a lot that the newer routers, if you load Alt firmware on them, if you try to use channel 12-14 on them, it'll probably just set the channel to 11 as the radio firmware in the US shipping version won't allow channels 12-14.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top