Project

General

Profile

WiFiResearch » History » Version 134

Denis 'GNUtoo' Carikli, 07/30/2019 01:18 PM

1 75 Wolfgang Wiedmeyer
h1. WiFi Research
2 1 Denis 'GNUtoo' Carikli
3 128 Denis 'GNUtoo' Carikli
{{toc}}
4
5 1 Denis 'GNUtoo' Carikli
h2. Issue
6 75 Wolfgang Wiedmeyer
7 77 Wolfgang Wiedmeyer
Currently, the internal WiFi chip cannot be used on any of the Replicant-supported devices without having to load non-free firmware. See [[ReplicantStatus|Replicant status]] and the [[Index#Supported-devices|device pages]] for more information. 
8 28 Denis 'GNUtoo' Carikli
9
On desktops and laptops, several WiFi chips don't require non-free firmwares to be loaded.
10 27 Denis 'GNUtoo' Carikli
11
Several cases exist:
12
* The WiFi chip doesn't need a firmware, and the driver talks directly to the hardware (ath5k and ath9k compatible chips)
13
* The WiFi chip has a free software firmware (ath9k_htc, carl1970, and some b43 compatible chips)
14
* The WiFi chip has a non-free firmware in a flash chip and don't need loadable firmware.
15
16 80 Joonas Kylmälä
On phones, the only WiFi chip that doesn't require a non-free firmware that we know of is the OpenMoko FreeRunner WiFi chip. The firmware is in a flash chip.
17 29 Denis 'GNUtoo' Carikli
18 31 Denis 'GNUtoo' Carikli
The idea here is to find ways to still get WiFi on Replicant Supported devices, without needing to load any non-free firmware.
19
20
h2. WiFi Drivers and Firmwares types
21
22
Either the firmware implements the WiFi operations (scanning, association, and so on), either the driver implements it.
23
24
h3. Firmware implementing the WiFi operations
25
26 32 Denis 'GNUtoo' Carikli
This is also known as Hard-MAC. 
27
An easy way to find out is to look into the WiFi driver Kconfig for "select CFG80211" or "depends CFG80211"
28
29
Example:
30 33 Denis 'GNUtoo' Carikli
<pre>
31
config LIBERTAS
32
        tristate "Marvell 8xxx Libertas WLAN driver support"
33
        depends on CFG80211
34
[...]
35
</pre>
36 31 Denis 'GNUtoo' Carikli
37
If it is implemented by the firmware, it often contains bugs which cannot be fixed by the community. That also severally limit the use case of such WiFi chip beyond its most common uses cases.
38
39
This can result in more help in getting a free software firmware to run on such chip. However the amount of work to re-implement such firmware may be bigger.
40
41 81 Kurtis Hanna
The best way to reimplement it would be to write a new driver taking care of such WiFi operations and to make the firmware do the smallest amount of work possible.
42 31 Denis 'GNUtoo' Carikli
43
h3. Driver implementing the WiFi operations
44
45 34 Denis 'GNUtoo' Carikli
This is also known as Soft-MAC. 
46
An easy way to find out is to look into the WiFi driver Kconfig for "select MAC80211" or "depends MAC80211"
47 31 Denis 'GNUtoo' Carikli
48 34 Denis 'GNUtoo' Carikli
Example:
49
<pre>
50 35 Denis 'GNUtoo' Carikli
config WL1251
51
        tristate "TI wl1251 driver support"
52
        depends on MAC80211
53 34 Denis 'GNUtoo' Carikli
[...]
54
</pre>
55 31 Denis 'GNUtoo' Carikli
56 1 Denis 'GNUtoo' Carikli
h2. Internal WiFi chips on devices currently targeted by Replicant
57 2 Denis 'GNUtoo' Carikli
58 91 Denis 'GNUtoo' Carikli
|_. Device |_. WiFi chip |_. driver(s) |_. Research |
59 56 Denis 'GNUtoo' Carikli
| Galaxy S |/3. Broadcom BCM4329 |/3. BCMDHD (cfg80211) |
60 54 Denis 'GNUtoo' Carikli
| LG Optimus Black |
61 1 Denis 'GNUtoo' Carikli
| Nexus S |
62 105 dl lud
| Galaxy Nexus |/5. Broadcom BCM4330 |/5. |/8. * See the "nexmon project":https://github.com/seemoo-lab/nexmon
63 94 Denis 'GNUtoo' Carikli
* The BCM4330 has a rom. Can the driver use it? do functional free software firmware 'patches' exist for it ?
64
* "Some documentation exists at least for the BCM4334":http://www.cypress.com/file/298706/download |
65 134 Denis 'GNUtoo' Carikli
* Also see the "blog post about reverse engineering Broadcom wireless chipsets ":https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
66 1 Denis 'GNUtoo' Carikli
| Galaxy Note |
67 78 Wolfgang Wiedmeyer
| Galaxy S 2 |
68
| Galaxy Tab 2 7.0 |
69
| Galaxy Tab 2 10.1 |
70
| Galaxy S 3 |/3. Broadcom BCM4334 |/3. |
71
| Galaxy S 3 4G |
72
| Galaxy Note 2 |
73 54 Denis 'GNUtoo' Carikli
|/2. GTA04 |/2. Marvell 8686 (W2CBW003) | libertas_sdio(mainline, cfg80211) |
74
| libertas_tf_sdio(patches, mac80211) |
75 40 Denis 'GNUtoo' Carikli
76 1 Denis 'GNUtoo' Carikli
h2. Available Internal WiFi chips for smartphones and tablets
77
78 103 Denis 'GNUtoo' Carikli
|_. Driver / Chip |_. Busses |_. Firmware |_. Usable in smartphones or tablets? |_. Research |
79 96 Denis 'GNUtoo' Carikli
| ath5k | PCI, PCIe, PCMCIA, AHB  | None(Driver<->Hardware) | Busses? chip size? power consumption? | |
80
| ath9k | PCI, PCIe, PCMCIA, AHB  | None(Driver<->Hardware) | Busses? chip size? power consumption? | |
81
| ath9k_htc | USB | Free firmware | Bus? chip size? power consumption? | |
82
| carl9170 | USB | Free firmware | Bus? chip size? power consumption? | |
83
| airo | PCI, PCMCIA | Non-free firmware on flash | ? | |
84
| at76c50x-usb | USB | Non-free firmware needed for some cards only | ? | |
85
| b43/b43-legacy | SSB, PCI, PCI-E, PCMCIA | OpenFWWF with 4306, 4311(rev1), 4318, 4320 | ? | |
86
| rt2400 | PCI | No non-free firmware needed | ? | |
87
| rt2500 | PCI | No non-free firmware needed | ? | |
88
| rt2500usb | PCI | No non-free firmware needed | ? | |
89
| rtl818x | PCI, USB | No non-free firmware needed | ? | |
90 104 Denis 'GNUtoo' Carikli
| esp8266 (out of tree) |  UART, SPI, SDIO  | * Unsigned fimrware and free software SDK available for it
91
* "nonfree binaries required to make WiFi work":https://github.com/espressif/ESP8266_NONOS_SDK/tree/master/lib
92
* "Out of tree Linux driver available":https://github.com/george-hopkins/esp8089-spi which depend on nonfree firmware | Used in a tablet? | |
93
| esp32 (out of tree) | |  * Unsigned fimrware and free software SDK available for it
94
* "nonfree binaries required to make WiFi work":https://github.com/espressif/esp32-wifi-lib | Used in a tablet? |
95 1 Denis 'GNUtoo' Carikli
| rsi91x | SDIO, USB, other? | * nonfree firmware required
96 103 Denis 'GNUtoo' Carikli
* "may be possible to add it on a dedicated flash chip":https://puri.sm/posts/librem5-2018-09-hardware-report/ | Might be used in a smartphone in the future | |
97 104 Denis 'GNUtoo' Carikli
| brcmfmac | SDIO, USB, pcie | * ARM CPU with ROM and ARM
98
* Unsigned code
99
* nonfree firmware are used with the Linux driver | Used in smartphones and tablets | * TODO: Look if it works once firmware loading has been patched out of the upstream Linux driver
100 84 Denis 'GNUtoo' Carikli
* TODO: Look at the nextmon project if there are usable free firmwares
101 96 Denis 'GNUtoo' Carikli
* According to the "BCM4334 documentation":http://www.cypress.com/file/298706/download it's possible to have the firmware on dedicated flash chip. |
102 101 Denis 'GNUtoo' Carikli
| rtlwifi (staging) | SDIO, USB, PCIe | nonfree firmware | Used at least in e-readers | * The nonfree firmware allow reverse engineering (GPL)
103 96 Denis 'GNUtoo' Carikli
* "Reverse engineering the nonfree firmware looks easy":https://libreplanet.org/wiki/Group:Hardware/Freest/e-readers/Aura_H2O_Edition_2#WiFi_firmware |
104 59 Denis 'GNUtoo' Carikli
105 72 Denis 'GNUtoo' Carikli
Notes:
106
* PCI, PCIe and PCMCIA are available on very few SOCs (Like I.MX)
107 80 Joonas Kylmälä
* We are not aware of phone designs using USB WiFi chips.
108
* AHB and SSB are usually used as internal memory bus for SOCS. Maybe it can be used to connect a WiFi chip to the SOC memory, like with the I.MX WEIM bus?
109
* Chip size is important to fit inside a phone. Might be less an issue for tablets.
110 72 Denis 'GNUtoo' Carikli
111 69 Denis 'GNUtoo' Carikli
References:
112
* https://en.wikipedia.org/wiki/Comparison_of_open-source_wireless_drivers#Status
113
* https://wireless.wiki.kernel.org/en/users/drivers
114
* http://netweb.ing.unibs.it/~openfwwf/index.php
115 70 Denis 'GNUtoo' Carikli
* https://nurdspace.nl/ESP8266
116 69 Denis 'GNUtoo' Carikli
117 130 Denis 'GNUtoo' Carikli
h2. WiFi chip evaluation kit and hardware debug tools
118 129 Denis 'GNUtoo' Carikli
119
* "BCM4334 Evaluation kit":https://store.embeddedworks.net/wlan670/#tab-label-additional
120
121 133 Denis 'GNUtoo' Carikli
It would also be nice to find evaluation kit for the following hardware:
122 131 Denis 'GNUtoo' Carikli
* ath9k_htc compatible chips: This probably would make it easier to modify the firmware to debug and improve power management
123 132 Denis 'GNUtoo' Carikli
* Realtek 8188F compatible chips, because "freeing the firmware should be doable":https://libreplanet.org/wiki/Group:Hardware/Freest/e-readers/Aura_H2O_Edition_2#WiFi_firmware
124 131 Denis 'GNUtoo' Carikli
125 85 Denis 'GNUtoo' Carikli
h3. TODO
126 1 Denis 'GNUtoo' Carikli
127 85 Denis 'GNUtoo' Carikli
* Coordinate the work with the "Libreplanet wiki":https://libreplanet.org/wiki/Group:Hardware/ReverseEngineering#WiFi.2FBluetooth_chips_for_Smartphones_and_Tablets
128 107 Denis 'GNUtoo' Carikli
* Look into Broadcom chipset reverse engineering tools like "nexmon":https://github.com/seemoo-lab/nexmon . Since Broadcom chipsets have Bluetooth support on the same chip it is also worth to look into tools such as "InternalBlue":https://github.com/seemoo-lab/internalblue.
129 1 Denis 'GNUtoo' Carikli
130 85 Denis 'GNUtoo' Carikli
h2. Internal WiFi chips on devices currently targeted by Replicant
131 57 Denis 'GNUtoo' Carikli
132 27 Denis 'GNUtoo' Carikli
h2. External Wifi solution
133 36 Denis 'GNUtoo' Carikli
134
Most/All Replicant supported devices support USB OTG. With the proper (standard) cable, the USB port of the device can do USB host.
135
136 80 Joonas Kylmälä
However devices differ a lot in the number of Milli-ampers they can deliver through that USB port. Some phones also have USB host enabled by default in their kernel configuration, and some other require patching the kernel.
137 37 Denis 'GNUtoo' Carikli
138
On Replicant kernels, USB WiFi drivers are probably not compiled in by default. So you will also need to recompile.
139
140 115 Denis 'GNUtoo' Carikli
|_. Device |_. Chips involved |_. Replicant 6 Kernel |_. Max mA |
141 113 Denis 'GNUtoo' Carikli
| Galaxy Nexus | TWL6040 | 3.0.101 | 500mA ("tuna_set_vbus_drive in board-tuna-connector.c":https://git.replicant.us/replicant/kernel_samsung_tuna/tree/arch/arm/mach-omap2/board-tuna-connector.c#n260 ) |
142 122 Denis 'GNUtoo' Carikli
| Galaxy S III (I9300) |/3. "MAX77693":https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/exynos4412-midas.dtsi#n131 with the "ESAFEOUT1 regulator":https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/exynos4412-midas.dtsi?h=v5.1#n401 |/5. 3.0.101 |/3. * Datasheet not found
143
* The upstream driver doesn't have the information
144
* Downstream drivers might have some information about how much mA ESAFEOUT1 can deliver |
145 120 Denis 'GNUtoo' Carikli
| Galaxy S III 4G (I9305) |
146 1 Denis 'GNUtoo' Carikli
| Galaxy Note 2 |
147
| Galaxy Note |
148 124 Denis 'GNUtoo' Carikli
| Galaxy S 2 | MAX8997 with the SAFEOUT1 regulator "[1]":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/mach-u1.c#n3486 "[2]":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/arch/arm/mach-exynos/sec-switch_max8997.c#n61 | * Datasheet not found
149 122 Denis 'GNUtoo' Carikli
* The upstream driver doesn't have the information
150 123 Denis 'GNUtoo' Carikli
* Downstream drivers might have some information about how much mA SAFEOUT1 can deliver |
151 118 Denis 'GNUtoo' Carikli
| Galaxy Tab 2 7.0 | | | ? |
152
| Galaxy Tab 2 10.1 | | | ? |
153 55 Denis 'GNUtoo' Carikli
| GTA04 | | |
154 118 Denis 'GNUtoo' Carikli
| Galaxy S | | |
155 37 Denis 'GNUtoo' Carikli
| Nexus S | | |
156 55 Denis 'GNUtoo' Carikli
| Optimus Black | |
157 125 Denis 'GNUtoo' Carikli
158 127 Denis 'GNUtoo' Carikli
See #1926 for pointers on how to find the missing information for the Maxim Power Management ICs (PMICs).