OpenBSD Journal

Binary-only drivers in OpenBSD?

Contributed by mk/reverse on from the non-disclosure dept.

Yes 14.2% (116 votes)

No 62.5% (511 votes)

Insecure display drivers? Ha! 23.3% (191 votes)

Total votes: 818

(Comments are closed)

  1. By Anonymous Coward ( on

    Yes, if the alternative means my hardware doesn't work. Think intel is going to install a backdoor?

    1. By Marcos Carvalho Latas ( on

      Never trust monopolistic companies (specially those). Intel was a bad example.
      You can certainly find equivalent hardware with free drivers (buy only what's free).

      Remember the Pentium bug and Thomas Nicely?
      That should have warned you.

      1. By Sean Brown ( on

        Keep an eye on your network anyway. You'll know if they do something underhanded, and your hardware will work. Its also in their best intrest not to have drivers do things they're not supposed to.

        1. By Anonymous Coward ( on

          "Its also in their best intrest not to have drivers do things they're not supposed to."

          by your logic, it should also be in their best interest to release drivers at all. it doesn't work this way.

        2. By Anonymous Coward ( on

          If only that were true! Alas, it isn't. A few examples:

          In 1998, a German hacker (in the traditional, not CNN, sense) asked Microsoft in a public forum if there were any backdoors in the newly-released Windows 98. Of course, Microsoft said NO, NO, A THOUSAND TIMES, NO! This hacker, who had reverse-engineered one of the OS binaries, went public with his discovery guessed it, a backdoor. That same week, MS released a "security fix" for a "newly-discovered vulnerability."

          Check Point got caught with a backdoor in their FireWall-1 software. One of the guys (former lawyer turned sysadmin) that I worked with at a previous job did some research and called Check Point about what he found. According to Check Point, it was "developer debugging code" which should not have remained in the final product. This "developer debugging code" ended up being a back firewall software! It is also public knowledge that, right about that time, FireWall-1 got pulled off the US Approved Products list for a while. Way too suspicious for me.

          Then, there's the Windows 2000 "NSAKEY" business with which Microsoft got caught. Since I don't have access to their source code, I don't, nor will likely ever, know if it was innocent. However, given the Windows 98 and X-Box "let's automatically erase your disk if you put Linux on it" incidents, I wouldn't put it past them. Windows 2000 and XP "phone home" too many times anyway for my taste, and that new "Product Activation" scares me.

          Let us also not forget the "RealDownload" incident. This was when someone did a packet sniff on his own box and found out that, contrary to Real's assurances of privacy, RealDownload was secretly sending all sorts of information about his online activities to their servers. This included activity that had nothing to do with Real's servers.

          And since you mention Intel, don't forget that they're the ones who came out with that Processor Serial Number business. They *say* that you can turn it off, but the fact that they put it there in the first place is automatically pause for concern in my book.

          Still believe companies think it's in their best interests not to spy on us when they think they can get away with it? Examples like the above force me to respectfully, but wholeheartedly, disagree.

          1. By Sean Brown ( on

            A) The NSAkey thing was essencially a hoax. It was not a backdoor, just an unfortunatly named key.

            B) A backdoor in OpenBSD after installing one binary driver would be far more trivial to discover. It wasn't there before, now it is therefore it would have to be the driver since you would know what the rest of the system should be doing. You do keep an eye on that right?

            That is more what I meant by it would be in their best intrests. Backdoors occur unfortunatly, but they happen when it is difficult to tell if it is doing something it shouldn't. When you have one closed driver or software package on an otherwise well audited and open system, exactly how hard will it be to hide something.

            I still think that binary drivers would be a nice option.

            1. By Anonymous Coward ( on

              > B) A backdoor in OpenBSD after installing one binary driver would be far more trivial to discover. It wasn't there before, now it is therefore it would have to be the driver since you would know what the rest of the system should be doing. You do keep an eye on that right?

              Why would binary be more trivial to audit than C source? Why waste the time on binary?

              Since others addressed security already, I want to address the freedom aspects - only because nobody else has.

              When I buy a piece of hardware, it's mine to do as I wish, not as the vendor's wishes. You'd like the vendor to dictate your freedom - but I don't, like many others here. "Trusted Computing" and DRM, such as product activation per limited use or per install, is slowly becoming the norm; and they don't belong in OpenBSD or any BSD infrastructure.

              Thus, here are 2 examples for the need of Free drivers and documented hardware:

              "Turning non-Pro Radeon 9500s into Radeon 9700s through hacked drivers"

              "ATI All-in-Wonder cards and "Macrovision""

              1. By Sean Brown ( on

                When I buy a piece of hardware, I buy it to do a specific task. Sometimes due to licensing or other business requirements I have to rely on the vendor to provide a driver for it to work correctly, and your right, I have no problem with that. These machines are tools, and I will sooner drop an OS if it is no longer working in the manner I need it too, in this case it would be because others have decided that it is more important that their vision of what is right be upheld. Its their right of course, in the same vein as it is my right to use something better suited to my needs. I would like to use OpenBSD where it is suited but if other needs, such as a requirement to use a particular piece of hardware are at odds with OpenBSD's view of right and wrong, I will have no qualms using something that works.

                As far as auditing a binary driver goes, I am not saying that it would be easier, I believe it would be much harder. Determining if a driver is doing something it should not however, would not require a full auditing on OpenBSD. The system already is, therefor by default if the system is doing something it should not, the driver is at fault. Assuming that it is the only binary driver on the system, with more then one, you would just have to spend a little more time tracking it down.

                1. By Anonymous Coward ( on

                  The question is "[do you want] Binary-only drivers in OpenBSD?" The keywords here are "in OpenBSD". You are always free and actually are encouraged to use what's best for you. When your drivers contain DRM, like Macrovision, you are still free to choose your OS.

                  If you're willing to drop an OS to make use of your hardware, it's pointless to "ask" for a binary-only option in OpenBSD.

                  As per driver auditing, I was saying OpenBSD coders shouldn't waste their time auditing closed drivers, and I don't think any of them do. Regardless of the difficulty auditing binary drivers, it's easiest to just drop it - "out of sight, out of mind" as the saying goes.

                  1. By Sean Brown ( on

                    Yes I am willing to drop an OS for hardware support, but for me its not pointless to ask for support for binary only drivers. I personally feel that OpenBSD is better suited to being a firewall or other internet facing system then any other OS I can get my hands on, therefore when I look to deploy something of that nature I want to have OpenBSD on it. Now there are times that perhaps I would have to put a piece of hardware in one of these that does not currently have an open driver for it. My choices are now right now to choose something else because I do not know how to otherwise bring a binary driver from another OS. That is why I would like to see support for binary only drivers in OpenBSD, just like I use it on other OS's.

                    However, auditing binary drivers should not be expected of the developers, its not their stuff to maintain. I was saying that the person running the machine would be the one who would have to keep an eye on it since hopefully they would know what their machine should be doing. I think that word would travel quite fast if a driver tried to do something it shouldn't.

    2. By djm@ ( on

      No, the alternative is that I won't buy hardware that isn't supported. I'd rather send my dollars to vendors who do the right thing.

  2. By Matt Van Mater ( on

    I personally don't use OpenBSD because of it's political goals, I use it because it is a well maintained, well thought out operating system. However, I understand why Theo and Co. don't want to give in to nasty NDAs, rediculous redistribution clauses, etc and compromise the project goals to introduce support for a few devices.

    I wonder if there might be a sort of compromise where various binary drivers could be listed under a new section in the ports collection with a "Permit_Package_cdrom=no" type of style that does not include it in any future release or house the binary drivers on any ftp mirrors. That way OpenBSD doesn't stray from it's goals of providing non free/open software but the OpenBSD users now have a well-structured way of getting the software they need/want on their own. An added bonus is that it wouldn't be too terribly hard to implement since we can utilize the ports collection's ability to fetch certain software on demand.

    I think this is similar to the problems OBSD had with DJB and his non-free licensing where Theo refused to include a port that referrs to software that doesn't allow for third party distribution. If that is the case, then this idea might be dead in the water...

    1. By Anonymous Coward ( on

      I personally don't use OpenBSD because of it's political goals

      Which political goals exactly?

      1. By Matt ( on

        When I say political, I don't mean the "I don't like country xyz" politics. I meant things like BSD/GPL/LGPL/APACHE/X11 license issues, advertisement clauses, ability to be used as baby mulchers, etc. To me, these things are the "politics" of the open source world. There is probably a more appropriate word or phrase to describe this form of "mine is better than yours" zealotry, but that is what came to mind at the time. I think people who debate these issues often have valid points, but it's just not something I choose to spend much time thinking about.

        1. By Anonymous Coward ( on

          Ironically, there is a new post on Undeadly called "Sun terminates FreeBSD java licence by mistake". So, license issues are important, and I, for one, appreciate OpenBSD vigilance in this matter.

          1. By Anonymous Coward ( on

            the vigilance is necessary ... if we accept the gpl as it is, and bundle all of the gpl'd software there is out there .. nothing is going to change.

            i'm not a big fan of fast food or corporate america .. so i'm a big opponent of mcdonalds. should i still eat there every day?

            1. By Anonymous Coward ( on

              i'm not a big fan of [...] corporate america


              1. By Anonymous Coward ( on

                it's far beyond the scope of this forum ... don't want to get to far off topic. i only used it as an example

              2. By Anonymous Coward ( on

                "i'm not a big fan of [...] corporate america


                Because it employs hundreds of millions of people, has created such evil things as UNIX and the C programming language, and donates billions of dollars to charity every year. Corporate America is a force of pure evil in the world.

                1. By Anonymous Coward ( on

                  those three reasons alone are enough to grant one sainthood! alleluiah!

  3. By SH ( on

    With binary drivers there (without an open source driver) there is a clear risk of forced obsolence : No driver available for a newer version of OS.

    As an exanple, I just bought a used Intel Server Adapter (10/100MBit) and thought to put it to good use. As it happens, it is a Intel Intelligent Server Adapter that has no open source driver. In addition, the card is EOL by Intel, so even Windows users will have problems. So I've got a card that by all rights should be usable, but now can only function has an ugly paper weight. I'm sure other readers has similar stories to tell.

    The OpenBSD's uncompromising stance regarding binary drivers (along with it's corresponding activism) is ladauble. If only the other *BSD and and Linux adopted a similar attitude.

  4. By Eric Radman ( on

    Anybody who's used binary drivers on Linux for some time knows that binary (i.e. proprietary) drivers have a bug-to-feature ratio that server little more than to give us a taste of hell before it's time.

    I've used NVIDIA and Cisco software my laptop for two years under Linux 2.4 and 2.6 and I can tell you that it's a pure masochistic exerise. Even the best binary-only modules like VMWare are fragile because the maintainers of individual distributions can't streamline them for their particular set of libraries, configuration, etc.; what you end up with is a lot of hacks that work...sometimes.

    The position that the OpenBSD community has historically held over proprietary software is very sensible.

    1. By Anonymous Coward ( on

      That's just not true. It all depends on the amount of time and money the vendor is willing to invest in the driver. Usually Linux drivers are low-interest, and therefore there's one developer working on it and quality is low. However, if you look at the Nvidia drivers, the bug-to-feature level is as good as any other driver in the kernel these days, so binary != poor quality.

      Most other binary drivers suck, because the vendor doesn't care.

    2. By Anonymous Coward ( on

      I haven't had problems with the nvidia drivers in years. The only issue I ever have is with a funky -mm kernel that breaks compatability. That's definitely an issue, but AFAIK the nvidia driver is the only X display driver that allows multiple simultaneous XV windows to be open and active at the same time (please correct me if I'm wrong), so its the only choice for me.

  5. By tedu ( on

    how many binary only drivers are even available for openbsd? does anybody think if theo reversed course and permitted them that the magic driver fairy would then show up and shower us with drivers?

    1. By SH ( on

      Probably not, but I suppose Windows drivers running via something like FreeBSD's NDIS is not acceptable either ;-)

  6. By Anthony ( on

    I'm not with Theo on everything, but I'm with him on this.

    Binary blobs for firmware are one thing. Devices already have firmware (or ROMs) that you can't access, so that's not really any different.

    But drivers? No. Can't depend on the vendors to fix security problems anything, can't depend on the vendors to fix bugs, can't depend on the vendors to update for a new version, can't depend on the vendors to port it to any other architechtures, etc.

    Now... if there were a platform-independant bytecode blob that implemented some standard interface in such a way that it could be used in any OS on any architechture, then we'd be talking. I don't know if that's even possible (Amiga can do it with 68k binary drivers, but that doesn't mean anything about BSD), but if it were I could live with it. Can't speak for Theo on that, but I could live with it.


    1. By Anonymous Coward ( on

      full ACK (N/T)

  7. By Ian McWilliam ( on

    The Last thing in the world I'd like to see are shit house poorly written windoze Binary drivers being used under OpenBSD. That's where the majority of binary only drivers are going to come from.

  8. By Dennis ( on

    OpenBSD's stance on this subject is fine as it is. I would even call it truly great, especially in a long term perspective. Its about quality and maintaining control of the operating system. It also sends a clear message that OpenBSD is a serious operating system that has leadership and means business. Not the usual "ok lets solve this with another random hack involving crappy binaries from some random shit corporation" OS. Keep up the good work :)

  9. By Brad ( on

    The poll is misleading, its not reflecting the real issue which is binary or nothing. Should say "Binary-only drivers in OpenBSD, or unsupported hardware?"

    1. By Anonymous Coward ( on

      unsupported hardware please.

  10. By Anonymous Coward ( on


    If a company wants their hardware to be supported, they have to open their specs. Without specs the hardware ist not open, no "open" drivers can be written.

    It's quite bizzare that the vendors don't like to use the free marketing potential and labour, that someone actually does work for them for free.
    (Yeah yeah, competitors advantage. Damn, they would have to set themself apart by making better hardware...)

    I think the project should not part from the "best as possible"-stance.
    Binary drivers are bad. You never know whats in it. It's not reviewed code, so not trusted. I like my OpenBSD box stable.

    To include binary drivers and not presure the vendors into opening the specs, that allow someone to use the hardware they bought in a realy free sense, would be a setback.
    including binary drivers == no/much less incentive for the vendor to start cooperating anymore

  11. By Boris ( on

    Withdraw software power from those hardware manufacturers.
    It is only recently that hardware allows to have large chunks of embeded code, because of bit-memory chips falled, while size dramatically increased.

    In other words, it is only very recently hardware manufacturers
    can make software. firmware drivers, bios with tcp/ip stacks, and what not unholy perversions. They're just trying to take over control of software world. the machines are trying to control the matrix.

    Those not following the law of supply and demand just fail.
    There are no demand for closed firmware. they can keep their crappy microcode undebugged, full of backdoors and what not, to themselves.

  12. By djm@ ( on

    The question is irrelevant: is just isn't going to happen, so why bother asking? I don't know a single developer who is in favour of it, not even a majority, let alone Theo...

  13. By joes ( on

    i do not trust binary only drivers and nobody should, but in that case i would use binary only driver if OpenBSD team would have made it.

  14. By Anonymous Coward ( on

    Binary drivers are soooo Linux. Selling out is hurting the whole community!


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]