GNU bug report logs - #49649
[PATCH] gnu: Add regulatory.db in %base-firmware.

Previous Next

Full log

Message #11 received at 49649 <at> debbugs.gnu.org (full text, mbox):

From: Brice Waegeneire <brice <at> waegenei.re>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 49649 <at> debbugs.gnu.org
Subject: Re: bug#49649: [PATCH] gnu: Add regulatory.db in %base-firmware.
Date: Tue, 20 Jul 2021 23:02:20 +0200

Hello Ludo’,

Ludovic Courtès <ludo <at> gnu.org> writes:

>> # dmesg | grep -E '(cfg80211|regulatory)'
>> [    6.282015] cfg80211: Loading compiled-in X.509 certificates for regulatory database
>> [    6.283766] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
>> [    6.285927] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -2
>> [    6.285931] cfg80211: loaded regulatory.db is malformed or signature is missing/invalid
>>
>
> Does that means that the loaded ‘regulatory.db’ is discarded right away?
> Or does it proceed anyway?

I did more testing and you are right, in that case 'regulatory.db' isn't
loaded because it isn't signed correctly.

> In the former case, looks like we’ll have to do some more work.

We can either, bake the DB into the kernel at build time by replacing
the kernel's limited DB with the one from 'wireless-regdb' via the
option CONFIG_CFG80211_INTERNAL_REGDB¹. Or manage our own key, sign the
build database and add make the kernel load them as firmware file at
boot time, which is the usual way but would require a certain level off
work on or side.

> Could our ‘wireless-regdb’ build things from source, hopefully getting
> the exact same binary as the one provided upstream, in which case it
> could install the original signature as-is.  IOW, we’d be building from
> source for the explicit purpose of making sure the upstream-provided
> ‘regulatory.bin’ file can be built reproducibly from this source.

I didn't thought of that, I could give it a try as it should be lowest
hanging fruit.

>> I'm wondering if it's worth removing 'crda' from the default udev rules.
>
> It was added in 68ac258b5291aee33dd11a6fd0f545f81935b633 long ago, and I
> think it made sense back then.  :-)
>
> Do you think it’s now unnecessary because the kernel can load it all by
> itself?  Or does that depend on kernel build options?

After more testing, no.  We should keep it as default, it is needed if
you want to change you region from userland, with 'iw reg set' for
example.

I don't know how zelously we want to comply to radio frenquency
regulation by being sure our wireless devices don't emit on restricted
frenquecy between the kernel being loaded and userland (crda) setting
the correct region.  If we want to be sure such spourious emssions can't
happen we need to fix the loading of 'regulatory.db' by the kernel
otherwise the current setup should be good enought for most usage.

¹ https://cateee.net/lkddb/web-lkddb/CFG80211_INTERNAL_REGDB.html

Cheers,
- Brice

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.