I’d like someone to explain this to me as I find this interesting. I have tech background but the OSI model is not something I’ve interacted with directly.
Some questions I come to think of
1. Why ESP32 made it closed?
2. What does the MAC layer in the OSI model make it so important to either make this closed/open source ?
From the article: "security auditability", possibility for features not supported, make research into Wi-Fi networks with lots of nodes more affordable.
E.g. ESP32 is proprietary, but it doesn’t limit the connection to certain routers, but could it be made to be?
1. They might have used IP cores with license that forbids disclosing any technical details, including firmware implementation.
2. Manipulating RF registers could cause the device to operate outside of regulatory parameters, perhaps invalidating FCC certification for the whole device. By not disclosing how to use MAC directly, they can claim they did their best to prevent device from misbehaving.
A huge part of the cost of developing a WiFi chip is in the firmware. WiFi is a complex set of protocols, and is especially tricky to implement in a low ram, low compute, power constrained device.
There is perhaps a 50/50 effort split between firmware and hardware design. Open source the firmware and suddenly an upstart competitor has only half the cost to market, and therefore could undercut you in price.
i'm also not professional networking engineer but overall open core will allow;
better interfacing and integration as a wifi chip on SBCs like raspberry pi, potentially allowing faster rates and lower latencies on SPI or I2c buses
better security and possibly handling further standards than the espressif allows.
for example, you may implement wpa3 or wpa4 (if it comes out at some point) without needing to wait for espressif to implement and release themselves. plus, they may never have the incentives to do so if a newer chip (esp64?) comes out...
I’d like someone to explain this to me as I find this interesting. I have tech background but the OSI model is not something I’ve interacted with directly.
Some questions I come to think of
1. Why ESP32 made it closed? 2. What does the MAC layer in the OSI model make it so important to either make this closed/open source ?
From the article: "security auditability", possibility for features not supported, make research into Wi-Fi networks with lots of nodes more affordable.
E.g. ESP32 is proprietary, but it doesn’t limit the connection to certain routers, but could it be made to be?
1. They might have used IP cores with license that forbids disclosing any technical details, including firmware implementation.
2. Manipulating RF registers could cause the device to operate outside of regulatory parameters, perhaps invalidating FCC certification for the whole device. By not disclosing how to use MAC directly, they can claim they did their best to prevent device from misbehaving.
There’s many devices that can get uncapped (Yaesu handhelds for example) without losing FCC certification.
A huge part of the cost of developing a WiFi chip is in the firmware. WiFi is a complex set of protocols, and is especially tricky to implement in a low ram, low compute, power constrained device.
There is perhaps a 50/50 effort split between firmware and hardware design. Open source the firmware and suddenly an upstart competitor has only half the cost to market, and therefore could undercut you in price.
i'm also not professional networking engineer but overall open core will allow;
better interfacing and integration as a wifi chip on SBCs like raspberry pi, potentially allowing faster rates and lower latencies on SPI or I2c buses
better security and possibly handling further standards than the espressif allows.
for example, you may implement wpa3 or wpa4 (if it comes out at some point) without needing to wait for espressif to implement and release themselves. plus, they may never have the incentives to do so if a newer chip (esp64?) comes out...
OSI MAC =/= WIFI MAC + PHY
Just in case you didn't know, the OSI model is wrong. The world uses the "TCP/IP model" - there's no "presentation layer" for example.
Timely post with the vulnerability research this week? https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-...
That was related to Bluetooth. Interesting undocumented low level commands but it's a bit of a stretch to call it a vulnerability IMHO.
But having the whole stack open would just be better in general.
Correct. HN thread https://news.ycombinator.com/item?id=43301369
Not a vulnerability in the way that Tarlogic makes it sound. Disingenuous and misleading article for sure.
A good bunch of "security" articles that make the news look more like scareware to me in the past years.
A list of other open source firmware:
https://wiki.debian.org/Firmware/Open
I was watching the 38c3 talk about this a few months ago, and just laughed seeing the recent news. Guess they have a good reason to be paranoid, hmm.
https://youtu.be/r8IqkUTGjlA