From: Brice Waegeneire <brice@waegenei.re>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 49649@debbugs.gnu.org
Subject: [bug#49649] [PATCH] gnu: Add regulatory.db in %base-firmware.
Date: Tue, 20 Jul 2021 23:02:20 +0200 [thread overview]
Message-ID: <87r1fshf6r.fsf_-_@waegenei.re> (raw)
In-Reply-To: <87bl6xktf5.fsf@gnu.org> ("Ludovic Courtès"'s message of "Tue, 20 Jul 2021 15:26:38 +0200")
Hello Ludo’,
Ludovic Courtès <ludo@gnu.org> writes:
>> # dmesg | grep -E '(cfg80211|regulatory)'
>> [ 6.282015] cfg80211: Loading compiled-in X.509 certificates for regulatory database
>> [ 6.283766] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
>> [ 6.285927] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -2
>> [ 6.285931] cfg80211: loaded regulatory.db is malformed or signature is missing/invalid
>>
>
> Does that means that the loaded ‘regulatory.db’ is discarded right away?
> Or does it proceed anyway?
I did more testing and you are right, in that case 'regulatory.db' isn't
loaded because it isn't signed correctly.
> In the former case, looks like we’ll have to do some more work.
We can either, bake the DB into the kernel at build time by replacing
the kernel's limited DB with the one from 'wireless-regdb' via the
option CONFIG_CFG80211_INTERNAL_REGDB¹. Or manage our own key, sign the
build database and add make the kernel load them as firmware file at
boot time, which is the usual way but would require a certain level off
work on or side.
> Could our ‘wireless-regdb’ build things from source, hopefully getting
> the exact same binary as the one provided upstream, in which case it
> could install the original signature as-is. IOW, we’d be building from
> source for the explicit purpose of making sure the upstream-provided
> ‘regulatory.bin’ file can be built reproducibly from this source.
I didn't thought of that, I could give it a try as it should be lowest
hanging fruit.
>> I'm wondering if it's worth removing 'crda' from the default udev rules.
>
> It was added in 68ac258b5291aee33dd11a6fd0f545f81935b633 long ago, and I
> think it made sense back then. :-)
>
> Do you think it’s now unnecessary because the kernel can load it all by
> itself? Or does that depend on kernel build options?
After more testing, no. We should keep it as default, it is needed if
you want to change you region from userland, with 'iw reg set' for
example.
I don't know how zelously we want to comply to radio frenquency
regulation by being sure our wireless devices don't emit on restricted
frenquecy between the kernel being loaded and userland (crda) setting
the correct region. If we want to be sure such spourious emssions can't
happen we need to fix the loading of 'regulatory.db' by the kernel
otherwise the current setup should be good enought for most usage.
¹ https://cateee.net/lkddb/web-lkddb/CFG80211_INTERNAL_REGDB.html
Cheers,
- Brice
next prev parent reply other threads:[~2021-07-20 21:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-19 21:15 [bug#49649] [PATCH] gnu: Add regulatory.db in %base-firmware Brice Waegeneire
2021-07-20 13:26 ` Ludovic Courtès
2021-07-20 21:02 ` Brice Waegeneire [this message]
2021-07-20 21:56 ` Tobias Geerinckx-Rice via Guix-patches via
2021-07-23 9:11 ` Ludovic Courtès
2021-07-23 9:55 ` Tobias Geerinckx-Rice via Guix-patches via
2021-12-25 18:44 ` [bug#49649] [PATCH v2 0/4] Load wireless regulatory database in kernel Brice Waegeneire
2021-12-28 7:15 ` Leo Famulari
2021-12-31 14:29 ` Ludovic Courtès
2022-06-01 20:29 ` [bug#49649] [PATCH] gnu: Add regulatory.db in %base-firmware Ludovic Courtès
2021-12-25 18:44 ` [bug#49649] [PATCH v2 1/4] " Brice Waegeneire
2021-12-25 18:44 ` [bug#49649] [PATCH v2 2/4] gnu: wireless-regdb: Reuse 'regulatory.db' signature Brice Waegeneire
2021-12-25 18:44 ` [bug#49649] [PATCH v2 3/4] gnu: wireless-regdb: Update to 2021.08.28 Brice Waegeneire
2021-12-25 18:44 ` [bug#49649] [PATCH v2 4/4] gnu: crda: Describe it as obsolete Brice Waegeneire
2021-12-25 21:13 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r1fshf6r.fsf_-_@waegenei.re \
--to=brice@waegenei.re \
--cc=49649@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).