|This article may need to be rewritten entirely to comply with Wikipedia's quality standards, as the article's POV and style is not neutral. It contains contradictory and confusing content. (April 2012)|
In the context of open source software, a binary blob is a closed source binary-only driver without publicly available source code. The term usually refers to a closed-source kernel module loaded into the kernel of an open source operating system and is usually not applied to code running outside the kernel, such as BIOS code, firmware images, or userland programs. The term blob was first used in database management systems to describe a collection of binary data stored as a single entity.
When computer hardware vendors provide complete technical documentation for their products, operating system developers are able to write hardware device drivers to be included in the operating system kernels. However, some vendors, such as NVIDIA, do not provide complete documentation for some of their products and instead provide binary-only drivers (binary blobs); this practice is most common for accelerated graphics drivers, networking devices and RAID controllers.
Some projects try to create a free operating system, and will not accept binary blobs if they cannot get documentation for hardware or source code for device drivers. Such projects include NetBSD, FreeBSD, DragonFly BSD, and some GNU/Linux distributions.
The OpenBSD project has a notable policy of not accepting any binary blobs into its source tree, citing not only the potential for undetectable or irreparable security flaws, but also the encroachment onto the openness and freedom of its software.
The Free Software Foundation (FSF) is actively campaigning against binary blobs. It also considers OpenBSD's policy confusingly worded, as 'blobs' in the BSD community refer to what it considers non-free drivers, and not non-free firmware.
The Debian project included both free and non-free binary firmware blobs from the Linux kernel, clearly marking and separating the non-free packages according to the Debian Social Contract. As of Debian 6.0 those blobs were removed.
For OpenBSD, project leader Theo de Raadt defends the policy of only asking for distribution rights for microcode firmware blobs. "Once they are distributed... at least the device works." Implying that the alternative would be for the members of his small project to code free firmware themselves in the assembly language of many chipsets, he pleads "don't load us up with more tasks." Despite this he favours chipsets that run without firmware and speaks warmly of Asian designs which he describes as slower to market but more mature.
In the Linux kernel development community, Linus Torvalds has made strong statements on the issue of binary-only modules, asserting: "I refuse to even consider tying my hands over some binary-only module", and continuing: "I want people to know that when they use binary-only modules, it's THEIR problem". In 2008, 176 Linux kernel developers signed a Position Statement on Linux Kernel Modules that stated "We, the undersigned Linux kernel developers, consider any closed-source Linux kernel module or driver to be harmful and undesirable... We have repeatedly found them to be detrimental to Linux users, businesses, and the greater Linux ecosystem."
However, the Linux kernel contains numerous binary blobs, primarily containing closed-source firmwares required by various device drivers. Alexandre Oliva, the maintainer of the kernel Linux-libre, a version of Linux that does not contain binary-blobs, wrote, in 2011: "Linux hasn't been Free Software since 1996, when Mr Torvalds accepted the first pieces of non-Free Software in the distributions of Linux he has published since 1991. Over these years, while this kernel grew by a factor of 14, the amount of non-Free firmware required by Linux drivers grew by an alarming factor of 83. We, Free Software users, need to join forces to reverse this trend, and part of the solution is Linux-libre, whose release 2.6.33-libre was recently published by FSFLA, bringing with it freedom, major improvements and plans for the future."
There are a number of reasons why binary blobs can be problematic.
Firstly, their precise operation is not known and bugs cannot be detected by auditing source code, but are frequently only diagnosed by painstaking detective work when a system begins to behave unexpectedly. Such undetected bugs may also silently expose users and systems to security hazards. The fitness for purpose of the driver thus cannot be checked, and even if a bug is found there is no way to fix it.
Secondly, because the source code is not available the driver cannot be improved by its users, nor ported from one architecture to another not originally supported, nor adapted to operate slight variants of the hardware.
Thirdly, users are forced to trust vendors or malicious third parties not to put backdoors and spyware into the blob. Again on the theme of trust, the hardware vendor can decide not to support some operating systems, or to abandon driver maintenance at any time, or simply go out of business leaving the driver in limbo.
Finally, binary blobs drive a wedge between the portion of the community that believes in free software ideals and rejects the proprietary software, and the portion that sees open source as desirable for purely technical reasons and lacks a strong opposition to binary blobs "as long as they work". This fragmentation, and the acceptance of a growing number of proprietary components into Linux, weakens the ability of the community to resist the trend of manufacturers increasingly refusing to provide documentation for their hardware. At some point in the future, it may become infeasible to run a truly free operating system on most PCs.
Use via wrappers
A wrapper is software which allows one operating system to use a binary blob driver written for another operating system. Examples of wrappers are NdisWrapper for Linux, and Project Evil for FreeBSD and NetBSD. These wrappers allow these operating systems to use network drivers written for Microsoft Windows by implementing Microsoft's NDIS API.
Firmware, the software required by the onboard microcontrollers that accompany some hardware, is generally not considered to be a binary blob. In many devices, firmware is stored in non-volatile onboard flash memory, but to decrease costs and ease upgrades, some devices contain only static RAM and require the host operating system to upload firmware each time they are connected (especially USB devices). Although the firmware is thus present in the operating system driver, it is merely copied to the device and not executed by the CPU, lessening concerns about hidden security flaws. The OpenBSD project accepts binary firmware images and will redistribute these images if the license permits.
The BIOS, which functions as a bootloader and supports legacy real mode applications, is a crucial component of many IBM-compatible computers. The BIOS is always 16-bit, often has networking functions, and can be a security backdoor (sometimes deliberate,[not in citation given] and the operating system has no control over this backdoor). The FSF promotes coreboot in its campaign for free BIOS firmware.
- "Debian packages built from the source package 'firmware-nonfree' - Binary firmware for various drivers in the Linux kernel". 2010. Retrieved 2010-03-25.
- Matzan, Jem (15 June 2005). "BSD cognoscenti on Linux". NewsForge. Retrieved 2006-07-07. See Christos Zoulas's response to "Is sharing between Free/Open/NetBSD and the Linux kernel a common occurrence? And if so, does it go both ways?"
- Andrews, Jeremy (2006-05-02), "Interview: Theo de Raadt", KernelTrap (Jeremy Andrews)
- "Protest against ATI nearly led to the arrest of RMS". Free Software Foundation. 27 April 2006. Retrieved 2006-10-10.
- "Explaining Why We Don't Endorse Other Systems". GNU Project. July 13, 2011. Retrieved 2011-09-10.
- "Debian firmware-linux packages". 2010. Retrieved 2010-03-25.
- "Explaining Why We Don't Endorse Other Systems # Debian". 2013. Retrieved 2013-03-29.
- Linus Torvalds, kernel mailing list, Feb 7, 1999.
- Greg Kroah-Hartman (June 2008). "A position statement on Linux Kernel Modules". The Linux Foundation.
- https://www.gnu.org/distros/free-system-distribution-guidelines.html#nonfree-firmware. Missing or empty
- https://www.gnu.org/distros/common-distros.html. Missing or empty
- http://www.fsfla.org/ikiwiki/anuncio/2010-03-Linux-2.6.33-libre.en. Missing or empty
- Greg Kroah-Hartman (2006). "Myths, Lies, and Truths about the Linux kernel". Linux Symposium.
So, here's the simple answer to this issue: Closed source Linux kernel modules are illegal. That's it, it is very simple. I've had the misfortune of talking to a lot of different IP lawyers over the years about this topic, and every one that I've talked to all agree that there is no way that anyone can create a Linux kernel module, today, that can be closed source. It just violates the GPL due to fun things like derivative works and linking and other stuff. Again, it's very simple. Now no lawyer will ever come out in public and say this, as lawyer really aren't allowed to make public statements like this at all. But if you hire one, and talk to them in the client/lawyer setting, they will advise you of this issue.
- Andrews, Jeremy (2006-04-19). "Interview with Jonathan Gray and Damien Bergamini". kerneltrap.org. Retrieved 2008-01-06.
- "OpenBSD Works To Open Wireless Chipsets". KernelTrap. November 2, 2004. Retrieved 2006-06-23.
- "Intel vPro Technology". Intel.com. 2012-05-14. Retrieved 2014-04-10.
- "BIOS & Firmware Compatibility". Absolute.com. Retrieved 2014-04-10.
- as per IBM PC specs
- "Campaign for Free BIOS". Free Software Foundation. 2006-11-29. Retrieved 2007-01-02.
- McMillan, Robert (June 21, 2006). "Researchers hack Wi-Fi driver to breach laptop". InfoWorld. Retrieved 2006-06-23.
- KernelTrap article on Damien Bergamini's wpi(4) driver, a blobless ipw3945 alternative for OpenBSD
- KernelTrap interview with Jonathan Gray and Damien Bergamini regarding binary blobs
- The Black Hat Wireless Exploit Interview, Verbatim by Brian Krebs on the Washington Post's website, http://washingtonpost.com