Re: Updating cypress/brcm firmware in linux-firmware for CVE-2019-15126

From: Hans de Goede
Date: Wed Mar 18 2020 - 18:07:04 EST


Hi All,

On 2/26/20 11:16 PM, Hans de Goede wrote:
Hello Cypress people,

Can we please get updated firmware for
brcm/brcmfmac4356-pcie.bin and brcm/brcmfmac4356-sdio.bin
fixing CVE-2019-15126 as well as for any other affected
models (the 4356 is explicitly named in the CVE description) ?

The current Cypress firmware files in linux-firmware are
quite old, e.g. for brcm/brcmfmac4356-pcie.bin linux-firmware has:
version 7.35.180.176 dated 2017-10-23, way before the CVE

Where as https://community.cypress.com/docs/DOC-19000 /
cypress-fmac-v4.14.77-2020_0115.zip has:
version 7.35.180.197 which presumably contains a fix (no changelog)

Chris from Cypress has replied privately to me because of some
email issues, with the request to relay the information he
wrote here:

On 3/18/20 6:54 PM, Christopher Rumpf wrote:

> âCypress' CLM upstream policy is currently fragmented, as you have indicated.
> The 43340 and 43362 have embedded CLM upstreamed yet no other Cypress parts
> have done so and only deliver the firmware.bin files. Cypress' customers
> have been OK to follow this technote
> https://www.cypress.com/documentation/application-notes/an225347-cypress-wi-fi-clm-regulatory-manual
> which requires users to contact Cypress support to obtain the best performing
> Country Locale Matrix (CLM) for the Wi-Fi module and targeted regions.
> Such a model is of course not ideal for the open source community or for
> what we call âthe broad marketâ as it requires an extra human to human
> interaction that at the end of the day may reduce the user's time to
> market and ability to independently move forward.
>
> âAs I am sure you are aware, Cypressâ Embedded CLM = Wi-Fi Firmware +
> regional regulatory database + RF settings (NVRAM). The Wi-Fi Firmware is
> static across all projects however the regional regulatory database and the
> RF settings are implementation specific. Previously the hesitation to
> release a "worldwide generic embedded CLMâ was because the regional
> regulatory and RF settings are not tuned correctly for the implementation's
> characteristics and the project may experience sub-par connectivity
> performance or even perceived defects (such as power, RF, robustness).
>
>âIn the long term Cypress will be investing in additional tooling to automate
> these steps, perhaps even as part of the project's config or build step.
>
>âIn the short term Cypress is considering these two actions:
>
> 1. For all active upstreamed Cypress parts, Cypress will upstream a
> "worldwide generic embedded CLMâ. These Embedded CLMs wonât be tuned for
> specific projectâs regional or RF settings and customers may still need
> to reach out to Cypress support but at least they will be able to use the
> Cypress firmware in the linux-firmware repo right out of the box.

Note Chris later send me some clarification on this point:

On 3/18/20 10:29 PM, Christopher Rumpf wrote:
> One clarification here! Regarding the short term solution -
> the delivery may not be âembedded clmâ. It may be three different artifacts
> which are meant to service the broad market. The Cypress R&D team will decide
> the specifics of how to address the technical implementation to deliver the
> worldwide clm.

The below is a continuation of Chris' original email:

> 2. Cypress will add some more documentation in our READMEs and other
> supporting docs that discusses the risks which
> "worldwide generic embedded CLMâ brings. Customers can then make
> their own decision to engage with Cypress support which will depend
> on the characteristics of their project, I would imagine.
>
> Cypress would be able to implement these actions for the next release train
> which will be posted somewhere around end of June (pending any impact due
> to the coronavirus).
>
> Would these short and long term solutions meet the needs of the
> linux-firmware community? If no, may we collaborate more?

Chris, if I understand you correctly then the plan would result in the Cypress
maintained firmwares in linux-firmware being in sync (being the same versions
but with a more generic CLM) with the firmwares Cypress releases as part of
their SDK; and the first time we would see this in sync. release of Cypress
maintained firmwares would be around June. Correct?

This sounds very good to me.

I do have one question though, you describe the firmware as consisting of
3 parts: The actual firmware, the Country Locale Matrix and the NVRAM.

Currently linux-firmware contains firmwares with a generic CLM embedded
in them. But AFAIK the nvram-s are device-model/project specific (more so
then the CLM-s I believe) and normally the nvram is actual part of the
device and read by the kernel driver? The one exception to this is the
nvram files for some SDIO boards. Recent kernels have code to load
the nvram files for these SDIO boards using a device-model specific
name and the linux-firmware repository contains community contributed
NVRAM files for various device-models. Would this change with the
new firmware versions ?

Regards,

Hans