Fixing wireless regulatory support (crda, wireless-regdb) on openSUSE Tumbleweed

On recent SUSE-based distributions such as openSUSE Tumbleweed (and potentially also 13.2), executing iw reg get to check your WiFi device’s regulatory setup will likely get you an output such as this:


global
country 00: DFS-UNSET
(2402 - 2472 @ 40), (N/A, 20), (N/A)
(2457 - 2482 @ 40), (N/A, 20), (N/A), NO-IR
(2474 - 2494 @ 20), (N/A, 20), (N/A), NO-OFDM, NO-IR
(5170 - 5250 @ 80), (N/A, 20), (N/A), AUTO-BW, NO-IR
(5250 - 5330 @ 80), (N/A, 20), (0 ms), DFS, AUTO-BW, NO-IR
(5490 - 5730 @ 160), (N/A, 20), (0 ms), DFS, NO-IR
(5735 - 5835 @ 80), (N/A, 20), (N/A), NO-IR
(57240 - 63720 @ 2160), (N/A, 0), (N/A)

This indicates that your WiFi card has not been set up properly for your country — “00” is a generic default that only includes wireless frequency ranges and transmit power values that are safe around the world. This also means that you are unable to access wireless networks on country-specific channels, such as eg. channel 12 and 13 in the 2.4 GHz band in Germany and, even worse, most of the channels in the 5 GHz band: the no-ir in the output above means disallow initiating radiation of any kind.

Wireless regulations are handled in Linux by a combination of crda and wireless-regdb, the latter of which compromises a regulatory.bin file usually found under /usr/lib/crda. This binary file gets compiled from a source db.txt file which contains information about the regulations in different countries. It is compiled into the binary format and signed with a RSA private key, the public key of which is embedded into crda, which takes care of supplying the Linux kernel with updates to that file. crda can thus verify that only trusted regulatory.bin files get used to set up wireless devices and thus meet regulatory demands.

Now exactly this go wrong which you can see if you either run crda manually or its utility regdbdump:


# COUNTRY=DE crda
Database signature verification failed.
No country match in regulatory database.
# regdbdump /usr/lib/crda/regulatory.bin
Database signature verification failed.

All recent SUSE distros including the rolling release openSUSE Tumbleweed ship with crda, 1.1.3, built without openSSL support and thus unable to read public keys from /etc/wireless-regdb/pubkeys. Thus they rely on the public keys built-in at compile time. 1.1.3 compromised the key of John Linville only:


# tar tvjf crda-1.1.3.tar.bz2 | grep pem
-rw-rw-r-- root/root 451 2012-01-19 03:19 crda-1.1.3/pubkeys/linville.key.pub.pem

In December 2014, however, maintainership of wireless-regdb changed to Seth Forshee, that is, since wireless-regdb-2014-12-05. Seth obviously has a private key of his own, not John’s. Accordingly, crda was updated as well: all 3.x releases now also include Seth’s key.

Now guess what combination openSUSE Tumbleweed uses as of today? crda 1.1.3 and wireless-regdb 2015.01.30. Which must go wrong, of course, as seen above. You need a current crda version.

As a search on software.opensuse.org reveals, a newer crda version (3.1.8 as of today) is available in the “Hardware” repo at http://download.opensuse.org/repositories/hardware/openSUSE_Tumbleweed/. Add this to your system and update crda:


# zypper ar http://download.opensuse.org/repositories/hardware/openSUSE_Tumbleweed/ hardware
Adding repository 'hardware' ..........................................................................................................................................[done]
Repository 'hardware' successfully added
Enabled : Yes
Autorefresh : No
GPG Check : Yes
URI : http://download.opensuse.org/repositories/hardware/openSUSE_Tumbleweed/

# zypper --non-interactive install crda-3.18
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following package is going to be upgraded:
crda

The following package is going to change vendor:
crda openSUSE -> obs://build.opensuse.org/hardware

1 package to upgrade, 1 to change vendor.
Overall download size: 0 B. Already cached: 25.5 KiB After the operation, additional 16.3 KiB will be used.
Continue? [y/n/? shows all options] (y): y
In cache crda-3.18-48.1.x86_64.rpm (1/1), 25.5 KiB ( 50.7 KiB unpacked)
Checking for file conflicts: ..........................................................................................................................................[done]
(1/1) Installing: crda-3.18-48.1 ......................................................................................................................................[done]

Now after a reboot, my locale got automagically set and iw reg get shows the expected output:


global
country DE: DFS-ETSI
(2400 - 2483 @ 40), (N/A, 20), (N/A)
(5150 - 5250 @ 80), (N/A, 20), (N/A), NO-OUTDOOR, AUTO-BW
(5250 - 5350 @ 80), (N/A, 20), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
(5470 - 5725 @ 160), (N/A, 26), (0 ms), DFS
(57000 - 66000 @ 2160), (N/A, 40), (N/A)

Voila!

Leave a comment