You no longer own your

DO NOT buy new TP-Link Routers they may have locked firmware


You no longer own your router.

We are starting to enter a new era in the digital age: an era where we no longer have the freedom to control the tools that we use in our daily lives. This new era is marked by devices where the manufacturer not only decides how the device can be used, but also disallows users modifying the device to better suit their needs.

While many users do not have the drive nor knowledge to utilize the freedom to control their devices in this manner, it is important for every user. If we have the freedom to control these devices, then we may add new functionality, fix critical bugs, and make improvements even after the original manufacturer chooses to no longer support the device.

The issue of having locked down devices is not a new problem; it is only getting worse for the libreCMC project and the Free Software community as a whole. We are now at the point where a major router OEM has begun to lock down new firmwares such that it cannot be replaced with a third-party firmware.

This means:

  • Only the OEM is allowed to fix bugs, where the OEM has a track record of not doing so.

  • Users no longer have the freedom to add functionality the OEM failed to provide, or remove unwanted functionality.

  • It may become difficult or impossible to flash new firmware at all.

  • Devices found to be vulnerable to a new security threat will have no mitigation strategy other than to replace the device.

There are numerous issues with owning a device but not having the freedom to control it; this is just the tip of the iceberg.

Now for the bad news...

The reason why this post is being written is due to the fact that TP-Link routers bought after Feb. 01 2016 can't have libreCMC (or other firmware)flashed from stock firmware[1]. The only method for installing libreCMC on thesenew routers will be via u-boot using tftp, but that may not work in the future [2].

Why are router firmwares being locked down now?

There is a lot of speculation around this topic, but most leads point towards newFCC rules and OEMs choosing the path of least resistance for implementing these newrules.

TLDR; New stock TP-Link routers can't easily be flashed with libreCMC (or other firmware)

[1] TP-Link Lockdown : http://ml.ninux.org/pipermail/battlemesh/2016-February/004379.html

[2] Note: Some targets with this firmware checking are supported by libreCMC, but will require a serial cable (or USB to serial cable). Newer SoCs may have keys burned into the chip duringmanufacture, so libreCMC won't be able to support those targets if OEMs choose to go this route.