Suggestion for a Gigabit Ethernet Adapter

TiX0 · January 1, 2024, 2:07am

When buying a USB3 to GigaBit Ethernet Adapter, does the chipset matter in terms of privacy and security?

FranklyFlawless · January 1, 2024, 2:15am

It depends on how libre you want it to be. See also:

TiX0 · January 1, 2024, 2:42am

Don’t need a box/switch, only an USB3(A or C) to RJ45 Gigabit network.
Does not need to be “RYF certified” Libre, only to use common well-known kernel drivers. That matters mostly on the chipset, right?

irvinewade · January 1, 2024, 3:45am

For use with what hardware? with that distro?

I have a tp-link and that worked out-of-the-box with my Librem 5 (running PureOS), if memory serves - so that eliminates the worst issues. The chipset in that is ASIX AX88179.

TiX0 · January 2, 2024, 3:12am

It is for a Librem 15. PureOS and Qubes 4.2.
I am concerned about chipsets more than about brand for the adapter.
I would like to find one with a well-known Realtek chipset, supported by standard kernel drivers, no blobs, no install, no fuss.

FranklyFlawless · January 2, 2024, 3:22am

I found two from ThinkPenguin:

USB 3.0 to 10/100/1000 Gigabit Ethernet Network Adapter (TPE-1000NET3) | ThinkPenguin.com
USB 3.1 Type-C to 10/100/1000 Gigabit Ethernet Network Adapter (TPE-1000NET4) | ThinkPenguin.com

The chipset is the same as the one mentioned above (ASIX AX88179).

TiX0 · January 2, 2024, 3:32am

Thank you for your suggestions.
Actually, those two were my first choices (because they are RYF and I care about this certification); but that was until I found out that they would only ship from the U.S.A. and at an outrageous shipping fee.
So I need to buy one locally now.

carlosgonz · January 2, 2024, 3:33am

For Gnu the best Ethernet Chipset is: BCM5719, for Linux(Qubes,Debian, Fedora, Mint, Arch, BlaBla) you can use it Whatever, Whenever I do not care anything…

FranklyFlawless · January 2, 2024, 3:39am

The USB to Ethernet adapter @irvinewade probably got is this one with the AX88179 chipset:

Otherwise, the other three use the RTL8153 chipset:

TiX0 · January 2, 2024, 3:44am

Thank you. What in your opinion would set it aside from other commonly used chipsets for Gigabit Ethernet?

TiX0 · January 2, 2024, 3:48am

This is a very well-known and widely used chipset, right?

carlosgonz · January 2, 2024, 3:48am

The Firmware and Driver are Free Software.

irvinewade · January 2, 2024, 3:50am

You missed one though: UE305.

Don’t quote me on this but I think the only difference between the UE305 and the UE306 is the length of the USB cable (which for some usage may be important) i.e. definitely same chipset.

FranklyFlawless · January 2, 2024, 3:54am

I would not know, but based on all of these suggestions, it sounds like they are all compatible with Linux.

TiX0 · January 3, 2024, 3:43am

After all, it may be that I am not assessing the problem the right way
Should I think chipset or firmware (or both)? What kind of problems would be associated with either one?
I first thought the chipset to be the most important aspect, because a widely used and well-known chipset would have solid and resilient kernel drivers working right out of the box.
I didn’t consider firmware to be such an issue, because I absolutely wanted it to be FOSS, hence my first choice was RYF-certified ThinkPenguin adapters.
But firmware seems to come as the main issue now, with all the brands and models cited. For example, TP-Link was proposed, but it appears that this company is Chinese, mainland. I would never consider buying any computer product (that has any firmware) from China owned companies - and especially not networking devices that could phone home or have backdoors.
Looking around at other major brands, all firmware is proprietary (understand “obscured”), so the only variable here is which country manufactured it and what kind of jurisdiction the company is under.
This becomes a very complicated problem!

irvinewade · January 3, 2024, 4:09am

The world is a complicated place though because the actual chipset company is Taiwan, not China.

How does the device as a whole function? Where does the firmware run inside the device? Who has access to create or modify the firmware? Where is the chipset actually FABbed? Can the firmware be modified remotely, either from the host side or from the network side?

These are all very reasonable questions if you want to assess the security risk from the device, particularly in regards to geopolitical considerations, but I don’t have the knowledge or the expertise.

Firmware might be something of a furphy though - because, as I said, the device worked out of the box with my Librem 5 running PureOS - and PureOS does not ship firmware typically (and my phone doesn’t even yet have the firmware jail). So maybe the device does not require firmware to be loaded into it. (That doesn’t mean that the device has no firmware.)

Fairly obviously an untrusted networking device cannot realistically be prevented from

phoning home, or
DoSing you from the network

The best you can hope for is that all traffic that it sent over that device is encrypted by the host (e.g. routinely through the use of TLS, or other applicable technology) so that the untrusted device can’t snoop on the content of your communications.

FranklyFlawless · January 3, 2024, 4:52am

Take your time to reflect upon your priorities, then the resources required to fulfill them.

TiX0 · January 4, 2024, 4:23am

I am only now discovering a new land of obscurity…
Except for the ThinkPenguin RYF-certified USB/Gigabit Ethernet adapters, I couldn’t find any that claims to be Open Source. And what does that mean anyway? Is it the firmware running the device that is open or just that it is meant to work witn open source kernel drivers? ThinkPenguin does not explain.
But speaking of the rest of all the major brands making those network adapters, there is absolutely no information of any value regarding how their device operates, if it has any firmware at all and if that is updatable and how. We are completely left in the dark! Are they FPGA? MCU? SoC? Nobody knows, no specs, no data, no details. Secrecy all over the place - just like “microcodes” or “ACM” in Intel documentation…
And that leads inevitably to security issues, because one is unable to assess the security of the networking device they are about to install.

irvinewade · January 4, 2024, 4:43am

If “something” is claimed to be open source then you can download the source. That might at least answer the question as to whether the claim is talking about kernel drivers or firmware to run in the device or both.

My guess is that there is basically no difference between the tp-link and the ThinkPenguin device (in either case USB-A 3.0 to GbE, but if you only want to use this directly on the Librem 5, it may be more convenient to get the USB-C version).

Same chipset. No firmware blob required to be loaded by the operating system (hence no firmware blob stored in the operating system). Same open source kernel driver. Maybe there is firmware hiding permanently inside the device - maybe there isn’t - but either way same.

And at the end of the day, if the AX88179 chipset is untrusted then there are some things that you can control and some things that you can’t.

FranklyFlawless · January 4, 2024, 5:50am

Technically only one of them is RYF-certified; this product and the other two RYF-certified PCI(e) Ethernet adapters from ThinkPenguin are discontinued.

TPE-100NET2 10/100 USB Ethernet Network Adapter | RYF

As for more information about RYF certification, you can read about that below.

Respects Your Freedom (RYF) certification requirements | RYF