Not all of the functionality is in the firmware though. You can put stuff in the silicon itself that allows backdoors.

It's very difficult to inspect a laid out chip for nefarious elements - there's too much of it to do manually. Having a secure supply chain is probably the best way to prevent that happening.

Which is not to say that I support this rule - it sounds like another import weapon trump can swing against people who aren't his friends.

It'd be great if open firmware could be commercially viable. Finding a business model is hard.

The OpenWRT One [1] sponsored by the Software Conservancy [2] and manufactured by Banana Pi [3] works lovely.

[1] https://openwrt.org/toh/openwrt/one

[2] https://sfconservancy.org/activities/openwrt-one.html

[3] https://docs.banana-pi.org/en/OpenWRT-One/BananaPi_OpenWRT-O...

You will first probably need Congress to legislate away the long standing prohibitions against offering (easily) user-modifiable RF devices on the market.

Self ownership and full 'right to repair' has carve-outs in the FCC's regulations in the name of limiting unintentional broadcasting/radiation. Maybe a challenge to those would survive in the post-Chevron environment. I wouldn't expect any Congress in the last 25 years to pass a law which would go against the incumbent telecom lobbyist interests though, and I'd expect such a hole if it did hit case law, to get 'patched' fairly quickly.

About the only way to really solve that would be to embarrass vendors enough to open their moats.

problem is: how do you prove the firmware in the flash chip matches source? And I do not mean me, with a disassembler and a pi pico to read out the flash chip. I mean the 70-yaer-old corner shop owner that buys this router to provide free WiFi for customers?