The business model is simple: Sell nice hardware at a premium, then sponsor and upstream improvements to OpenWRT.

If the software is an important differentiator (arguably, it is for things like Ubiquiti, but clearly it is not for most consumer routers), then release the patches under the Business Source License with a 3-5 year sunset back to BSD / Apache / GPL.

Open to audits doesn't mean free software, it just means visible source. The business model for selling routers with auditable firmware is selling routers.

There's also Turris from cz.nic [1]. Technically they use a fork of OpenWRT with some convenience features like auto-updates, although it looks like you can run OpenWRT on (some of their routers?) if you wanted to [2].

[1] https://www.turris.com

[2] https://openwrt.org/toh/turris/turris_omnia

Just declare that any router that can be flashed to OpenWRT without loss of functionality is allowed to be imported.

Open firmware would become commercially viable when IP is abolished

I dunno, I'm pretty big on FOSS but I don't think you would need that to improve. Requiring that the firmware have its source code available to audit doesn't mean that users can replace it. AFAIK you could, today, with no legal changes, have a vendor release 100% of the code under eg. a MIT license while also making the device refuse to run firmware not signed with their keys. Researchers could poke at it to find bugs, and FCC regulations wouldn't be touched. (Note: IANAL, so feel free to point out if I'm wrong about that)

(To be clear, I don't think that's good enough; at a minimum I think there should be a wifi card that does refuse modifications and a main application processor that is 100% user controlled so that they can actually fix problems without needing the vendor to help, but I think it's useful to point out that auditing code doesn't require being able to install it)

> how do you prove the firmware in the flash chip matches source?

Trusted, qualified independent experts: Ala Underwriters Laboratories.

A trusted website that compiles it from source and a way for you to go to a webpage and flash from there automatically. The FPV community does that all the time with a set of websites for their ESC, flight controllers, radio, all open source. You can add signatures etc but just a trusted website goes a long way vs a random blob preinstalled

not to mention even on the bananapi you gotta trust mediatek.

There's no solution to that other than having knowledge and researching the code/device yourself. You can pick apart modern Linux/busybox based IoTs fairly quickly, so effort needed is not really a huge issue.

Maybe trusted community of people could do it for everyone, but there's currently all kinds of potential legal trouble brewing in that approach. Complete and public reverse engineering of every aspect of any device would have to be made completely legal, so that people could freely publish all artifacts extracted from a device and produced during reverse engineering and collaborate on them without any fear of repercussions. Also HW manufacturers would have to be prohibited from NDAing documentation for SoCs, etc.

Side benefit would be that this would also serve as a documentation for freeing the device and developing alternative firmwares with modernized sw/reduced attack surface.