Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 117494a1 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6: (142 commits)
  USB: fix race in autosuspend reschedule
  atmel_usba_udc: Keep track of the device status
  USB: Nikon D40X unusual_devs entry
  USB: serial core should respect driver requirements
  USB: documentation for USB power management
  USB: skip autosuspended devices during system resume
  USB: mutual exclusion for EHCI init and port resets
  USB: allow usbstorage to have LUNS greater than 2Tb
  USB: Adding support for SHARP WS011SH to ipaq.c
  USB: add atmel_usba_udc driver
  USB: ohci SSB bus glue
  USB: ehci build fixes on au1xxx, ppc-soc
  USB: add runtime frame_no quirk for big-endian OHCI
  USB: funsoft: Fix termios
  USB: visor: termios bits
  USB: unusual_devs entry for Nikon DSC D2Xs
  USB: re-remove <linux/usb_sl811.h>
  USB: move <linux/usb_gadget.h> to <linux/usb/gadget.h>
  USB: Export URB statistics for powertop
  USB: serial gadget: Disable endpoints on unload
  ...
parents 4d5709a7 d1aa3e6a
Loading
Loading
Loading
Loading
+92 −0
Original line number Diff line number Diff line

Authorizing (or not) your USB devices to connect to the system

(C) 2007 Inaky Perez-Gonzalez <inaky@linux.intel.com> Intel Corporation

This feature allows you to control if a USB device can be used (or
not) in a system. This feature will allow you to implement a lock-down
of USB devices, fully controlled by user space.

As of now, when a USB device is connected it is configured and
it's interfaces inmediately made available to the users. With this
modification, only if root authorizes the device to be configured will
then it be possible to use it.

Usage:

Authorize a device to connect:

$ echo 1 > /sys/usb/devices/DEVICE/authorized

Deauthorize a device:

$ echo 0 > /sys/usb/devices/DEVICE/authorized

Set new devices connected to hostX to be deauthorized by default (ie:
lock down):

$ echo 0 > /sys/bus/devices/usbX/authorized_default

Remove the lock down:

$ echo 1 > /sys/bus/devices/usbX/authorized_default

By default, Wired USB devices are authorized by default to
connect. Wireless USB hosts deauthorize by default all new connected
devices (this is so because we need to do an authentication phase
before authorizing).


Example system lockdown (lame)
-----------------------

Imagine you want to implement a lockdown so only devices of type XYZ
can be connected (for example, it is a kiosk machine with a visible
USB port):

boot up
rc.local ->

 for host in /sys/bus/devices/usb*
 do
    echo 0 > $host/authorized_default
 done

Hookup an script to udev, for new USB devices

 if device_is_my_type $DEV
 then
   echo 1 > $device_path/authorized
 done


Now, device_is_my_type() is where the juice for a lockdown is. Just
checking if the class, type and protocol match something is the worse
security verification you can make (or the best, for someone willing
to break it). If you need something secure, use crypto and Certificate
Authentication or stuff like that. Something simple for an storage key
could be:

function device_is_my_type()
{
   echo 1 > authorized		# temporarily authorize it
                                # FIXME: make sure none can mount it
   mount DEVICENODE /mntpoint
   sum=$(md5sum /mntpoint/.signature)
   if [ $sum = $(cat /etc/lockdown/keysum) ]
   then
        echo "We are good, connected"
        umount /mntpoint
        # Other stuff so others can use it
   else
        echo 0 > authorized
   fi
}


Of course, this is lame, you'd want to do a real certificate
verification stuff with PKI, so you don't depend on a shared secret,
etc, but you get the idea. Anybody with access to a device gadget kit
can fake descriptors and device info. Don't trust that. You are
welcome.
+517 −0

File added.

Preview size limit exceeded, changes collapsed.

+11 −0
Original line number Diff line number Diff line
@@ -428,6 +428,17 @@ Options supported:
  See http://www.uuhaus.de/linux/palmconnect.html for up-to-date
  information on this driver.

Winchiphead CH341 Driver

  This driver is for the Winchiphead CH341 USB-RS232 Converter. This chip
  also implements an IEEE 1284 parallel port, I2C and SPI, but that is not
  supported by the driver. The protocol was analyzed from the behaviour
  of the Windows driver, no datasheet is available at present.
  The manufacturer's website: http://www.winchiphead.com/.
  For any questions or problems with this driver, please contact
  frank@kingswood-consulting.co.uk.


Generic Serial driver

  If your device is not one of the above listed devices, compatible with
+8 −1
Original line number Diff line number Diff line
@@ -34,9 +34,12 @@ if usbmon is built into the kernel.
Verify that bus sockets are present.

# ls /sys/kernel/debug/usbmon
1s  1t  1u  2s  2t  2u  3s  3t  3u  4s  4t  4u
0s  0t  0u  1s  1t  1u  2s  2t  2u  3s  3t  3u  4s  4t  4u
#

Now you can choose to either use the sockets numbered '0' (to capture packets on
all buses), and skip to step #3, or find the bus used by your device with step #2.

2. Find which bus connects to the desired device

Run "cat /proc/bus/usb/devices", and find the T-line which corresponds to
@@ -56,6 +59,10 @@ Bus=03 means it's bus 3.

# cat /sys/kernel/debug/usbmon/3u > /tmp/1.mon.out

to listen on a single bus, otherwise, to listen on all buses, type:

# cat /sys/kernel/debug/usbmon/0u > /tmp/1.mon.out

This process will be reading until killed. Naturally, the output can be
redirected to a desirable location. This is preferred, because it is going
to be quite long.
+7 −0
Original line number Diff line number Diff line
@@ -677,6 +677,13 @@ P: Haavard Skinnemoen
M:	hskinnemoen@atmel.com
S:	Supported

ATMEL USBA UDC DRIVER
P:	Haavard Skinnemoen
M:	hskinnemoen@atmel.com
L:	kernel@avr32linux.org
W:	http://avr32linux.org/twiki/bin/view/Main/AtmelUsbDeviceDriver
S:	Supported

ATMEL WIRELESS DRIVER
P:	Simon Kelley
M:	simon@thekelleys.org.uk
Loading