On 8/5/21 12:01 PM, Dan Williams wrote:
What's wrong with the generic authorized proposal? The core can default to deauthorizing devices on the platform bus, or any bus, unless on an allow list. It's a bit more work to uplevel the local "authorized" implementations from USB and Thunderbolt to the core, but it's functionally identical to the "filter" approach in terms of protection, i.e. avoiding probe of unnecessary unvetted drivers.
I have not yet read about the "authorized" model in USB and Thunderbolt. So bear with me if my question is basic or obvious. In the case USB authorized model, who maintains the allow list? kernel or userspace? If we are clubbing it with the driver filter model, I think allow list in kernel should take precedence. Agree? -- Sathyanarayanan Kuppuswamy Linux Kernel Developer
