On Thu, Aug 05, 2021 at 12:08:52PM -0700, Kuppuswamy, Sathyanarayanan wrote: > > > On 8/5/21 12:01 PM, Dan Williams wrote: > > What's wrong with the generic authorized proposal? The core can > > default to deauthorizing devices on the platform bus, or any bus, > > unless on an allow list. It's a bit more work to uplevel the local > > "authorized" implementations from USB and Thunderbolt to the core, but > > it's functionally identical to the "filter" approach in terms of > > protection, i.e. avoiding probe of unnecessary unvetted drivers. > > I have not yet read about the "authorized" model in USB and Thunderbolt. > So bear with me if my question is basic or obvious. In the case USB > authorized model, who maintains the allow list? kernel or userspace? Please go read the documentation and don't ask others to do your work for you...
