On Wed, Nov 30, 2022 at 05:20:11PM +0200, Laurent Pinchart wrote: > On Wed, Nov 30, 2022 at 02:52:50PM +0000, Sakari Ailus wrote: > > On Wed, Nov 30, 2022 at 02:56:46PM +0100, Hans de Goede wrote: ... > > The privacy LED is separate from sensor, including its power on/off > > sequences which suggests it could be at least as well be handled > > separately. > > And if the privacy LED is controllable through a GPIO, I think it should > be turned on at stream on time, not at power on time. That would allow > things like reading the OTP data from the sensor without flashing the > privacy LED. The malicious software may power up camera and drive it via user space / separate code flow in the kernel, no? I would stick with power on as it's the most secure side. Even if we 100% know we are _not_ streaming this LED should indicate that it may be turned on at any time, no? -- With Best Regards, Andy Shevchenko