lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 10 Jan 2023 20:25:54 +0100
From:   Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
To:     forbidden405@...mail.com, 'Andy Gross' <agross@...nel.org>,
        'Bjorn Andersson' <andersson@...nel.org>,
        'Konrad Dybcio' <konrad.dybcio@...aro.org>,
        'Rob Herring' <robh+dt@...nel.org>,
        'Krzysztof Kozlowski' <krzysztof.kozlowski+dt@...aro.org>,
        linux-arm-msm@...r.kernel.org, devicetree@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     'Jaime Breva' <jbreva@...arsystems.com>,
        ~postmarketos/upstreaming@...ts.sr.ht,
        'Nikita Travkin' <nikita@...n.ru>
Subject: Re: [PATCH 3/3] arm64: dts: qcom: msm8916-zhihe: Add initial device
 tree for zhihe Wifi/LTE dongle UFI-001C and uf896

On 10/01/2023 19:58, forbidden405@...mail.com wrote:
> I removed Cc temporary because I had sent them the same email once. No need
> to send the email to them again.
> 
>> On 10/01/2023 19:30 krzysztof.kozlowski@...aro.org wrote:
> 
>> You install this kernel with DTB on some device so clearly you have such
>> device
>> in hand, right? It has then some manufacturer, some company. If it is USB
>> stick
>> as you said, then it has even vendor ID, which might be or might not be
>> real.
> 
> The vendor extracted from `/system/build.prop` and USB vendor ID is fake,
> even IMEI is stolen from some other mobile phones. Seems like the vendor
> deliberately tries to be anonymous. Some people had tried to extract info
> from stock firmware and on the Internet. But until now, we have no clear
> evidence to know the manufacturer.

Then I am not sure if we want to support such devices mainline. It is
not only anonymity but simply not following standards and practices.
What's more there is no guarantee what this device is. If there is no
known manufacturer, anytime another device from anyone can claim it is
also uf896. IOW, what guarantees you have that other person who has
something looking like "uf896" actually has something the same as you
and can use your DTB?

I don't know how to reasonably support entirely unknown devices.

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ