[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6dce47fd-01fb-4401-88a3-d9e85ee5529a@oss.cyber.gouv.fr>
Date: Mon, 30 Jun 2025 14:34:12 +0200
From: Nicolas Bouchinet <nicolas.bouchinet@....cyber.gouv.fr>
To: Oliver Neukum <oneukum@...e.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Alan Stern <stern@...land.harvard.edu>,
Kannappan R <r.kannappan@...el.com>,
Sabyrzhan Tasbolatov <snovitoll@...il.com>,
Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
Stefan Eichenberger <stefan.eichenberger@...adex.com>,
Thomas Gleixner <tglx@...utronix.de>, Pawel Laszczak <pawell@...ence.com>,
Ma Ke <make_ruc2021@....com>, Jeff Johnson <jeff.johnson@....qualcomm.com>,
Luc Bonnafoux <luc.bonnafoux@....gouv.fr>,
Luc Bonnafoux <luc.bonnafoux@....cyber.gouv.fr>,
Nicolas Bouchinet <nicolas.bouchinet@....gouv.fr>,
linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org
Subject: Re: [RFC PATCH 3/4] usb: core: Plug the usb authentication capability
Hi Olivier,
Thank you for your review.
Indeed our current implementation of the usb authentication is still a bit
crude.
Currently, most, if not all of usb devices can't handle authentication.
If we
want to have an integration that doesn't break on current hosts, we need to
have a fail safe. We are still working on the best way to handle the
combination of authentication and authorization.
See the reply to Alan [1].
[1]:
https://lore.kernel.org/linux-usb/8cc10112-23a7-41af-b81f-7fc0c097d34d@oss.cyber.gouv.fr/
On 6/23/25 20:15, Oliver Neukum wrote:
> Hi,
>
> I am afraid someone has to address this.
>
> On 20.06.25 16:27, nicolas.bouchinet@....cyber.gouv.fr wrote:
>
>> + // Set a default value for authenticated at true in order not to
>> block devices
>> + // that do not support the authentication
>> + dev->authenticated = 1;
>
> So the default is authenticated. OK.
>
>> + if (le16_to_cpu(dev->descriptor.bcdUSB) >= 0x0201) {
>> + pr_notice("bcdUSB >= 0x0201\n");
>> + retval = usb_get_bos_descriptor(dev);
>> + if (!retval) {
>> + pr_notice("found BOS\n");
>> +#ifdef CONFIG_USB_AUTHENTICATION
>> + if (dev->bos->authent_cap) {
>
> If the device claims not to support authentication ...
>
>> + /* If authentication cap is present, start device
>> authent */
>> + pr_notice("found Authent BOS\n");
>> + retval = usb_authenticate_device(dev);
>> + if (retval != 0) {
>> + pr_err("failed to authenticate the device: %d\n",
>> + retval);
>> + } else if (!dev->authenticated) {
>> + pr_notice("device has been rejected\n");
>> + // return early from the configuration process
>> + return 0;
>> + } else {
>> + pr_notice("device has been authorized\n");
>> + }
>> + } else {
>> + // USB authentication unsupported
>> + // Apply security policy on failed devices
>> + pr_notice("no authentication capability\n");
>
> ... we do nothing about it. We enumerate.
>
> The purpose of authentication is guarding against unknown or malicious
> devices,
> isn't it? This behavior seems to be kind of incompatible with the goal.
>
> Regards
> Oliver
>
>
Powered by blists - more mailing lists