From: Sascha Hauer <s.hauer@pengutronix.de>
To: BAREBOX <barebox@lists.infradead.org>
Subject: [PATCH 19/24] security: usbgadget: add usbgadget security policy
Date: Wed, 20 Aug 2025 15:18:03 +0200 [thread overview]
Message-ID: <20250820-security-policies-v1-19-76fde70fdbd8@pengutronix.de> (raw)
In-Reply-To: <20250820-security-policies-v1-0-76fde70fdbd8@pengutronix.de>
USB gadget might be considered dangerous in secure environments, so add
a security policy for it.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
Sconfig | 1 +
common/usbgadget.c | 26 ++++++++++++++++++++++++++
drivers/usb/gadget/Sconfig | 11 +++++++++++
drivers/usb/gadget/composite.c | 4 ++++
drivers/usb/gadget/legacy/serial.c | 4 ++++
5 files changed, 46 insertions(+)
diff --git a/Sconfig b/Sconfig
index 899a1fb5783fb79def32e5af160b39208fea2edc..878d5055af2967617219cbadbfd8bee3f85236bd 100644
--- a/Sconfig
+++ b/Sconfig
@@ -6,4 +6,5 @@ source "scripts/Sconfig.include"
source "security/Sconfig"
source "common/Sconfig"
+source "drivers/usb/gadget/Sconfig"
source "commands/Sconfig"
diff --git a/common/usbgadget.c b/common/usbgadget.c
index 1333eaa413eafb766dc74e37e14d5082e93879ac..dc7b3ddc808ee0b1c63d81b914ff915bcc92a863 100644
--- a/common/usbgadget.c
+++ b/common/usbgadget.c
@@ -18,6 +18,7 @@
#include <globalvar.h>
#include <magicvar.h>
#include <system-partitions.h>
+#include <security/config.h>
static int autostart;
static int nv_loaded;
@@ -81,6 +82,9 @@ int usbgadget_register(struct f_multi_opts *opts)
int ret;
struct device *dev;
+ if (!IS_ALLOWED(SCONFIG_USB_GADGET))
+ return -EPERM;
+
/*
* Creating a gadget with both DFU and Fastboot may not work.
* fastboot 1:8.1.0+r23-5 can deal with it, but dfu-util 0.9
@@ -106,6 +110,9 @@ int usbgadget_prepare_register(const struct usbgadget_funcs *funcs)
struct f_multi_opts *opts;
int ret;
+ if (!IS_ALLOWED(SCONFIG_USB_GADGET))
+ return -EPERM;
+
opts = usbgadget_prepare(funcs);
if (IS_ERR(opts))
return PTR_ERR(opts);
@@ -161,6 +168,21 @@ void usbgadget_autostart(bool enable)
usbgadget_do_autostart();
}
+static void usbgadget_sconfig_update(struct sconfig_notifier_block *nb,
+ enum security_config_option opt,
+ bool allowed)
+{
+ if (allowed) {
+ if (autostart)
+ usbgadget_do_autostart();
+ } else {
+ usb_multi_unregister();
+ usb_serial_unregister();
+ }
+}
+
+static struct sconfig_notifier_block sconfig_notifier;
+
static int usbgadget_globalvars_init(void)
{
globalvar_add_simple_bool("usbgadget.acm", &acm);
@@ -169,6 +191,10 @@ static int usbgadget_globalvars_init(void)
globalvar_add_bool("usbgadget.autostart", usbgadget_autostart_set,
&autostart, NULL);
+ sconfig_register_handler_filtered(&sconfig_notifier,
+ usbgadget_sconfig_update,
+ SCONFIG_USB_GADGET);
+
return 0;
}
coredevice_initcall(usbgadget_globalvars_init);
diff --git a/drivers/usb/gadget/Sconfig b/drivers/usb/gadget/Sconfig
new file mode 100644
index 0000000000000000000000000000000000000000..38797301e514c203f75f876fa54971846d39d292
--- /dev/null
+++ b/drivers/usb/gadget/Sconfig
@@ -0,0 +1,11 @@
+
+menu "USB Gadget Policy"
+
+config USB_GADGET
+ bool "Allow USB gadget"
+ depends on $(kconfig-enabled,USB_GADGET)
+ help
+ USB gadget support might be potentially dangerous in secure environments.
+ The DFU and fastboot protocols allow to modify system partitions.
+
+endmenu
diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
index 98f7b5bf7fb412b77f8a926375df3f0ffbbc96da..2a9984e37ad3ec1325822eb2d328481ceb3ff906 100644
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -15,6 +15,7 @@
#include <linux/usb/composite.h>
#include <linux/bitfield.h>
#include <linux/uuid.h>
+#include <security/config.h>
#include <asm/unaligned.h>
#include <asm/byteorder.h>
@@ -2489,6 +2490,9 @@ int usb_composite_probe(struct usb_composite_driver *driver)
{
struct usb_gadget_driver *gadget_driver;
+ if (!IS_ALLOWED(SCONFIG_USB_GADGET))
+ return -EPERM;
+
if (!driver || !driver->dev || !driver->bind)
return -EINVAL;
diff --git a/drivers/usb/gadget/legacy/serial.c b/drivers/usb/gadget/legacy/serial.c
index 913d174a917794e7cab0f8006b8fd814887029f4..700e9db3a57462e331936efd303c6614544b251a 100644
--- a/drivers/usb/gadget/legacy/serial.c
+++ b/drivers/usb/gadget/legacy/serial.c
@@ -15,6 +15,7 @@
#include <linux/usb/gadget.h>
#include <linux/usb/composite.h>
#include <linux/usb/usbserial.h>
+#include <security/config.h>
#include <asm/byteorder.h>
#include "u_serial.h"
@@ -253,6 +254,9 @@ int usb_serial_register(struct usb_serial_pdata *pdata)
{
int ret;
+ if (!IS_ALLOWED(SCONFIG_USB_GADGET))
+ return -EPERM;
+
if (usb_serial_registered) {
pr_err("USB serial gadget already registered\n");
return -EBUSY;
--
2.39.5
next prev parent reply other threads:[~2025-08-20 14:32 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-20 13:17 [PATCH 00/24] Add security policy support Sascha Hauer
2025-08-20 13:17 ` [PATCH 01/24] kconfig: allow setting CONFIG_ from the outside Sascha Hauer
2025-08-20 13:17 ` [PATCH 02/24] scripts: include scripts/include for all host tools Sascha Hauer
2025-08-20 13:17 ` [PATCH 03/24] kbuild: implement loopable loop_cmd Sascha Hauer
2025-08-20 13:17 ` [PATCH 04/24] Add security policy support Sascha Hauer
2025-08-20 13:17 ` [PATCH 05/24] kbuild: allow security config use without source tree modification Sascha Hauer
2025-08-20 13:17 ` [PATCH 06/24] defaultenv: update PS1 according to security policy Sascha Hauer
2025-08-20 15:33 ` [PATCH] fixup! " Ahmad Fatoum
2025-08-20 13:17 ` [PATCH 07/24] security: policy: support externally provided configs Sascha Hauer
2025-08-20 13:17 ` [PATCH 08/24] commands: implement sconfig command Sascha Hauer
2025-08-20 13:17 ` [PATCH 09/24] docs: security-policies: add documentation Sascha Hauer
2025-08-20 13:17 ` [PATCH 10/24] commands: go: add security config option Sascha Hauer
2025-08-20 13:17 ` [PATCH 11/24] console: ratp: " Sascha Hauer
2025-08-20 13:17 ` [PATCH 12/24] bootm: support calling bootm_optional_signed_images at any time Sascha Hauer
2025-08-20 13:17 ` [PATCH 13/24] bootm: make unsigned image support runtime configurable Sascha Hauer
2025-08-20 13:17 ` [PATCH 14/24] ARM: configs: add virt32_secure_defconfig Sascha Hauer
2025-08-20 13:17 ` [PATCH 15/24] boards: qemu-virt: add security policies Sascha Hauer
2025-08-21 6:57 ` Ahmad Fatoum
2025-08-21 14:15 ` Sascha Hauer
2025-08-21 14:22 ` Ahmad Fatoum
2025-08-20 13:18 ` [PATCH 16/24] boards: qemu-virt: allow setting policy from command line Sascha Hauer
2025-08-20 13:18 ` [PATCH 17/24] test: py: add basic security policy test Sascha Hauer
2025-08-20 13:18 ` [PATCH 18/24] usbserial: add inline wrappers Sascha Hauer
2025-08-20 13:18 ` Sascha Hauer [this message]
2025-08-20 13:18 ` [PATCH 20/24] security: fastboot: add security policy for fastboot oem Sascha Hauer
2025-08-20 13:18 ` [PATCH 21/24] security: shell: add policy for executing the shell Sascha Hauer
2025-08-20 13:18 ` [PATCH 22/24] security: add security policy for loading barebox environment Sascha Hauer
2025-08-20 13:18 ` [PATCH 23/24] security: add filesystem security policies Sascha Hauer
2025-08-20 14:39 ` Ahmad Fatoum
2025-08-20 13:18 ` [PATCH 24/24] security: console: add security policy for console input Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250820-security-policies-v1-19-76fde70fdbd8@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox