Make loading of usb-hid kernel module dependent only for USB keyboard support #1145
Conversation
There was a problem hiding this comment.
Other than the trivial shell script fix below, would it be possible to check that if the module is not loaded, USB keyboards do not work but USB security dongles do? That catches both the case where the usbhid.ko module is necessary for security dongles and the case where usbhid.ko gets (wrongly) autoloaded. You might want to add usbhid.ko to a modprobe blocklist.
initrd/etc/functions
Outdated
| if [ $CONFIG_USB_KEYBOARD" = "y" ]; then | ||
| insmod /lib/modules/usbhid.ko \ | ||
| || die "usbhid: module load failed" |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
@DemiMarie there is no such thing under Heads. module loading is explicit but the scripts, where there is no blocklist.
If it is not loaded by enable_usb, per board config export (build time, or with user config override flashed back into the rom, measured and sealed by user resulting in good TOTP/HOTP, per cbfs-init code.
There was a problem hiding this comment.
@DemiMarie Its litterally the other way around: there is no autoloading :)
The modules needs to be loaded in the right order to be effectively loaded here.
CONFIG_LINUX_USB_COMPANION_CONTROLLER is old USB1 (only required per KGPE-D16 boards configs)
https://github.com/osresearch/heads/blob/714dbd7ac3790322166df67fe317b170ab4e33ee/initrd/etc/functions#L92-L133
Then when usb storage is needed, the module dependencies (enable_usb) is called just right before.
https://github.com/osresearch/heads/blob/182bd6bd7517c8e322bc4712db01906b41cce58c/initrd/bin/mount-usb#L11
There was a problem hiding this comment.
Thanks for the code review.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
tlaurion
force-pushed
the
seperate_usb-hid_from_usb_requirements_for_usb-keyboard_support
branch
2 times, most recently
from
631cbfc to
372b385
Compare
tlaurion
force-pushed
the
seperate_usb-hid_from_usb_requirements_for_usb-keyboard_support
branch
4 times, most recently
from
714dbd7 to
2c9a6cb
Compare
|
CircleCI cache was foo bar. Kicking rebuilt will fix this once 493eb3e recreated a cache with packages being part of all cache layers (finally). |
There was a problem hiding this comment.
I'm confused by this PR title, as the PR seems to be doing the exact opposite -- the usb-hid kernel module is being explicitly tied to, not separated from, usb keyboard support. A better title would be 'Make loading of usb-hid kernel module dependent on USB keyboard support'
The main commit here really needs to be broken down into smaller chunks:
- changing usb-hid support from Y to M (and being explicit about the change)
- adding the usb-hid module to the relevant linux configs
- add loading of usb-hid via enable_usb
- add new board x230-max-usb-kb
- add CI for new board
- fix: y -> "y"
Throwing all of this into a single commit makes it very difficult to parse/review/test.
There also needs to be tests that USB security keys work without the |
tlaurion
changed the title
Testing point: - All board configs not explicitely stating export CONFIG_USB_KEYBOARD=y should not have any impact - librem_l1um, kgpe-d16_workstation-usb_keyboard, librem_mini_v2 and librem_mini will loose USB Keyboard input with this commit alone.
…NFIG_USB_KEYBOARD is defined Testing points: - None here. Board who exported "CONFIG_USB_KEYBOARD=y" have it packed under their initrd, but there is no logic loading the module yet.
Testing points: - All boards explicitely declaring CONFIG_USB_KEYBOARD=y gets USB Keyboard back under Heads - All other boards are not impacted.
- this boards is a duplicate of x230-hotp-maximized with USB Keyboard support Testing points: - x230-hotp-maximized does not accept input from USB keyboard - x230-hotp-maximized_usb-kb accepts input from USB keyboard
tlaurion
force-pushed
the
seperate_usb-hid_from_usb_requirements_for_usb-keyboard_support
branch
from
2c9a6cb to
e1ca2a9
Compare
Testing points: - x230-hotp-maximized: USB keyboard is not working (confirmed) - x230-hotp-maximized_usb-kb: USB keyboard is working (confirmed)
tlaurion
force-pushed
the
seperate_usb-hid_from_usb_requirements_for_usb-keyboard_support
branch
from
e1ca2a9 to
7327f35
Compare
@DemiMarie:
@kylerankin @szszszsz @jans23 @MrChromebox
|
Thank you, I suspected so, but I wanted to see it written down explicitly. |
Looks good here on a Librem 14 as well |
|
Merging since pending question to Nitrokey is addressed under #836 (comment) |
@szszszsz @jans23 @kylerankin @MrChromebox : Addresses an old concern about USB HID that shouldn't be part of kernel if no USB keyboard needed: #836 (comment)
(Where USB keyboard is supported in early init code now through enable_usb if CONFIG_USB_KEYBOARD is exported per board config, while usbhid is build as a kernel module in all linux configurations as from this PR.
@DemiMarie : this should do?
@marmarek : new board addition in CI so you have a x230-hotp-maximized_usb-keyboard rom to test at each commit if wanted
@MrChromebox : I touched config/linux-librem_common.config changing usbhid.ko being built as a module, added in initrd if CONFIG_USB_KEYBOARD is added in board config
@Tonux599 : kgpe-d16-workstation_usb-keyboard is also affected here with the same reasoning (so workstation is having that usbhid.ko compiled as a module as well).
Tested: built usbhid as module (not in kernel): HOTP resealing worked after flash.
@szszszsz @kylerankin : where USB HID is needed for Nitrokey/Librem Keys under Heads?
981cb96 is added just for builds to work again (zlib 1.2.11 vanished and zlib 1.2.12 doesn't build properly as of now)