summaryrefslogtreecommitdiffstats
path: root/Documentation/usb
diff options
context:
space:
mode:
authorDmitry Torokhov <dtor@chromium.org>2019-02-17 08:21:51 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-02-22 09:27:55 +0100
commit7bae0432a64aa7569dbd0feb2927fd3ff913901f (patch)
tree6af0b4f35bb5eb87326f546a18597c00d06942a2 /Documentation/usb
parentMerge tag 'usb-serial-5.1-rc1-2' of https://git.kernel.org/pub/scm/linux/kern... (diff)
downloadlinux-7bae0432a64aa7569dbd0feb2927fd3ff913901f.tar.xz
linux-7bae0432a64aa7569dbd0feb2927fd3ff913901f.zip
usb: core: add option of only authorizing internal devices
On Chrome OS we want to use USBguard to potentially limit access to USB devices based on policy. We however to do not want to wait for userspace to come up before initializing fixed USB devices to not regress our boot times. This patch adds option to instruct the kernel to only authorize devices connected to the internal ports. Previously we could either authorize all or none (or, by default, we'd only authorize wired devices). The behavior is controlled via usbcore.authorized_default command line option. Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'Documentation/usb')
-rw-r--r--Documentation/usb/authorization.txt4
1 files changed, 3 insertions, 1 deletions
diff --git a/Documentation/usb/authorization.txt b/Documentation/usb/authorization.txt
index f901ec77439c..9dd1dc7b1009 100644
--- a/Documentation/usb/authorization.txt
+++ b/Documentation/usb/authorization.txt
@@ -34,7 +34,9 @@ $ echo 1 > /sys/bus/usb/devices/usbX/authorized_default
By default, Wired USB devices are authorized by default to
connect. Wireless USB hosts deauthorize by default all new connected
devices (this is so because we need to do an authentication phase
-before authorizing).
+before authorizing). Writing "2" to the authorized_default attribute
+causes kernel to only authorize by default devices connected to internal
+USB ports.
Example system lockdown (lame)