Blacklist USB ports

Discussion about U-Boot and the kernel.

Blacklist USB ports

Postby mirgantrophy » Fri May 11, 2018 12:06 am

Hello all, I have been trying to figure this out for the better part of a day already. I know in centOS its as easy as making a .conf file in modprobe.d and having "blacklist usb-storage" in it. All of my Google-fu has failed to return any results about disabling ALL USB access on the pi, other than debian/rhel based distros. I also couldn't find anything on regular Arch about disabling all ports.
I have tried $ ls /lib/modules/$(uname -r)/kernel/drivers (and deleting/moving the hid folder, because i didn't see anything specific for hid-keyboard), as well as the same thing in usb. I tried doing modinfo on a lot of the modules but some didn't return any valuable information. I also notice mkinitcpio runs a build hook for [keyboard], I could just disable that hook, right?

But at the same time I don't want ANY USB device to be detected. I don't care that they receive power, I just don't want them to interact with the OS at all.

Will I need to build a kernel myself? Is there a repo for the kernel including in the OS I can fork, or do I need to start from the base linux kernel?

I am trying to set this up as a kiosk, sadly they stay behind the TVs where anyone can grab the device, or plug in a BadUSB, or a a keyboard or something.

Thanks in advance!
mirgantrophy
 
Posts: 2
Joined: Thu May 10, 2018 11:54 pm

Re: Blacklist USB ports

Postby WarheadsSE » Sat May 12, 2018 2:28 pm

Remember that the ethernet is on USB as well.

As for blacklisting modules, it can be done in the same fashion with modprobe.d blacklisting. It should be in the Arch Wiki (applicable here). As for kernel sources, the PKGBUILD for the kernel has everything you need to know, if you decide you _have_ to rebuild the kernel.
Core Developer
Remember: Arch Linux ARM is entirely community donation supported!
WarheadsSE
Developer
 
Posts: 6807
Joined: Mon Oct 18, 2010 2:12 pm

Re: Blacklist USB ports

Postby mirgantrophy » Sat May 12, 2018 3:14 pm

I did learn it the hard way, I disabled all USB/HID stuff and rebuilt the kernel and no ethernet. What exactly is the module name? I've tried usb-storage and usb-core to no success.

Though when blacklisting usb-storage in modprobe.d, i did not add /bin/false at the end, If my understanding is correct, without /bin/false, the module is loaded as needed otherwise?

Are all loaded modules listed in "/etc/modules-load.d/" or is that simply where we add our new modules?
Is modifying the block/keyboard hook necessary or would blacklisting the module with /bin/false be sufficient?

Thanks.
mirgantrophy
 
Posts: 2
Joined: Thu May 10, 2018 11:54 pm


Return to U-Boot/Kernel

Who is online

Users browsing this forum: No registered users and 6 guests