Message ID | 20240209142951.27195-1-niko.mauno@vaisala.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | usb: core: Kconfig: Improve USB authorization mode help | expand |
On Fri, Feb 09, 2024 at 04:29:51PM +0200, niko.mauno@vaisala.com wrote: > From: Niko Mauno <niko.mauno@vaisala.com> > > Update the default USB device authorization mode help text so that the > meaning of the option and it's available values are described more > accurately. > > Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> > --- Shouldn't there be a "Reported-by:" line here to give proper credit for the developer who asked for this? > drivers/usb/core/Kconfig | 19 +++++++++++++++---- > 1 file changed, 15 insertions(+), 4 deletions(-) > > diff --git a/drivers/usb/core/Kconfig b/drivers/usb/core/Kconfig > index f337aaea7604..4665df550d36 100644 > --- a/drivers/usb/core/Kconfig > +++ b/drivers/usb/core/Kconfig > @@ -126,10 +126,21 @@ config USB_DEFAULT_AUTHORIZATION_MODE > Select the default USB device authorization mode. Can be overridden > with usbcore.authorized_default command line or module parameter. > > - The available values have the following meanings: > - 0 is unauthorized for all devices > - 1 is authorized for all devices (default) > - 2 is authorized for internal devices > + This option allows you to choose whether USB devices that are > + connected to the system can be used by default, or if they are > + locked down. > + > + With value 0 all connected USB devices with the exception of root > + hub require user space authorization before they can be used. > + > + With value 1 (default) no user space authorization is required to > + use connected USB devices. > + > + With value 2 all connected USB devices with exception of internal > + USB devices require user space authorization before they can be > + used. Note that in this mode the differentiation between internal > + and external USB devices relies on ACPI, and on systems without > + ACPI selecting value 2 is analogous to selecting value 0. > > If the default value is too permissive but you are unsure which mode > to use, say 2. In looking this over, this last sentance really isn't a good suggestion, as it will turn people's machine into one that by default, doesn't accept external USB devices, which is probably NOT what they want at all, and is NOT how Linux has worked for the past 20+ years. So maybe a bit better clarification as what the normal default should be here? thanks, greg k-h
On 10.2.2024 12.27, Greg KH wrote: > On Fri, Feb 09, 2024 at 04:29:51PM +0200, niko.mauno@vaisala.com wrote: >> From: Niko Mauno <niko.mauno@vaisala.com> >> >> Update the default USB device authorization mode help text so that the >> meaning of the option and it's available values are described more >> accurately. >> >> Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> >> --- > > Shouldn't there be a "Reported-by:" line here to give proper credit for > the developer who asked for this? > > > >> drivers/usb/core/Kconfig | 19 +++++++++++++++---- >> 1 file changed, 15 insertions(+), 4 deletions(-) >> >> diff --git a/drivers/usb/core/Kconfig b/drivers/usb/core/Kconfig >> index f337aaea7604..4665df550d36 100644 >> --- a/drivers/usb/core/Kconfig >> +++ b/drivers/usb/core/Kconfig >> @@ -126,10 +126,21 @@ config USB_DEFAULT_AUTHORIZATION_MODE >> Select the default USB device authorization mode. Can be overridden >> with usbcore.authorized_default command line or module parameter. >> >> - The available values have the following meanings: >> - 0 is unauthorized for all devices >> - 1 is authorized for all devices (default) >> - 2 is authorized for internal devices >> + This option allows you to choose whether USB devices that are >> + connected to the system can be used by default, or if they are >> + locked down. >> + >> + With value 0 all connected USB devices with the exception of root >> + hub require user space authorization before they can be used. >> + >> + With value 1 (default) no user space authorization is required to >> + use connected USB devices. >> + >> + With value 2 all connected USB devices with exception of internal >> + USB devices require user space authorization before they can be >> + used. Note that in this mode the differentiation between internal >> + and external USB devices relies on ACPI, and on systems without >> + ACPI selecting value 2 is analogous to selecting value 0. >> >> If the default value is too permissive but you are unsure which mode >> to use, say 2. > > In looking this over, this last sentance really isn't a good suggestion, > as it will turn people's machine into one that by default, doesn't > accept external USB devices, which is probably NOT what they want at > all, and is NOT how Linux has worked for the past 20+ years. > > So maybe a bit better clarification as what the normal default should be > here? > > thanks, > > greg k-h Thank you for the pointers, submitted v2 to address aforementioned issues. -Niko
diff --git a/drivers/usb/core/Kconfig b/drivers/usb/core/Kconfig index f337aaea7604..4665df550d36 100644 --- a/drivers/usb/core/Kconfig +++ b/drivers/usb/core/Kconfig @@ -126,10 +126,21 @@ config USB_DEFAULT_AUTHORIZATION_MODE Select the default USB device authorization mode. Can be overridden with usbcore.authorized_default command line or module parameter. - The available values have the following meanings: - 0 is unauthorized for all devices - 1 is authorized for all devices (default) - 2 is authorized for internal devices + This option allows you to choose whether USB devices that are + connected to the system can be used by default, or if they are + locked down. + + With value 0 all connected USB devices with the exception of root + hub require user space authorization before they can be used. + + With value 1 (default) no user space authorization is required to + use connected USB devices. + + With value 2 all connected USB devices with exception of internal + USB devices require user space authorization before they can be + used. Note that in this mode the differentiation between internal + and external USB devices relies on ACPI, and on systems without + ACPI selecting value 2 is analogous to selecting value 0. If the default value is too permissive but you are unsure which mode to use, say 2.