From owner-freebsd-usb@FreeBSD.ORG Thu Oct 9 14:44:24 2014 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8DD28113; Thu, 9 Oct 2014 14:44:24 +0000 (UTC) Received: from mail.turbocat.net (mail.turbocat.net [IPv6:2a01:4f8:d16:4514::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 19D9784D; Thu, 9 Oct 2014 14:44:24 +0000 (UTC) Received: from laptop015.home.selasky.org (cm-176.74.213.204.customer.telag.net [176.74.213.204]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 9087A1FE022; Thu, 9 Oct 2014 16:44:21 +0200 (CEST) Message-ID: <54369F43.9010806@selasky.org> Date: Thu, 09 Oct 2014 16:44:19 +0200 From: Hans Petter Selasky User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Oliver Pinter Subject: Re: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell References: <201410082347.s98NkjW3025396@fire.js.berklix.net> <54362AE2.90501@selasky.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, "Julian H. Stacey" , Poul-Henning Kamp , freebsd-usb@freebsd.org X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2014 14:44:24 -0000 On 10/09/14 15:59, Oliver Pinter wrote: > On 10/9/14, Hans Petter Selasky wrote: >> Hi Julian, >> >> On 10/09/14 01:46, Julian H. Stacey wrote: >>> Hi Hans etc >>> "Julian H. Stacey" wrote: >>>> Hans Petter Selasky wrote: >>>>> Hi, >>>>> >>>>> Can you test the following kernel patch and give some feedback: >>>>> >>>>> https://svnweb.freebsd.org/changeset/base/272733 >>> >>> I'm now on latest current with src & sys/ GENERIC >>> /usr/src/.ctm_status # src-cur 11645 >>> >>> This time I downloaded your files properly >>> (last time I was severely distracted & made a silly mistake) >>> >>>>> After the patch you will get something like: >>>>> hw.usb.disable_enumeration: 0 >>>>> dev.uhub.0.disable_enumeration: 0 >>>>> dev.uhub.1.disable_enumeration: 0 >>>>> ... >>> >>> sysctl -a | grep enumeration >>> hw.usb.disable_enumeration: 0 >>> dev.uhub.0.disable_enumeration: 0 >>> dev.uhub.1.disable_enumeration: 0 >>> dev.uhub.2.disable_enumeration: 0 >>> dev.uhub.3.disable_enumeration: 0 >>> dev.uhub.4.disable_enumeration: 0 >>> >>> sysctl -d hw.usb.disable_enumeration >>> hw.usb.disable_enumeration: Set to disable all USB device enumeration. >>> >>> sysctl -d dev.uhub.4.disable_enumeration >>> dev.uhub.4.disable_enumeration: Set to disable enumeration on this USB >>> HUB. >>> >>> usbconfig >>> ugen0.1: at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) >>> pwr=SAVE (0mA) >>> ugen1.1: at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) >>> pwr=SAVE (0mA) >>> ugen0.2: at usbus0, cfg=0 md=HOST spd=HIGH >>> (480Mbps) pwr=SAVE (0mA) >>> ugen1.2: at usbus1, cfg=0 md=HOST spd=HIGH >>> (480Mbps) pwr=SAVE (0mA) >>> ugen0.3: <1.3M WebCam XPA2535XY> at usbus0, cfg=255 md=HOST spd=HIGH >>> (480Mbps) pwr=OFF (500mA) >>> ugen1.3: at usbus1, cfg=0 >>> md=HOST spd=LOW (1.5Mbps) pwr=ON (100mA) >>> ugen1.4: at usbus1, cfg=0 md=HOST spd=HIGH >>> (480Mbps) pwr=SAVE (100mA) >>> >> >>> >>> Great ! Seems to work. >>> >>> (Though I need to read up on how major & minor of ugen relate to >>> the digit in eg 4.disable_enumeration) >>> >>> >>>>> which is also settable through /boot/loader.conf (tunable) >>> >>> Good, >>> I hope/presume loader.conf gets run before any USB, cos I recall >>> lecturer Karsten Nohl pointing out one could get BadUSB taking up >>> residence in USB controller chips inside a PC, ie for a built in >>> mouse or web cam, so one would need to turn off enumeration earlier >>> than when first external USB approaches to connect. >> >> Yes, if set by the loader.conf, you will only see the RootHUB after boot. >> >> To get devices back after enabling enumeration again, you will need to >> reset the HUBs: >> >> usbconfig -d X.1 reset >> >> For example. >> >> BTW: I've added some exceptions, that existing devices can be detached, >> suspend/resumed and reset while the enumeration is disabled. > > Can we somehow improve this change, to powering down the ports/hubs > which has the enumeration disabled? > Hi, I've added this as an orthogonal feature. Please test and report back: hw.usb.disable_enumeration: 0 hw.usb.disable_port_power: 0 dev.uhub.0.disable_enumeration: 0 dev.uhub.0.disable_port_power: 0 https://svnweb.freebsd.org/changeset/base/272822 Thank you! --HPS