Date: Wed, 12 Jun 2024 12:00:41 -0600 From: Warner Losh <imp@bsdimp.com> To: Roger Marquis <marquis@roble.com> Cc: "Bjoern A. Zeeb" <bz@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: Kernel device for iwlwifi in 13.3? Message-ID: <CANCZdfovXcutbLyBOVrj0bzxrbr8nqp9fuyusvV5Q2xUneLPjA@mail.gmail.com> In-Reply-To: <74po168o-p064-p78q-qn7o-5209o5q53q60@mx.roble.com> References: <s67598s7-pqo4-p840-1p33-61r57p401440@mx.roble.com> <F9175D79-3B6A-4E1F-BC10-FC347BB2B1DA@gmail.com> <09q5s28q-np09-73r0-9352-9p6333r830o9@mx.roble.com> <or23n70r-p5n0-8104-o89q-262p486qn284@SerrOFQ.bet> <74po168o-p064-p78q-qn7o-5209o5q53q60@mx.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000c864a5061ab529be Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Jun 12, 2024, 11:47=E2=80=AFAM Roger Marquis <marquis@roble.com> wr= ote: > >> Also wondering why there is no iwl* in /usr/src/sys/amd64/conf/* and > >> what, if anything, > > > > Because it is a non-essential driver to boot and so we only build it as > > a module which is a continuation of that people once started in order t= o > > get GENERIC size down. The module will be loaded at run-time > > automatically (in a default setup) if such a card is found in the syste= m > > and the driver will then automatically load its firmware (which will > > hopefully eventually also not be in base anymore). > > That's the threat vector I'd like to avoid i.e, someone plugging-in a > usb (or other) wifi device. I suppose it's not necessarily different > than plugging-in an ethernet device but as a general rule all vectors > that can be avoided should be. This, and kernel compilation in general, > is one of the areas FreeBSD has an advantage over other OS. Not being > able to prevent these and other kernel modules is just unnecessary > risk. > You can list exactly the modules to build to control that threat. See MODULES_OVERRIDE=3D Warner > --000000000000c864a5061ab529be Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"auto"><div><br><br><div class=3D"gmail_quote"><div dir=3D"ltr" = class=3D"gmail_attr">On Wed, Jun 12, 2024, 11:47=E2=80=AFAM Roger Marquis &= lt;<a href=3D"mailto:marquis@roble.com">marquis@roble.com</a>> wrote:<br= ></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-= left:1px #ccc solid;padding-left:1ex">>> Also wondering why there is = no iwl* in /usr/src/sys/amd64/conf/* and<br> >> what, if anything,<br> ><br> > Because it is a non-essential driver to boot and so we only build it a= s<br> > a module which is a continuation of that people once started in order = to<br> > get GENERIC size down.=C2=A0 The module will be loaded at run-time<br> > automatically (in a default setup) if such a card is found in the syst= em<br> > and the driver will then automatically load its firmware (which will<b= r> > hopefully eventually also not be in base anymore).<br> <br> That's the threat vector I'd like to avoid i.e, someone plugging-in= a<br> usb (or other) wifi device.=C2=A0 I suppose it's not necessarily differ= ent<br> than plugging-in an ethernet device but as a general rule all vectors<br> that can be avoided should be.=C2=A0 This, and kernel compilation in genera= l,<br> is one of the areas FreeBSD has an advantage over other OS.=C2=A0 Not being= <br> able to prevent these and other kernel modules is just unnecessary<br> risk.<br></blockquote></div></div><div dir=3D"auto"><br></div><div dir=3D"a= uto">You can list exactly the modules to build to control that threat. See = MODULES_OVERRIDE=3D</div><div dir=3D"auto"><br></div><div dir=3D"auto">Warn= er=C2=A0</div><div dir=3D"auto"><div class=3D"gmail_quote"><blockquote clas= s=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad= ding-left:1ex"> </blockquote></div></div></div> --000000000000c864a5061ab529be--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfovXcutbLyBOVrj0bzxrbr8nqp9fuyusvV5Q2xUneLPjA>