Date: Wed, 12 Jun 2024 19:13:41 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@freebsd.org> To: Warner Losh <imp@bsdimp.com> Cc: Roger Marquis <marquis@roble.com>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: Kernel device for iwlwifi in 13.3? Message-ID: <s059298n-18rn-2p60-6159-5597pon119pn@serrofq.bet> In-Reply-To: <CANCZdfovXcutbLyBOVrj0bzxrbr8nqp9fuyusvV5Q2xUneLPjA@mail.gmail.com> References: <s67598s7-pqo4-p840-1p33-61r57p401440@mx.roble.com> <F9175D79-3B6A-4E1F-BC10-FC347BB2B1DA@gmail.com> <09q5s28q-np09-73r0-9352-9p6333r830o9@mx.roble.com> <or23n70r-p5n0-8104-o89q-262p486qn284@SerrOFQ.bet> <74po168o-p064-p78q-qn7o-5209o5q53q60@mx.roble.com> <CANCZdfovXcutbLyBOVrj0bzxrbr8nqp9fuyusvV5Q2xUneLPjA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1098556516-1503615921-1718219622=:2327 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT On Wed, 12 Jun 2024, Warner Losh wrote: > On Wed, Jun 12, 2024, 11:47 AM Roger Marquis <marquis@roble.com> wrote: > >>>> Also wondering why there is no iwl* in /usr/src/sys/amd64/conf/* and >>>> what, if anything, >>> >>> Because it is a non-essential driver to boot and so we only build it as >>> a module which is a continuation of that people once started in order to >>> get GENERIC size down. The module will be loaded at run-time >>> automatically (in a default setup) if such a card is found in the system >>> and the driver will then automatically load its firmware (which will >>> hopefully eventually also not be in base anymore). >> >> That's the threat vector I'd like to avoid i.e, someone plugging-in a >> usb (or other) wifi device. I suppose it's not necessarily different >> than plugging-in an ethernet device but as a general rule all vectors >> that can be avoided should be. This, and kernel compilation in general, >> is one of the areas FreeBSD has an advantage over other OS. Not being >> able to prevent these and other kernel modules is just unnecessary >> risk. >> > > You can list exactly the modules to build to control that threat. See > MODULES_OVERRIDE= or raise securelevel. -- Bjoern A. Zeeb r15:7 --1098556516-1503615921-1718219622=:2327--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?s059298n-18rn-2p60-6159-5597pon119pn>