Announcement

**Sonadow** · 11 February 2021, 01:41 AM

Why is a firmware-level switch being shifted to kernel space?

**tildearrow** · 11 February 2021, 02:01 AM

Originally posted by Sonadow View Post

Why is a firmware-level switch being shifted to kernel space?

Because it would be more convenient to toggle the switch at any time through sysctl than having to reboot to change it.

**ssokolow** · 11 February 2021, 01:06 PM

Originally posted by tildearrow View Post

Because it would be more convenient to toggle the switch at any time through sysctl than having to reboot to change it.

...plus, if it supports changes that don't get persisted as BIOS settings (I haven't checked), then it'd allow boot flows where the system boots with the USB4 ports locked down and then the kernel only brings them up after all relevant security tunings are in place.

**rawr** · 12 February 2021, 06:46 AM

Will there be/Is there also a usb firewall against unauthorized devices?

**Terrablit** · 12 February 2021, 05:01 PM

Also, we should know by now that expecting firmware to do things properly is an ideal that regularly conflicts with reality. Yes, we all want solid UEFI support for all firmware options with good descriptions, a nice UI, and good basic support.

However, everyone just slaps logos on the same basic shit, doesn't label half of the firmware options, locks out several important options, and fucks up the ACPI tables like DSDT, important interfaces are implemented only through Windows-specific technology like WMI, etc. Plus, they want to save $3 by,making the flash memory small so that you often don't get dual firmware support, and you can't have support for multiple CPU generations in the same firmware version, etc.

A lot of linux kernel work is dealing with shitty firmware. Vendors rarely care enough to fix stuff for Linux, though it's getting better.

**rawr** · 13 February 2021, 10:04 PM

Originally posted by Terrablit View Post

Also, we should know by now that expecting firmware to do things properly is an ideal that regularly conflicts with reality. Yes, we all want solid UEFI support for all firmware options with good descriptions, a nice UI, and good basic support.

Ideally UEFI is superseded with something more robust/less convoluted.
I really want to look into Linuxboot and see how easy it is to apply.
We really do not need most of the code that is found in typical UEFI blobs.

If the vendors do not maintain their firmware, I should be able to do it for the parts that are not hardware-dependent.

Originally posted by Terrablit View Post

A lot of linux kernel work is dealing with shitty firmware. Vendors rarely care enough to fix stuff for Linux, though it's getting better.

It would be nice if we at least could fix parts of it ourselves.

**torsionbar28** · 16 February 2021, 12:30 PM

Originally posted by rawr View Post

If the vendors do not maintain their firmware, I should be able to do it for the parts that are not hardware-dependent.
It would be nice if we at least could fix parts of it ourselves.

Yet another reason to support vendors like System76 who are using open source firmware.

**Terrablit** · 18 February 2021, 10:31 AM

Originally posted by torsionbar28 View Post

Yet another reason to support vendors like System76 who are using open source firmware.

Definitely. Don't forget Raptor with the POWER workstations. It's outside the price range of many, but their work is really impressive.

Announcement

Linux 5.12 To Support USB4 "Security Level 5" To Disable PCIe Tunneling

Linux 5.12 To Support USB4 "Security Level 5" To Disable PCIe Tunneling

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment