Re: [RFC PATCH 3/4] usb: core: Plug the usb authentication capability
From: Oliver Neukum
Date: Mon Jun 23 2025 - 14:15:33 EST
Hi,
I am afraid someone has to address this.
On 20.06.25 16:27, nicolas.bouchinet@xxxxxxxxxxxxxxxxx wrote:
+ // Set a default value for authenticated at true in order not to block devices
+ // that do not support the authentication
+ dev->authenticated = 1;
So the default is authenticated. OK.
+ if (le16_to_cpu(dev->descriptor.bcdUSB) >= 0x0201) {
+ pr_notice("bcdUSB >= 0x0201\n");
+ retval = usb_get_bos_descriptor(dev);
+ if (!retval) {
+ pr_notice("found BOS\n");
+#ifdef CONFIG_USB_AUTHENTICATION
+ if (dev->bos->authent_cap) {
If the device claims not to support authentication ...
+ /* If authentication cap is present, start device authent */
+ pr_notice("found Authent BOS\n");
+ retval = usb_authenticate_device(dev);
+ if (retval != 0) {
+ pr_err("failed to authenticate the device: %d\n",
+ retval);
+ } else if (!dev->authenticated) {
+ pr_notice("device has been rejected\n");
+ // return early from the configuration process
+ return 0;
+ } else {
+ pr_notice("device has been authorized\n");
+ }
+ } else {
+ // USB authentication unsupported
+ // Apply security policy on failed devices
+ pr_notice("no authentication capability\n");
... we do nothing about it. We enumerate.
The purpose of authentication is guarding against unknown or malicious devices,
isn't it? This behavior seems to be kind of incompatible with the goal.
Regards
Oliver