Re: [RFC PATCH 3/4] usb: core: Plug the usb authentication capability
From: Nicolas Bouchinet
Date: Mon Jun 30 2025 - 08:34:41 EST
Hi Olivier,
Thank you for your review.
Indeed our current implementation of the usb authentication is still a bit
crude.
Currently, most, if not all of usb devices can't handle authentication.
If we
want to have an integration that doesn't break on current hosts, we need to
have a fail safe. We are still working on the best way to handle the
combination of authentication and authorization.
See the reply to Alan [1].
[1]:
https://lore.kernel.org/linux-usb/8cc10112-23a7-41af-b81f-7fc0c097d34d@xxxxxxxxxxxxxxxxx/
On 6/23/25 20:15, Oliver Neukum wrote:
Hi,
I am afraid someone has to address this.
On 20.06.25 16:27, nicolas.bouchinet@xxxxxxxxxxxxxxxxx wrote:
+ // Set a default value for authenticated at true in order not to
block devices
+ // that do not support the authentication
+ dev->authenticated = 1;
So the default is authenticated. OK.
+ if (le16_to_cpu(dev->descriptor.bcdUSB) >= 0x0201) {
+ pr_notice("bcdUSB >= 0x0201\n");
+ retval = usb_get_bos_descriptor(dev);
+ if (!retval) {
+ pr_notice("found BOS\n");
+#ifdef CONFIG_USB_AUTHENTICATION
+ if (dev->bos->authent_cap) {
If the device claims not to support authentication ...
+ /* If authentication cap is present, start device
authent */
+ pr_notice("found Authent BOS\n");
+ retval = usb_authenticate_device(dev);
+ if (retval != 0) {
+ pr_err("failed to authenticate the device: %d\n",
+ retval);
+ } else if (!dev->authenticated) {
+ pr_notice("device has been rejected\n");
+ // return early from the configuration process
+ return 0;
+ } else {
+ pr_notice("device has been authorized\n");
+ }
+ } else {
+ // USB authentication unsupported
+ // Apply security policy on failed devices
+ pr_notice("no authentication capability\n");
... we do nothing about it. We enumerate.
The purpose of authentication is guarding against unknown or malicious
devices,
isn't it? This behavior seems to be kind of incompatible with the goal.
Regards
Oliver