Post AkPJJkUN8jMeW4EMWO by marcel@waldvogel.family
(DIR) More posts by marcel@waldvogel.family
(DIR) Post #AkPJJj7eDjaoHIahSi by toor@citydweller.social
2024-07-28T18:31:40Z
0 likes, 0 repeats
Please - wherever you are - never use an offered #USB cable/ port to charge your device. Always use a power brick connected to a wall socket. Never ever data will be transferred like this - if you trust your own power brick.#malware #spyware
(DIR) Post #AkPJJkUN8jMeW4EMWO by marcel@waldvogel.family
2024-07-28T18:49:07Z
0 likes, 0 repeats
@toor Good basic advice.However, if your OS does reliably prevent USB data exchange, you might still be able to use "free USB" connectors.(Of course, your own charger might also be better at preventing accidental or purposeful overvoltage on the #USB pins…)
(DIR) Post #AkPJJldcroMQ53ZGaG by toor@citydweller.social
2024-07-28T19:23:56Z
0 likes, 0 repeats
@marcel That's not that easy with USB 3+.It used to be easy to have cables only allowing charging. Nowadays this would mean 500 mW charging....
(DIR) Post #AkPJJmJSMHoyAn8fmi by marcel@waldvogel.family
2024-07-28T19:54:34Z
0 likes, 0 repeats
@toor I didn't mean the old-style cable solutions, but newer-style firmware/software solutions. Haven't looked deeper but @GrapheneOS #USB #attack surface minimization sounds good.https://grapheneos.org/features#usb-c-port-and-pogo-pins-control
(DIR) Post #AkPJJn8VIUecj71RLs by toor@citydweller.social
2024-07-28T20:25:24Z
0 likes, 0 repeats
@marcel @GrapheneOS Will have a look at it!
(DIR) Post #AkPJJnczT92aFfHms4 by GrapheneOS@grapheneos.social
2024-07-28T21:58:45Z
0 likes, 0 repeats
@toor @marcel This is the low-level part of our changes for disabling USB-C data for 8th gen Pixels:https://github.com/GrapheneOS/kernel_google-modules_soc_gs/compare/8498141ce33ed86a257a653efa38f401f63d3338...53e8a630cbf2516f36ab0542aeae829e8eec3b13It's similar for 6th/7th gen Pixels but they use an older kernel branch with different organization for the modules.USB HAL changes for 8th generation Pixels are here:https://github.com/GrapheneOS/device_google_zuma/commits/14/Similar for 6th/7th gen Pixels in their own repositories.We also have generic kernel changes for redundant software-level enforcement and disabling USB-C alternate modes.
(DIR) Post #AkPJJoGh5WneEnrUky by GrapheneOS@grapheneos.social
2024-07-28T22:03:17Z
0 likes, 0 repeats
@toor @marcel Our approach disables USB-C and pogo pins data at a hardware level. It also disables accepting new USB connections or using USB-C alternate modes at a higher level in the kernel too.Only disabling new USB connections USB at a kernel level would still leave a large amount of both kernel and firmware attack surface.We support disabling charging including USB-PD too, which is a separate thing from USB-C data. The default leaves charging including USB-PD enabled though.
(DIR) Post #AkPJJojPMllhfrIQVs by GrapheneOS@grapheneos.social
2024-07-28T22:04:34Z
0 likes, 0 repeats
@toor @marcel Generic kernel part:https://github.com/GrapheneOS/kernel_common-5.15/commit/0500817d938d300750dcb8679eb8cbef15732f6bhttps://github.com/GrapheneOS/kernel_common-5.15/commit/b6e3a86a8d1a153e3ddfab1de18e4cdafb8dd0f0https://github.com/GrapheneOS/kernel_common-5.15/commit/fd3d99c637e6f0e2ec2dd0fed47140644e5eec6aThe same changes are there across the 5.10, 5.15, 6.1 and 6.6 GKI LTS branches.
(DIR) Post #AkPJJpMl0TFBdthqqW by marcel@waldvogel.family
2024-07-29T01:09:07Z
0 likes, 1 repeats
@GrapheneOS @toor Wow! Definitely the longest, most competent answer to an @ mention I've ever seen. Thanks! (And thanks for #GrapheneOS! I ordered a new #Pixel this weekend just to be able to try it out. 😊)