From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] kernel: drop FireWire (IEEE 1394) support Date: Sun, 26 Jul 2020 11:50:01 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9133559877831860188==" List-Id: --===============9133559877831860188== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Good morning Peter, since firewire hardware is basically non-existant for many many years I do not think that this patch drastically improved the security of the system. If an attacker has physical access to the system, other attacks are possible, too, and firewire is not a necessity. However, there is no reason left to actually compile this. It wastes more build power than it is useful. So I can ack this: Acked-by: Michael Tremer I suppose that again you didn't build this because there are no roofile changes?! Best, -Michael On Sat, 2020-07-25 at 19:46 +0000, Peter Müller wrote: > Similar to Thunderbolt, supporting FireWire is dangerous as it allows > Direct Memory Attacks, which are known to be actively used by more > sophisticated attackers ( > https://wikileaks[.]org/spyfiles/files/0/293_GAMMA-201110-FinFireWire.pdf > ). > > Since network hardware using FireWire is diminishing, and there is no > other legitimate reason to use FireWire on an IPFire machine, > dropping > support for it looks reasonable to me. > > Signed-off-by: Peter Müller > --- > config/kernel/kernel.config.aarch64-ipfire | 12 +--------- > .../kernel.config.armv5tel-ipfire-multi | 12 +--------- > config/kernel/kernel.config.i586-ipfire | 23 +-------------- > ---- > config/kernel/kernel.config.x86_64-ipfire | 23 +-------------- > ---- > 4 files changed, 4 insertions(+), 66 deletions(-) > > diff --git a/config/kernel/kernel.config.aarch64-ipfire > b/config/kernel/kernel.config.aarch64-ipfire > index c616cbb85..03dc67c06 100644 > --- a/config/kernel/kernel.config.aarch64-ipfire > +++ b/config/kernel/kernel.config.aarch64-ipfire > @@ -1936,10 +1936,7 @@ CONFIG_DM_SWITCH=m > # > # IEEE 1394 (FireWire) support > # > -CONFIG_FIREWIRE=m > -CONFIG_FIREWIRE_OHCI=m > -CONFIG_FIREWIRE_SBP2=m > -# CONFIG_FIREWIRE_NET is not set > +# CONFIG_FIREWIRE is not set > # CONFIG_FIREWIRE_NOSY is not set > CONFIG_NETDEVICES=y > CONFIG_MII=m > @@ -3899,11 +3896,6 @@ CONFIG_VIDEO_SH_VEU=m > # Supported MMC/SDIO adapters > # > # CONFIG_SMS_SDIO_DRV is not set > - > -# > -# Supported FireWire (IEEE 1394) Adapters > -# > -# CONFIG_DVB_FIREDTV is not set > CONFIG_MEDIA_COMMON_OPTIONS=y > > # > @@ -4550,7 +4542,6 @@ CONFIG_SND_BCD2000=m > # CONFIG_SND_USB_PODHD is not set > # CONFIG_SND_USB_TONEPORT is not set > # CONFIG_SND_USB_VARIAX is not set > -# CONFIG_SND_FIREWIRE is not set > CONFIG_SND_SOC=m > CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y > # CONFIG_SND_SOC_AMD_ACP is not set > @@ -5471,7 +5462,6 @@ CONFIG_STAGING=y > # > # CONFIG_STAGING_BOARD is not set > CONFIG_LTE_GDM724X=m > -# CONFIG_FIREWIRE_SERIAL is not set > # CONFIG_LNET is not set > # CONFIG_DGNC is not set > # CONFIG_GS_FPGABOOT is not set > diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi > b/config/kernel/kernel.config.armv5tel-ipfire-multi > index 5280a6a62..fb667f367 100644 > --- a/config/kernel/kernel.config.armv5tel-ipfire-multi > +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi > @@ -2206,10 +2206,7 @@ CONFIG_DM_SWITCH=m > # > # IEEE 1394 (FireWire) support > # > -CONFIG_FIREWIRE=m > -CONFIG_FIREWIRE_OHCI=m > -CONFIG_FIREWIRE_SBP2=m > -# CONFIG_FIREWIRE_NET is not set > +# CONFIG_FIREWIRE is not set > # CONFIG_FIREWIRE_NOSY is not set > CONFIG_NETDEVICES=y > CONFIG_MII=m > @@ -4260,11 +4257,6 @@ CONFIG_VIDEO_TI_CSC=m > # Supported MMC/SDIO adapters > # > # CONFIG_SMS_SDIO_DRV is not set > - > -# > -# Supported FireWire (IEEE 1394) Adapters > -# > -# CONFIG_DVB_FIREDTV is not set > CONFIG_MEDIA_COMMON_OPTIONS=y > > # > @@ -4966,7 +4958,6 @@ CONFIG_SND_BCD2000=m > # CONFIG_SND_USB_PODHD is not set > # CONFIG_SND_USB_TONEPORT is not set > # CONFIG_SND_USB_VARIAX is not set > -# CONFIG_SND_FIREWIRE is not set > CONFIG_SND_SOC=m > CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y > # CONFIG_SND_SOC_AMD_ACP is not set > @@ -5946,7 +5937,6 @@ CONFIG_STAGING=y > # > # CONFIG_STAGING_BOARD is not set > CONFIG_LTE_GDM724X=m > -# CONFIG_FIREWIRE_SERIAL is not set > # CONFIG_LNET is not set > # CONFIG_DGNC is not set > # CONFIG_GS_FPGABOOT is not set > diff --git a/config/kernel/kernel.config.i586-ipfire > b/config/kernel/kernel.config.i586-ipfire > index 3e31119f6..7235b70f2 100644 > --- a/config/kernel/kernel.config.i586-ipfire > +++ b/config/kernel/kernel.config.i586-ipfire > @@ -2107,10 +2107,7 @@ CONFIG_FUSION_LOGGING=y > # > # IEEE 1394 (FireWire) support > # > -CONFIG_FIREWIRE=m > -CONFIG_FIREWIRE_OHCI=m > -CONFIG_FIREWIRE_SBP2=m > -# CONFIG_FIREWIRE_NET is not set > +# CONFIG_FIREWIRE is not set > # CONFIG_FIREWIRE_NOSY is not set > CONFIG_MACINTOSH_DRIVERS=y > # CONFIG_MAC_EMUMOUSEBTN is not set > @@ -4119,12 +4116,6 @@ CONFIG_DVB_PLATFORM_DRIVERS=y > # Supported MMC/SDIO adapters > # > # CONFIG_SMS_SDIO_DRV is not set > - > -# > -# Supported FireWire (IEEE 1394) Adapters > -# > -CONFIG_DVB_FIREDTV=m > -CONFIG_DVB_FIREDTV_INPUT=y > CONFIG_MEDIA_COMMON_OPTIONS=y > > # > @@ -4880,17 +4871,6 @@ CONFIG_SND_USB_POD=m > CONFIG_SND_USB_PODHD=m > CONFIG_SND_USB_TONEPORT=m > CONFIG_SND_USB_VARIAX=m > -CONFIG_SND_FIREWIRE=y > -CONFIG_SND_FIREWIRE_LIB=m > -CONFIG_SND_DICE=m > -CONFIG_SND_OXFW=m > -# CONFIG_SND_ISIGHT is not set > -CONFIG_SND_FIREWORKS=m > -CONFIG_SND_BEBOB=m > -CONFIG_SND_FIREWIRE_DIGI00X=m > -CONFIG_SND_FIREWIRE_TASCAM=m > -# CONFIG_SND_FIREWIRE_MOTU is not set > -# CONFIG_SND_FIREFACE is not set > CONFIG_SND_PCMCIA=y > # CONFIG_SND_VXPOCKET is not set > # CONFIG_SND_PDAUDIOCF is not set > @@ -5608,7 +5588,6 @@ CONFIG_FB_SM750=m > # Android > # > CONFIG_LTE_GDM724X=m > -# CONFIG_FIREWIRE_SERIAL is not set > # CONFIG_LNET is not set > # CONFIG_DGNC is not set > # CONFIG_GS_FPGABOOT is not set > diff --git a/config/kernel/kernel.config.x86_64-ipfire > b/config/kernel/kernel.config.x86_64-ipfire > index f6953482f..0e56a0a69 100644 > --- a/config/kernel/kernel.config.x86_64-ipfire > +++ b/config/kernel/kernel.config.x86_64-ipfire > @@ -2085,10 +2085,7 @@ CONFIG_FUSION_LOGGING=y > # > # IEEE 1394 (FireWire) support > # > -CONFIG_FIREWIRE=m > -CONFIG_FIREWIRE_OHCI=m > -CONFIG_FIREWIRE_SBP2=m > -# CONFIG_FIREWIRE_NET is not set > +# CONFIG_FIREWIRE is not set > # CONFIG_FIREWIRE_NOSY is not set > CONFIG_MACINTOSH_DRIVERS=y > # CONFIG_MAC_EMUMOUSEBTN is not set > @@ -4012,12 +4009,6 @@ CONFIG_VIDEO_SH_VEU=m > # Supported MMC/SDIO adapters > # > # CONFIG_SMS_SDIO_DRV is not set > - > -# > -# Supported FireWire (IEEE 1394) Adapters > -# > -CONFIG_DVB_FIREDTV=m > -CONFIG_DVB_FIREDTV_INPUT=y > CONFIG_MEDIA_COMMON_OPTIONS=y > > # > @@ -4719,17 +4710,6 @@ CONFIG_SND_USB_POD=m > CONFIG_SND_USB_PODHD=m > CONFIG_SND_USB_TONEPORT=m > CONFIG_SND_USB_VARIAX=m > -CONFIG_SND_FIREWIRE=y > -CONFIG_SND_FIREWIRE_LIB=m > -# CONFIG_SND_DICE is not set > -CONFIG_SND_OXFW=m > -# CONFIG_SND_ISIGHT is not set > -CONFIG_SND_FIREWORKS=m > -CONFIG_SND_BEBOB=m > -CONFIG_SND_FIREWIRE_DIGI00X=m > -CONFIG_SND_FIREWIRE_TASCAM=m > -# CONFIG_SND_FIREWIRE_MOTU is not set > -# CONFIG_SND_FIREFACE is not set > CONFIG_SND_PCMCIA=y > # CONFIG_SND_VXPOCKET is not set > # CONFIG_SND_PDAUDIOCF is not set > @@ -5472,7 +5452,6 @@ CONFIG_RTLWIFI_DEBUG_ST=y > # Android > # > CONFIG_LTE_GDM724X=m > -# CONFIG_FIREWIRE_SERIAL is not set > # CONFIG_LNET is not set > # CONFIG_DGNC is not set > # CONFIG_GS_FPGABOOT is not set --===============9133559877831860188==--