kernel: drop FireWire (IEEE 1394) support
Commit Message
Similar to Thunderbolt, supporting FireWire is dangerous as it allows
Direct Memory Attacks, which are known to be actively used by more
sophisticated attackers (https://wikileaks[.]org/spyfiles/files/0/293_GAMMA-201110-FinFireWire.pdf).
Since network hardware using FireWire is diminishing, and there is no
other legitimate reason to use FireWire on an IPFire machine, dropping
support for it looks reasonable to me.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
config/kernel/kernel.config.aarch64-ipfire | 12 +---------
.../kernel.config.armv5tel-ipfire-multi | 12 +---------
config/kernel/kernel.config.i586-ipfire | 23 +------------------
config/kernel/kernel.config.x86_64-ipfire | 23 +------------------
4 files changed, 4 insertions(+), 66 deletions(-)
Comments
Good morning Peter,
since firewire hardware is basically non-existant for many many years I
do not think that this patch drastically improved the security of the
system.
If an attacker has physical access to the system, other attacks are
possible, too, and firewire is not a necessity.
However, there is no reason left to actually compile this. It wastes
more build power than it is useful.
So I can ack this:
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
I suppose that again you didn't build this because there are no roofile
changes?!
Best,
-Michael
On Sat, 2020-07-25 at 19:46 +0000, Peter Müller wrote:
> Similar to Thunderbolt, supporting FireWire is dangerous as it allows
> Direct Memory Attacks, which are known to be actively used by more
> sophisticated attackers (
> https://wikileaks[.]org/spyfiles/files/0/293_GAMMA-201110-FinFireWire.pdf
> ).
>
> Since network hardware using FireWire is diminishing, and there is no
> other legitimate reason to use FireWire on an IPFire machine,
> dropping
> support for it looks reasonable to me.
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> config/kernel/kernel.config.aarch64-ipfire | 12 +---------
> .../kernel.config.armv5tel-ipfire-multi | 12 +---------
> config/kernel/kernel.config.i586-ipfire | 23 +--------------
> ----
> config/kernel/kernel.config.x86_64-ipfire | 23 +--------------
> ----
> 4 files changed, 4 insertions(+), 66 deletions(-)
>
> diff --git a/config/kernel/kernel.config.aarch64-ipfire
> b/config/kernel/kernel.config.aarch64-ipfire
> index c616cbb85..03dc67c06 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -1936,10 +1936,7 @@ CONFIG_DM_SWITCH=m
> #
> # IEEE 1394 (FireWire) support
> #
> -CONFIG_FIREWIRE=m
> -CONFIG_FIREWIRE_OHCI=m
> -CONFIG_FIREWIRE_SBP2=m
> -# CONFIG_FIREWIRE_NET is not set
> +# CONFIG_FIREWIRE is not set
> # CONFIG_FIREWIRE_NOSY is not set
> CONFIG_NETDEVICES=y
> CONFIG_MII=m
> @@ -3899,11 +3896,6 @@ CONFIG_VIDEO_SH_VEU=m
> # Supported MMC/SDIO adapters
> #
> # CONFIG_SMS_SDIO_DRV is not set
> -
> -#
> -# Supported FireWire (IEEE 1394) Adapters
> -#
> -# CONFIG_DVB_FIREDTV is not set
> CONFIG_MEDIA_COMMON_OPTIONS=y
>
> #
> @@ -4550,7 +4542,6 @@ CONFIG_SND_BCD2000=m
> # CONFIG_SND_USB_PODHD is not set
> # CONFIG_SND_USB_TONEPORT is not set
> # CONFIG_SND_USB_VARIAX is not set
> -# CONFIG_SND_FIREWIRE is not set
> CONFIG_SND_SOC=m
> CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
> # CONFIG_SND_SOC_AMD_ACP is not set
> @@ -5471,7 +5462,6 @@ CONFIG_STAGING=y
> #
> # CONFIG_STAGING_BOARD is not set
> CONFIG_LTE_GDM724X=m
> -# CONFIG_FIREWIRE_SERIAL is not set
> # CONFIG_LNET is not set
> # CONFIG_DGNC is not set
> # CONFIG_GS_FPGABOOT is not set
> diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi
> b/config/kernel/kernel.config.armv5tel-ipfire-multi
> index 5280a6a62..fb667f367 100644
> --- a/config/kernel/kernel.config.armv5tel-ipfire-multi
> +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi
> @@ -2206,10 +2206,7 @@ CONFIG_DM_SWITCH=m
> #
> # IEEE 1394 (FireWire) support
> #
> -CONFIG_FIREWIRE=m
> -CONFIG_FIREWIRE_OHCI=m
> -CONFIG_FIREWIRE_SBP2=m
> -# CONFIG_FIREWIRE_NET is not set
> +# CONFIG_FIREWIRE is not set
> # CONFIG_FIREWIRE_NOSY is not set
> CONFIG_NETDEVICES=y
> CONFIG_MII=m
> @@ -4260,11 +4257,6 @@ CONFIG_VIDEO_TI_CSC=m
> # Supported MMC/SDIO adapters
> #
> # CONFIG_SMS_SDIO_DRV is not set
> -
> -#
> -# Supported FireWire (IEEE 1394) Adapters
> -#
> -# CONFIG_DVB_FIREDTV is not set
> CONFIG_MEDIA_COMMON_OPTIONS=y
>
> #
> @@ -4966,7 +4958,6 @@ CONFIG_SND_BCD2000=m
> # CONFIG_SND_USB_PODHD is not set
> # CONFIG_SND_USB_TONEPORT is not set
> # CONFIG_SND_USB_VARIAX is not set
> -# CONFIG_SND_FIREWIRE is not set
> CONFIG_SND_SOC=m
> CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
> # CONFIG_SND_SOC_AMD_ACP is not set
> @@ -5946,7 +5937,6 @@ CONFIG_STAGING=y
> #
> # CONFIG_STAGING_BOARD is not set
> CONFIG_LTE_GDM724X=m
> -# CONFIG_FIREWIRE_SERIAL is not set
> # CONFIG_LNET is not set
> # CONFIG_DGNC is not set
> # CONFIG_GS_FPGABOOT is not set
> diff --git a/config/kernel/kernel.config.i586-ipfire
> b/config/kernel/kernel.config.i586-ipfire
> index 3e31119f6..7235b70f2 100644
> --- a/config/kernel/kernel.config.i586-ipfire
> +++ b/config/kernel/kernel.config.i586-ipfire
> @@ -2107,10 +2107,7 @@ CONFIG_FUSION_LOGGING=y
> #
> # IEEE 1394 (FireWire) support
> #
> -CONFIG_FIREWIRE=m
> -CONFIG_FIREWIRE_OHCI=m
> -CONFIG_FIREWIRE_SBP2=m
> -# CONFIG_FIREWIRE_NET is not set
> +# CONFIG_FIREWIRE is not set
> # CONFIG_FIREWIRE_NOSY is not set
> CONFIG_MACINTOSH_DRIVERS=y
> # CONFIG_MAC_EMUMOUSEBTN is not set
> @@ -4119,12 +4116,6 @@ CONFIG_DVB_PLATFORM_DRIVERS=y
> # Supported MMC/SDIO adapters
> #
> # CONFIG_SMS_SDIO_DRV is not set
> -
> -#
> -# Supported FireWire (IEEE 1394) Adapters
> -#
> -CONFIG_DVB_FIREDTV=m
> -CONFIG_DVB_FIREDTV_INPUT=y
> CONFIG_MEDIA_COMMON_OPTIONS=y
>
> #
> @@ -4880,17 +4871,6 @@ CONFIG_SND_USB_POD=m
> CONFIG_SND_USB_PODHD=m
> CONFIG_SND_USB_TONEPORT=m
> CONFIG_SND_USB_VARIAX=m
> -CONFIG_SND_FIREWIRE=y
> -CONFIG_SND_FIREWIRE_LIB=m
> -CONFIG_SND_DICE=m
> -CONFIG_SND_OXFW=m
> -# CONFIG_SND_ISIGHT is not set
> -CONFIG_SND_FIREWORKS=m
> -CONFIG_SND_BEBOB=m
> -CONFIG_SND_FIREWIRE_DIGI00X=m
> -CONFIG_SND_FIREWIRE_TASCAM=m
> -# CONFIG_SND_FIREWIRE_MOTU is not set
> -# CONFIG_SND_FIREFACE is not set
> CONFIG_SND_PCMCIA=y
> # CONFIG_SND_VXPOCKET is not set
> # CONFIG_SND_PDAUDIOCF is not set
> @@ -5608,7 +5588,6 @@ CONFIG_FB_SM750=m
> # Android
> #
> CONFIG_LTE_GDM724X=m
> -# CONFIG_FIREWIRE_SERIAL is not set
> # CONFIG_LNET is not set
> # CONFIG_DGNC is not set
> # CONFIG_GS_FPGABOOT is not set
> diff --git a/config/kernel/kernel.config.x86_64-ipfire
> b/config/kernel/kernel.config.x86_64-ipfire
> index f6953482f..0e56a0a69 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -2085,10 +2085,7 @@ CONFIG_FUSION_LOGGING=y
> #
> # IEEE 1394 (FireWire) support
> #
> -CONFIG_FIREWIRE=m
> -CONFIG_FIREWIRE_OHCI=m
> -CONFIG_FIREWIRE_SBP2=m
> -# CONFIG_FIREWIRE_NET is not set
> +# CONFIG_FIREWIRE is not set
> # CONFIG_FIREWIRE_NOSY is not set
> CONFIG_MACINTOSH_DRIVERS=y
> # CONFIG_MAC_EMUMOUSEBTN is not set
> @@ -4012,12 +4009,6 @@ CONFIG_VIDEO_SH_VEU=m
> # Supported MMC/SDIO adapters
> #
> # CONFIG_SMS_SDIO_DRV is not set
> -
> -#
> -# Supported FireWire (IEEE 1394) Adapters
> -#
> -CONFIG_DVB_FIREDTV=m
> -CONFIG_DVB_FIREDTV_INPUT=y
> CONFIG_MEDIA_COMMON_OPTIONS=y
>
> #
> @@ -4719,17 +4710,6 @@ CONFIG_SND_USB_POD=m
> CONFIG_SND_USB_PODHD=m
> CONFIG_SND_USB_TONEPORT=m
> CONFIG_SND_USB_VARIAX=m
> -CONFIG_SND_FIREWIRE=y
> -CONFIG_SND_FIREWIRE_LIB=m
> -# CONFIG_SND_DICE is not set
> -CONFIG_SND_OXFW=m
> -# CONFIG_SND_ISIGHT is not set
> -CONFIG_SND_FIREWORKS=m
> -CONFIG_SND_BEBOB=m
> -CONFIG_SND_FIREWIRE_DIGI00X=m
> -CONFIG_SND_FIREWIRE_TASCAM=m
> -# CONFIG_SND_FIREWIRE_MOTU is not set
> -# CONFIG_SND_FIREFACE is not set
> CONFIG_SND_PCMCIA=y
> # CONFIG_SND_VXPOCKET is not set
> # CONFIG_SND_PDAUDIOCF is not set
> @@ -5472,7 +5452,6 @@ CONFIG_RTLWIFI_DEBUG_ST=y
> # Android
> #
> CONFIG_LTE_GDM724X=m
> -# CONFIG_FIREWIRE_SERIAL is not set
> # CONFIG_LNET is not set
> # CONFIG_DGNC is not set
> # CONFIG_GS_FPGABOOT is not set
@@ -1936,10 +1936,7 @@ CONFIG_DM_SWITCH=m
#
# IEEE 1394 (FireWire) support
#
-CONFIG_FIREWIRE=m
-CONFIG_FIREWIRE_OHCI=m
-CONFIG_FIREWIRE_SBP2=m
-# CONFIG_FIREWIRE_NET is not set
+# CONFIG_FIREWIRE is not set
# CONFIG_FIREWIRE_NOSY is not set
CONFIG_NETDEVICES=y
CONFIG_MII=m
@@ -3899,11 +3896,6 @@ CONFIG_VIDEO_SH_VEU=m
# Supported MMC/SDIO adapters
#
# CONFIG_SMS_SDIO_DRV is not set
-
-#
-# Supported FireWire (IEEE 1394) Adapters
-#
-# CONFIG_DVB_FIREDTV is not set
CONFIG_MEDIA_COMMON_OPTIONS=y
#
@@ -4550,7 +4542,6 @@ CONFIG_SND_BCD2000=m
# CONFIG_SND_USB_PODHD is not set
# CONFIG_SND_USB_TONEPORT is not set
# CONFIG_SND_USB_VARIAX is not set
-# CONFIG_SND_FIREWIRE is not set
CONFIG_SND_SOC=m
CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
# CONFIG_SND_SOC_AMD_ACP is not set
@@ -5471,7 +5462,6 @@ CONFIG_STAGING=y
#
# CONFIG_STAGING_BOARD is not set
CONFIG_LTE_GDM724X=m
-# CONFIG_FIREWIRE_SERIAL is not set
# CONFIG_LNET is not set
# CONFIG_DGNC is not set
# CONFIG_GS_FPGABOOT is not set
@@ -2206,10 +2206,7 @@ CONFIG_DM_SWITCH=m
#
# IEEE 1394 (FireWire) support
#
-CONFIG_FIREWIRE=m
-CONFIG_FIREWIRE_OHCI=m
-CONFIG_FIREWIRE_SBP2=m
-# CONFIG_FIREWIRE_NET is not set
+# CONFIG_FIREWIRE is not set
# CONFIG_FIREWIRE_NOSY is not set
CONFIG_NETDEVICES=y
CONFIG_MII=m
@@ -4260,11 +4257,6 @@ CONFIG_VIDEO_TI_CSC=m
# Supported MMC/SDIO adapters
#
# CONFIG_SMS_SDIO_DRV is not set
-
-#
-# Supported FireWire (IEEE 1394) Adapters
-#
-# CONFIG_DVB_FIREDTV is not set
CONFIG_MEDIA_COMMON_OPTIONS=y
#
@@ -4966,7 +4958,6 @@ CONFIG_SND_BCD2000=m
# CONFIG_SND_USB_PODHD is not set
# CONFIG_SND_USB_TONEPORT is not set
# CONFIG_SND_USB_VARIAX is not set
-# CONFIG_SND_FIREWIRE is not set
CONFIG_SND_SOC=m
CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
# CONFIG_SND_SOC_AMD_ACP is not set
@@ -5946,7 +5937,6 @@ CONFIG_STAGING=y
#
# CONFIG_STAGING_BOARD is not set
CONFIG_LTE_GDM724X=m
-# CONFIG_FIREWIRE_SERIAL is not set
# CONFIG_LNET is not set
# CONFIG_DGNC is not set
# CONFIG_GS_FPGABOOT is not set
@@ -2107,10 +2107,7 @@ CONFIG_FUSION_LOGGING=y
#
# IEEE 1394 (FireWire) support
#
-CONFIG_FIREWIRE=m
-CONFIG_FIREWIRE_OHCI=m
-CONFIG_FIREWIRE_SBP2=m
-# CONFIG_FIREWIRE_NET is not set
+# CONFIG_FIREWIRE is not set
# CONFIG_FIREWIRE_NOSY is not set
CONFIG_MACINTOSH_DRIVERS=y
# CONFIG_MAC_EMUMOUSEBTN is not set
@@ -4119,12 +4116,6 @@ CONFIG_DVB_PLATFORM_DRIVERS=y
# Supported MMC/SDIO adapters
#
# CONFIG_SMS_SDIO_DRV is not set
-
-#
-# Supported FireWire (IEEE 1394) Adapters
-#
-CONFIG_DVB_FIREDTV=m
-CONFIG_DVB_FIREDTV_INPUT=y
CONFIG_MEDIA_COMMON_OPTIONS=y
#
@@ -4880,17 +4871,6 @@ CONFIG_SND_USB_POD=m
CONFIG_SND_USB_PODHD=m
CONFIG_SND_USB_TONEPORT=m
CONFIG_SND_USB_VARIAX=m
-CONFIG_SND_FIREWIRE=y
-CONFIG_SND_FIREWIRE_LIB=m
-CONFIG_SND_DICE=m
-CONFIG_SND_OXFW=m
-# CONFIG_SND_ISIGHT is not set
-CONFIG_SND_FIREWORKS=m
-CONFIG_SND_BEBOB=m
-CONFIG_SND_FIREWIRE_DIGI00X=m
-CONFIG_SND_FIREWIRE_TASCAM=m
-# CONFIG_SND_FIREWIRE_MOTU is not set
-# CONFIG_SND_FIREFACE is not set
CONFIG_SND_PCMCIA=y
# CONFIG_SND_VXPOCKET is not set
# CONFIG_SND_PDAUDIOCF is not set
@@ -5608,7 +5588,6 @@ CONFIG_FB_SM750=m
# Android
#
CONFIG_LTE_GDM724X=m
-# CONFIG_FIREWIRE_SERIAL is not set
# CONFIG_LNET is not set
# CONFIG_DGNC is not set
# CONFIG_GS_FPGABOOT is not set
@@ -2085,10 +2085,7 @@ CONFIG_FUSION_LOGGING=y
#
# IEEE 1394 (FireWire) support
#
-CONFIG_FIREWIRE=m
-CONFIG_FIREWIRE_OHCI=m
-CONFIG_FIREWIRE_SBP2=m
-# CONFIG_FIREWIRE_NET is not set
+# CONFIG_FIREWIRE is not set
# CONFIG_FIREWIRE_NOSY is not set
CONFIG_MACINTOSH_DRIVERS=y
# CONFIG_MAC_EMUMOUSEBTN is not set
@@ -4012,12 +4009,6 @@ CONFIG_VIDEO_SH_VEU=m
# Supported MMC/SDIO adapters
#
# CONFIG_SMS_SDIO_DRV is not set
-
-#
-# Supported FireWire (IEEE 1394) Adapters
-#
-CONFIG_DVB_FIREDTV=m
-CONFIG_DVB_FIREDTV_INPUT=y
CONFIG_MEDIA_COMMON_OPTIONS=y
#
@@ -4719,17 +4710,6 @@ CONFIG_SND_USB_POD=m
CONFIG_SND_USB_PODHD=m
CONFIG_SND_USB_TONEPORT=m
CONFIG_SND_USB_VARIAX=m
-CONFIG_SND_FIREWIRE=y
-CONFIG_SND_FIREWIRE_LIB=m
-# CONFIG_SND_DICE is not set
-CONFIG_SND_OXFW=m
-# CONFIG_SND_ISIGHT is not set
-CONFIG_SND_FIREWORKS=m
-CONFIG_SND_BEBOB=m
-CONFIG_SND_FIREWIRE_DIGI00X=m
-CONFIG_SND_FIREWIRE_TASCAM=m
-# CONFIG_SND_FIREWIRE_MOTU is not set
-# CONFIG_SND_FIREFACE is not set
CONFIG_SND_PCMCIA=y
# CONFIG_SND_VXPOCKET is not set
# CONFIG_SND_PDAUDIOCF is not set
@@ -5472,7 +5452,6 @@ CONFIG_RTLWIFI_DEBUG_ST=y
# Android
#
CONFIG_LTE_GDM724X=m
-# CONFIG_FIREWIRE_SERIAL is not set
# CONFIG_LNET is not set
# CONFIG_DGNC is not set
# CONFIG_GS_FPGABOOT is not set