final [GrapheneOS] 📱👁️🗨️ on Nostr: For the curious user, here is the work done for the new USB port controls on ...
For the curious user, here is the work done for the new USB port controls on #GrapheneOS:
https://github.com/GrapheneOS/platform_frameworks_base/pull/485
This is a replacement for the former grsecurity-based deny_new_usb integration with screen lock integration included. That older feature only covered USB peripherals and it didn't cover USB alternate modes, gadgets or low-level USB attack surface from the USB-C implementation itself. Blocking of USB peripherals were on a high level and there were still some attack surface previously. We cover all of this now including turning off the data lines in hardware. You also have the option to deactivate the USB port entirely when in OS mode.
https://github.com/GrapheneOS/platform_frameworks_base/pull/485
This is a replacement for the former grsecurity-based deny_new_usb integration with screen lock integration included. That older feature only covered USB peripherals and it didn't cover USB alternate modes, gadgets or low-level USB attack surface from the USB-C implementation itself. Blocking of USB peripherals were on a high level and there were still some attack surface previously. We cover all of this now including turning off the data lines in hardware. You also have the option to deactivate the USB port entirely when in OS mode.