I'm trying to (reversibly) disable USB HID support on a Raspbian Jessie install, kernel version 4.4.16-v7+. We need to have the Raspberry Pi in a semi-public space and display stuff on a TV, and we'd like to make it at least somewhat hard to mess with it.
我正在尝试(可逆地)禁用对Raspbian Jessie安装的USB隐藏支持,内核版本4.16-v7+。我们需要把覆盆子派放在半公共空间里,并在电视上展示一些东西,我们希望至少让它变得有点难以处理。
So far I've managed to make the usbhid module removable from the kernel via rmmod. After rmmod'ing the module, tt seems, though, that each time I plug in a USB keyboard or mouse, the device driver gets loaded back into the Kernel.
到目前为止,我已经设法使usbhid模块通过rmmod从内核中移除。在对模块进行rmmod处理之后,每次我插入USB键盘或鼠标,设备驱动程序就会被重新加载到内核中。
Is there any way to prevent that?
有什么办法可以避免这种情况吗?
2 个解决方案
#1
2
udev is the best and easiest way doing that, add a new rule in e.g.: /etc/udev/rules.d/99-disable-usb-hid.rules:
udev是实现这一目标的最好和最简单的方法,在例如:/etc/udev/rules.d/99-disable-usb- hi. rules中添加一条新规则:
SUBSYSTEMS=="usb", DRIVERS=="usbhid", ACTION=="add", ATTR{authorized}="0"
and restart udev. I've just tested it in Debian Jessie ARM 4.4.16.
并重启udev。我刚刚在Debian Jessie arm4.16中测试过。
#2
1
I can think of two options:
我可以想到两个选择:
EASIER:
简单:
Blacklist the kernel module inside /etc/modprobe.d/blacklist.conf by adding:
将内核模块列入/etc/ modprobe.d/blacklist。设计通过添加:
blacklist usbhid
Make sure that you do this as root by using sudo or logging in as root, otherwise this file is read-only.
请确保使用sudo或登录作为根,以root身份执行此操作,否则此文件是只读的。
HARDER:
困难:
If you have the capacity to recompile the kernel that you are using then you could set CONFIG_USB_HID=n in the kernel configuration file to disable usbhid entirely.
如果您有能力重新编译您正在使用的内核,那么您可以在内核配置文件中设置CONFIG_USB_HID=n,从而完全禁用usbhid。
You could follow Raspberry Pi's kernel building steps, and once you have everything all set to build, you can modify the configuration file so that CONFIG_USB_HID=n. You could do this during a menuconfig or the way I usually do it, which is by editing the hidden .config file after running a make defconfig. See linux kernel in a nutshell for more information on configuring and building the linux kernel.
您可以遵循Raspberry Pi的内核构建步骤,一旦设置好所有要构建的东西,您就可以修改配置文件,使CONFIG_USB_HID=n。您可以在menuconfig或我通常使用的方式进行此操作,即在运行make defconfig之后编辑隐藏的.config文件。有关配置和构建linux内核的更多信息,请参阅linux内核。
Since Raspberry Pi is ARM, and I'm assuming your computer is x86, you will need to set up a cross-compiler toolchain. That information should be foud in the RasPi's kernel building steps as well.
因为Raspberry Pi是ARM,我假设你的电脑是x86,你需要建立一个交叉编译工具链。这些信息也应该包含在树莓的内核构建步骤中。
Then continue following RasPi's kernel building steps to get the kernel onto your Raspberry Pi. This should solve the problem of having usbhid showing up. It won't be baked into the kernel in the first place.
然后继续执行树莓的内核构建步骤,将内核添加到树莓派上。这应该可以解决usbhid出现的问题。首先它不会被烤进内核。
#1
2
udev is the best and easiest way doing that, add a new rule in e.g.: /etc/udev/rules.d/99-disable-usb-hid.rules:
udev是实现这一目标的最好和最简单的方法,在例如:/etc/udev/rules.d/99-disable-usb- hi. rules中添加一条新规则:
SUBSYSTEMS=="usb", DRIVERS=="usbhid", ACTION=="add", ATTR{authorized}="0"
and restart udev. I've just tested it in Debian Jessie ARM 4.4.16.
并重启udev。我刚刚在Debian Jessie arm4.16中测试过。
#2
1
I can think of two options:
我可以想到两个选择:
EASIER:
简单:
Blacklist the kernel module inside /etc/modprobe.d/blacklist.conf by adding:
将内核模块列入/etc/ modprobe.d/blacklist。设计通过添加:
blacklist usbhid
Make sure that you do this as root by using sudo or logging in as root, otherwise this file is read-only.
请确保使用sudo或登录作为根,以root身份执行此操作,否则此文件是只读的。
HARDER:
困难:
If you have the capacity to recompile the kernel that you are using then you could set CONFIG_USB_HID=n in the kernel configuration file to disable usbhid entirely.
如果您有能力重新编译您正在使用的内核,那么您可以在内核配置文件中设置CONFIG_USB_HID=n,从而完全禁用usbhid。
You could follow Raspberry Pi's kernel building steps, and once you have everything all set to build, you can modify the configuration file so that CONFIG_USB_HID=n. You could do this during a menuconfig or the way I usually do it, which is by editing the hidden .config file after running a make defconfig. See linux kernel in a nutshell for more information on configuring and building the linux kernel.
您可以遵循Raspberry Pi的内核构建步骤,一旦设置好所有要构建的东西,您就可以修改配置文件,使CONFIG_USB_HID=n。您可以在menuconfig或我通常使用的方式进行此操作,即在运行make defconfig之后编辑隐藏的.config文件。有关配置和构建linux内核的更多信息,请参阅linux内核。
Since Raspberry Pi is ARM, and I'm assuming your computer is x86, you will need to set up a cross-compiler toolchain. That information should be foud in the RasPi's kernel building steps as well.
因为Raspberry Pi是ARM,我假设你的电脑是x86,你需要建立一个交叉编译工具链。这些信息也应该包含在树莓的内核构建步骤中。
Then continue following RasPi's kernel building steps to get the kernel onto your Raspberry Pi. This should solve the problem of having usbhid showing up. It won't be baked into the kernel in the first place.
然后继续执行树莓的内核构建步骤,将内核添加到树莓派上。这应该可以解决usbhid出现的问题。首先它不会被烤进内核。