From nobody Wed Jun 12 19:13:41 2024
X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VzwF60VQKz5NHhB
	for <freebsd-arch@mlmmj.nyi.freebsd.org>; Wed, 12 Jun 2024 19:13:46 +0000 (UTC)
	(envelope-from bz@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VzwF574B1z55bF;
	Wed, 12 Jun 2024 19:13:45 +0000 (UTC)
	(envelope-from bz@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1718219626;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=BHvji4v49eC2leniHPoxDlJ1UasaT2uHvR0ccEzCkFM=;
	b=ZKpSSsaVCVTDtZPCc3577Mm4AjGL3LN0wf+khg2lpEvJj3EKuaC2KaErNn5cCFl1oR5SxM
	EOv8hkaiGPpHVezzNe9FFFHGXO9IIi5IXXInx17iVJxULXYb6EB77DHtF5w8JGmQZ/jgZz
	IRQJGavub/JI32o/sLW1UO2Ri5AHXODn1WUzAygRMYac68WO9vOd03x1TrEbaIIJRLJhev
	/XOhfUzFzr0p5PVTmkiKj1Tq7G0y0BYYg/aTNSrrq8I3hIT95STwT+Q2L7q9bEHz7r1s+B
	lXkjvbzDcA6UwwkMeDVDwaL9ZU5jPmaQ5kBE922Jev+NbKw5kbcthWch7ZIgKQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718219626; a=rsa-sha256; cv=none;
	b=VNtpLgKOAZIRbMUFywnHpCyUwxGKFmNLNKjYptbQOOVKD3AnvqBH4sYEJq5n376lPBuRMh
	I0hmrq4b2ul2g8jgVbXdrCtOEt7iNxVUbxhO0dSArBDskmOq3qXFs++CVWjYSFXo3qXhu1
	acQgFmpdb66kchfDZNEZdO+9HPmUPnY/fWCoz7ihZci8xAQnDP/L68qFNTl31MicG7fHn/
	o9GCIWo0ocua7D9W59CAoZ90jfCNg2gnqftvVeZ94QXd6VsBsRdtLma/kKPS2PzyOmjTdM
	5bMvQIulMVjBkRGAtLzTgzuiSRa9IBDGi/LBWVIRi0fLWglbdzlyQQ13J9lgnw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1718219626;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=BHvji4v49eC2leniHPoxDlJ1UasaT2uHvR0ccEzCkFM=;
	b=OjOPoCMDogWh2kloRjKbxUhEQ4zjOgRY3p1jRLT9cOcLkUWD5+u/kNYQ2FCgl7PlbWjxez
	vEoaMh7Rh7NKsZPdOkfob4J/tXfjZGBhhP2lY4vaDpvMuoCEawRPmvRs7ksuR8q97Z8g1o
	/StFf+BgEkzf9uebzQrsIAULK0K3mULmXt/Zz3HcmIPqhYtyTbqwcxxkBBE2Tfl5xDzV85
	Luke8/grCehLTYOC59+fnphUHSp6XNB5rk7NULxGfcwhvEN66fp7X/TKhSnPOuJP8nIXOl
	A2J99qG7ebSWsMvduy9SrStcJdpNSlptg1+69fCpD4/dHZJ/tT8e4ofNJSOe8A==
Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:13b:39f::9f:25])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mx1.sbone.de", Issuer "SBone.DE Root Certificate Authority" (not verified))
	(Authenticated sender: bz/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4VzwF55vxxz1H53;
	Wed, 12 Jun 2024 19:13:45 +0000 (UTC)
	(envelope-from bz@freebsd.org)
Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:1025])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.sbone.de (Postfix) with ESMTPS id 44B8B8D4A126;
	Wed, 12 Jun 2024 19:13:44 +0000 (UTC)
Received: from content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPS id 3D5622D029D8;
	Wed, 12 Jun 2024 19:13:43 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sbone.de
Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:4902:0:7404:2:1025])
	by content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (amavisd-new, port 10024)
	with ESMTP id a2KAOlKUxbct; Wed, 12 Jun 2024 19:13:42 +0000 (UTC)
Received: from strong-iwl0.sbone.de (strong-iwl0.sbone.de [IPv6:fde9:577b:c1a9:4902:b66b:fcff:fef3:e3d2])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPSA id 3BEFB2D029D2;
	Wed, 12 Jun 2024 19:13:42 +0000 (UTC)
Date: Wed, 12 Jun 2024 19:13:41 +0000 (UTC)
From: "Bjoern A. Zeeb" <bz@freebsd.org>
To: Warner Losh <imp@bsdimp.com>
cc: Roger Marquis <marquis@roble.com>, 
    "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>
Subject: Re: Kernel device for iwlwifi in 13.3?
In-Reply-To: <CANCZdfovXcutbLyBOVrj0bzxrbr8nqp9fuyusvV5Q2xUneLPjA@mail.gmail.com>
Message-ID: <s059298n-18rn-2p60-6159-5597pon119pn@serrofq.bet>
References: <s67598s7-pqo4-p840-1p33-61r57p401440@mx.roble.com> <F9175D79-3B6A-4E1F-BC10-FC347BB2B1DA@gmail.com> <09q5s28q-np09-73r0-9352-9p6333r830o9@mx.roble.com> <or23n70r-p5n0-8104-o89q-262p486qn284@SerrOFQ.bet> <74po168o-p064-p78q-qn7o-5209o5q53q60@mx.roble.com>
 <CANCZdfovXcutbLyBOVrj0bzxrbr8nqp9fuyusvV5Q2xUneLPjA@mail.gmail.com>
X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-arch
List-Help: <mailto:freebsd-arch+help@freebsd.org>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Subscribe: <mailto:freebsd-arch+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-arch+unsubscribe@freebsd.org>
Sender: owner-freebsd-arch@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="1098556516-1503615921-1718219622=:2327"

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1098556516-1503615921-1718219622=:2327
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8BIT

On Wed, 12 Jun 2024, Warner Losh wrote:

> On Wed, Jun 12, 2024, 11:47 AM Roger Marquis <marquis@roble.com> wrote:
>
>>>> Also wondering why there is no iwl* in /usr/src/sys/amd64/conf/* and
>>>> what, if anything,
>>>
>>> Because it is a non-essential driver to boot and so we only build it as
>>> a module which is a continuation of that people once started in order to
>>> get GENERIC size down.  The module will be loaded at run-time
>>> automatically (in a default setup) if such a card is found in the system
>>> and the driver will then automatically load its firmware (which will
>>> hopefully eventually also not be in base anymore).
>>
>> That's the threat vector I'd like to avoid i.e, someone plugging-in a
>> usb (or other) wifi device.  I suppose it's not necessarily different
>> than plugging-in an ethernet device but as a general rule all vectors
>> that can be avoided should be.  This, and kernel compilation in general,
>> is one of the areas FreeBSD has an advantage over other OS.  Not being
>> able to prevent these and other kernel modules is just unnecessary
>> risk.
>>
>
> You can list exactly the modules to build to control that threat. See
> MODULES_OVERRIDE=

or raise securelevel.

-- 
Bjoern A. Zeeb                                                     r15:7
--1098556516-1503615921-1718219622=:2327--