> From: "Theo de Raadt" <[email protected]> > Date: Thu, 17 Feb 2022 09:23:14 -0700 > > I am terrified by existance of the userland gpio interface, basically > the concept that users should be able to change some pin is more than > suspect, it is crazy. It completely violates the Unix principle of > mapping hardware support to narrow device catagories on a functional > basis, which only the right user can use. > > The pins a user will change are usually undocumented. They could be > wired to a bomb. > > If these drivers only exposed pins which had *known function*, or which > are known to be otherwise unused (a pin on a header), that would be fine. > But that's not how it plays out usually.
So on these arm/arm64/riscv64 SoCs the situation is a bit different. The pins are documented, we have a description of their function (the device tree) and for many boards we even have board schematics. And many boards are designed for users to play with these GPIOs. And the pins still need to be configured at securelevel 0 before they actually can be used from userland. So I think with the changes in place that I asked visa@ to make, we strike a reasonable balance between safety and usability of this board.
