Mark Kettenis <[email protected]> wrote: > > From: "Theo de Raadt" <[email protected]> > > Date: Thu, 17 Feb 2022 09:23:14 -0700 > > > > I am terrified by existance of the userland gpio interface, basically > > the concept that users should be able to change some pin is more than > > suspect, it is crazy. It completely violates the Unix principle of > > mapping hardware support to narrow device catagories on a functional > > basis, which only the right user can use. > > > > The pins a user will change are usually undocumented. They could be > > wired to a bomb. > > > > If these drivers only exposed pins which had *known function*, or which > > are known to be otherwise unused (a pin on a header), that would be fine. > > But that's not how it plays out usually. > > So on these arm/arm64/riscv64 SoCs the situation is a bit different. > The pins are documented, we have a description of their function (the > device tree) and for many boards we even have board schematics. And > many boards are designed for users to play with these GPIOs.
Are they documented in terms of this pin should be exposed for user control vs this pin is system-features only Well, yes and no. > And the > pins still need to be configured at securelevel 0 before they actually > can be used from userland. There was a lot of tooth gnashing when we did that, mostly by people who don't deserve the security-layers of Unix..
