Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable VIA protocol's EEPROM reset and bootloader jump commands #11892

Merged
merged 2 commits into from
Feb 14, 2021
Merged

Disable VIA protocol's EEPROM reset and bootloader jump commands #11892

merged 2 commits into from
Feb 14, 2021

Conversation

tzarc
Copy link
Member

@tzarc tzarc commented Feb 13, 2021

Description

Entry to bootloader through the rawhid endpoint is a potential attack vector. This PR disables those commands by default, turning them into no-ops, but allows reinstating them through the use of #define VIA_YES_I_UNDERSTAND_THIS_IS_AN_ATTACK_VECTOR.

Types of Changes

  • Core
  • Bugfix
  • New feature
  • Enhancement/optimization
  • Keyboard (addition or update)
  • Keymap/layout/userspace (addition or update)
  • Documentation

Checklist

  • My code follows the code style of this project: C, Python
  • I have read the PR Checklist document and have made the appropriate changes.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • I have tested the changes and verified that they work and don't break anything (as well as I can manage).

@tzarc tzarc requested a review from a team February 13, 2021 23:50
@github-actions github-actions bot added the core label Feb 13, 2021
wilba
wilba reviewed Feb 14, 2021
View reviewed changes
quantum/via.c Outdated Show resolved Hide resolved
@tzarc tzarc merged commit 1019901 into qmk:master Feb 14, 2021
@tzarc tzarc deleted the via-attack-vector-mitigation branch February 14, 2021 00:22
@wilba wilba mentioned this pull request Jun 19, 2021
Merged
10 tasks
@tzarc tzarc mentioned this pull request Aug 30, 2021
Closed
14 tasks
@tzarc tzarc mentioned this pull request Nov 19, 2021
Closed
14 tasks
BorisTestov pushed a commit to BorisTestov/qmk_firmware that referenced this pull request May 23, 2024
@tzarc
Disable VIA protocol's EEPROM reset and bootloader jump commands (qmk…
439bb49 
…#11892)

* Disable VIA protocol's EEPROM reset and bootloader jump commands, and allow for reinstation through #define.

* Removed at Wilba's suggestion.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wilba wilba wilba left review comments

@zvecr zvecr zvecr approved these changes

Assignees
No one assigned
Labels
core
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tzarc @wilba @zvecr