WIP: Add USB Keyboards protection tab

Closed Ludovico de Nittis requested to merge denittis/gnome-control-center:usbv6_udev into master

This is related to Mutter MR mutter!550 (closed) and to gsettings-desktop-schemas MR gsettings-desktop-schemas!22 (closed) .


A USB device with the keyboard HID class is not only a canonical physical keyboard, it can also be a gaming mouse, a yubikey or even a malicious device that pretends to be a keyboard. So what's the problem? The most famous USB attack is the so called BadUSB, where a pen drive advertise itself also as a keyboard, and once plugged in, it is capable of opening a terminal (e.g. ctrl+alt+t) and very quickly issue some malicious commands. The problem here is that we can't reliably know if a keyboard is legitimate or if it is an attacker device.

Proposed solution

We want to limit keyboards capabilities by default, preventing them to issue dangerous keys (like function keys, ctrl and alt) unless manually authorized by the user. For example a yubikey will never require to use the function keys, so a user will be able to use it even without granting it full privileges.

This is an attempt to considerably decrease the attack surface of USB devices.

This MR can be considered the second part/complementary of this one !366 (merged) . Here we are trying to add more granularity. Instead of just a binary allowed/disallowed now it is possible to authorize and use a keyboard while still keeping it under restriction.


The new page is called "USB" and not "Keyboard" because we thought that in this way it would have been easier to expand it later on. For example adding also a protection for USB network cards or a more generic ability to permit single USB interfaces on devices basis.

When a device is not authorized we drop the dangerous keystrokes in mutter, and this requires a wayland session. Because of this we do not show this new tab if the user is using an X11 session.

Edited by Robert Ancell

Merge request reports