2

I spent a lot of time to realise that and to found a solution to my issue but I have not found anything. I wish to disable any input on my raspberry-pi such as keyboard and mouse usb input. So, I have no idea to do that. Could you give me some suggestions? My project is to realise a digital-signage with raspbian, openbox and chromium in kiosk mode Thanks.

bit
  • 203
  • 1
  • 3
  • 6

2 Answers2

1

You can't turn the USB ports on and off, but you could build a kernel with the USB HCD (host controller) support in an external module, and disable the whole USB subsystem by rmmoding that. This is not possible with the pre-compiled raspbian kernel.

However, I can't say for sure if that will remain effective when someone plugs a device (out and) in (again), however. Probably, but it may also cause the kernel to re-load the HCD module. You could use the same tactic with the USB HID (human interface device) driver, but I sure that will be re-loaded by re-plugging a HID device.

If all you want to do is prevent input during an X session, have a look here. In this case, I don't know if re-plugging will work, so if that is a concern test.

goldilocks
  • 58,859
  • 17
  • 112
  • 227
1

As the StackOverflow question is on hold and may go away. Lets summarize what we have.

  • You want to prevent use of USB-HID devices
  • This will be a box put out in public places

Suggestions

  • Put it in a box, with just wires coming out. (A raspi case is not a box) If it needs to be end-user installable you should consider putting holes in the box where you extend the Power, Ethernet and HDMI connectors to make them available without needing to open the box.
  • You should decide what problem you are solving, the casual walk-by smut redirect of a bored teenager or the motivated malicious hacker. The hacker won't hesitate to change your boot media either if he wants to deface the system.

If your goal is to prevent straight up duplication of your devices, well that is quite a challenge. Especially since you do not seem to be doing anything special client side (if I understood right from your other questions on StackOverflow).

I do not think you can prevent such a thing only delay it as it could be considered a form of DRM where you need to hand over the keys as well. Disabling USB would do little I think. I could simply.

  • Clone the SD-Card
  • Explore the SD-Card from the comfort of my own computer

Now I would consider is it the Device or the Server which is important, do I want to prevent devices from being duplicated, or do I want the Server to only talk to authentic devices. I am currently developing some speciality hardware based on a RPi so I am also forced to consider the possibility for duplication, I have not decided how to approach this, or if I am to approach it at all. But I am willing to share my findings.

r_ahlskog
  • 111
  • 4
  • 1
    thank you for your suggestions. My intention is t prevent the attack of an hacker who wants duplicates my r-pi. For this reason I had thought of encrypt SD data, to protect raspberry root with a password and to disable all mous/keyboard input – bit Jan 30 '14 at 22:30
  • 1
    Ok, that is a tough one. :) Even what you do, someone who wants to steal your efforts to make their own product, will expend quite a bit of effort at breaking your security. But I find your question interesting. – r_ahlskog Jan 31 '14 at 07:26
  • @bit I am looking for something similar. Can you propose something? – Inderpal Singh Apr 22 '15 at 05:44
  • You would have to store the key somewhere! Do you plan to have a human type it every time the device reboots?

    There exists a lot of technology for secure booting and so on, but you won't find it on a $39 platform. At the very least, you need a machine with a TPM; the cheapest I can think of is the Intel NUC, starting at around $150-$200. The good news is that most NUC models are designed with kiosk applications in mind, and of course they run Linux.

     – JayEye May 11 '16 at 01:58