Disable USB for security reasons

security

#1

In the doumentation at https://www.balena.io/fin/docs/developers/ I saw we can disable HDMI for power saving purposes.
We would like to disable both that and USB for security reasons (i.e. prevent people from using a dashboard for logging in locally, plug in rogue devices etc.).

  • Is this possible (without disabling other hardware, such as network/wifi interfaces)?
  • Can enumeration of devices be prevented?
  • Any difference wrt using Raspbian vs BalenaOS?

Love the device, BTW, thanks for all the effort!


#6

Me too, I’am interested in it.
Don’t know if PPPS would be a solution for you. That is using something like https://github.com/mvp/uhubctl to disable power USB ports. Don’t even know if PPPS would work on the balenaFin.


#7

We ended up abusing the 3D case design that Balena published :slight_smile:
We bought a case, printed out a new middle layer with the USB and HDMI ports closed off and that worked just fine for our use case!


#8

… which doesn’t mean we’re not still interested in a software solution as well, of course!


#9

Hi there,

PPPS is supported by the Fin and I can confirm that uhubctl works (at least with the CM3L). Of course the old-fashioned way of removing physical access always helps :wink:

Cheers,
Nico