In the doumentation at https://www.balena.io/fin/docs/developers/ I saw we can disable HDMI for power saving purposes.
We would like to disable both that and USB for security reasons (i.e. prevent people from using a dashboard for logging in locally, plug in rogue devices etc.).
Is this possible (without disabling other hardware, such as network/wifi interfaces)?
Me too, I’am interested in it.
Don’t know if PPPS would be a solution for you. That is using something like https://github.com/mvp/uhubctl to disable power USB ports. Don’t even know if PPPS would work on the balenaFin.
We ended up abusing the 3D case design that Balena published
We bought a case, printed out a new middle layer with the USB and HDMI ports closed off and that worked just fine for our use case!
PPPS is supported by the Fin and I can confirm that uhubctl works (at least with the CM3L). Of course the old-fashioned way of removing physical access always helps
Here’s a simple Dockerfile that will install uhubctl -
FROM balenalib/raspberrypi3-debian-python:3.8.2
ENV UDEV=on
WORKDIR /usr/src/app
RUN install_packages uhubctl
COPY *.sh ./
CMD ["./start.sh"]
I ran the commands in my start.sh over a shell to show them with the output -
root@01d925a:/usr/src/app# uhubctl
Current status for hub 1-1 [0424:9514, USB 2.00, 5 ports]
Port 1: 0503 power highspeed enable connect [0424:ec00]
Port 2: 0100 power
Port 3: 0100 power
Port 4: 0103 power enable connect [0a12:0001]
Port 5: 0503 power highspeed enable connect [0781:5567]
root@01d925a:/usr/src/app# uhubctl -p 1 -a 0
Current status for hub 1-1 [0424:9514, USB 2.00, 5 ports]
Port 1: 0503 power highspeed enable connect [0424:ec00]
Sent power off request
New status for hub 1-1 [0424:9514, USB 2.00, 5 ports]
Port 1: 0000 off
root@01d925a:/usr/src/app# uhubctl
Current status for hub 1-1 [0424:9514, USB 2.00, 5 ports]
Port 1: 0000 off
Port 2: 0100 power
Port 3: 0100 power
Port 4: 0103 power enable connect [0a12:0001]
Port 5: 0503 power highspeed enable connect [0781:5567]
root@01d925a:/usr/src/app#
