Offer USB keyboard support by default (and require optional enablement of USB Keyboard in configuration settings to enable and flash config change to persist across reboot and upgrades)

[tlaurion]

CONFIG_SUPPORT_USB_KEYBOARD=y allows the user to enable USB keyboard support in config. It's off by default. I provide this for Librems due to popular demand.

You're thinking of CONFIG_USB_KEYBOARD_REQUIRED=y which means the device only has USB keyboards.

I'm not familiar with this hardware, but typically the internal keyboard is a PS/2 keyboard (well, really provided by the EC as an 8042 interface, no actual PS/2 port or signaling, but I digress). So I think you have this right @loftlifter31

Originally posted by @JonathonHall-Purism in #1774 (comment)

[tlaurion]

This has convenience VS security implications.

@marmarek is that what you would request for platforms having ps2 keyboards but where usb is needed for testing?

Remember rubber ducky with usb+hid support. Thoughts welcome

[marmarek]

Right, but since it's disabled by default, an USB keyboard can't enable itself on its own. And also the option is placed in the menu deep enough that IMO it can't be switched unknowingly.

[tlaurion]

Alright so plan is.

• Make sure that usb keyboard only boards are enforcing usb required in board configs
• have all ps2 boards enable usb keyboard optional to be setup by ps2 keyboard if needed
• make sure config menu warns user of security implication, telling ps2 better for security vs convenience.

@marmarek @JonathonHall-Purism good enough as a plan?

[JonathonHall-Purism]

* Make sure that usb keyboard only boards are enforcing usb required in board configs

This should already be the case, but never hurts to double check 🤞

* have all ps2 boards enable usb keyboard optional to be setup by ps2 keyboard if needed

Agree. I would do this by removing the CONFIG_SUPPORT_USB_KEYBOARD, since all boards will support it now, there's no need for the config any more. Just update config-gui.sh and modules/linux by removing the tests and keeping the logic that used to apply when it was 'y'.

* make sure config menu warns user of security implication, telling ps2 better for security vs convenience.

Yeah we have that:

        if (whiptail --title 'Enable USB Keyboard?' \
             --yesno "USB keyboards will be usable in $CONFIG_BRAND_NAME.
                    \n\nEnabling USB keyboards could allow a compromised USB device to control
                    \n$CONFIG_BRAND_NAME.
                    \n\nDo you want to proceed?" 0 80) then

I think that's clear and concise. It could allow a compromised USB device to control Heads.

[marmarek]

I just tried t430-hotp-maximized with added CONFIG_SUPPORT_USB_KEYBOARD=y, and it worked as expected:

1. Initially USB keyboard was not enabled
2. There is a menu option to enable it, that gives the above warning.
3. After enabling, USB keyboard works.

[tlaurion]

Should be part of #1821, assigned myself

[tlaurion]

@JonathonHall-Purism @marmarek see #1838