Prevent usbhid from autoloading when USB HID device is plugged in

Asked 5/8, 2016 at 9:53 Answered 23/9, 2016 at 17:57

Solved linux kernel raspbian hid hotplugging

I'm trying to (reversibly) disable USB HID support on a Raspbian Jessie install, kernel version 4.4.16-v7+. We need to have the Raspberry Pi in a semi-public space and display stuff on a TV, and we'd like to make it at least somewhat hard to mess with it.

So far I've managed to make the usbhid module removable from the kernel via rmmod. After rmmod'ing the module, tt seems, though, that each time I plug in a USB keyboard or mouse, the device driver gets loaded back into the Kernel.

Is there any way to prevent that?

Strung answered 5/8, 2016 at 9:53 Comment(0)

udev is the best and easiest way doing that, add a new rule in e.g.: /etc/udev/rules.d/99-disable-usb-hid.rules:

SUBSYSTEMS=="usb", DRIVERS=="usbhid", ACTION=="add", ATTR{authorized}="0"

and restart udev. I've just tested it in Debian Jessie ARM 4.4.16.

Faubourg answered 23/9, 2016 at 17:57 Comment(1)

This is a really cool solution, I like this better than the one I finally implemented (blacklisting the offending kernel modules). Wish I'd known of this possibility. – Strung 1/10, 2016 at 12:30

I can think of two options:

EASIER:

Blacklist the kernel module inside /etc/modprobe.d/blacklist.conf by adding:

blacklist usbhid

Make sure that you do this as root by using sudo or logging in as root, otherwise this file is read-only.

HARDER:

If you have the capacity to recompile the kernel that you are using then you could set CONFIG_USB_HID=n in the kernel configuration file to disable usbhid entirely.

You could follow Raspberry Pi's kernel building steps, and once you have everything all set to build, you can modify the configuration file so that CONFIG_USB_HID=n. You could do this during a menuconfig or the way I usually do it, which is by editing the hidden .config file after running a make defconfig. See linux kernel in a nutshell for more information on configuring and building the linux kernel.

Since Raspberry Pi is ARM, and I'm assuming your computer is x86, you will need to set up a cross-compiler toolchain. That information should be foud in the RasPi's kernel building steps as well.

Then continue following RasPi's kernel building steps to get the kernel onto your Raspberry Pi. This should solve the problem of having usbhid showing up. It won't be baked into the kernel in the first place.

Beatrix answered 22/9, 2016 at 14:49 Comment(3)

I've actually tried a kernel recompile to make the respective module optional, but it always got autoloaded once a device was plugged in, so that didn't work out ... I didn't want to fully lose the functionality, so completely leaving out the module was only a last-resort thing. I was able to accomplish what I wanted by blacklisting as you describe, though putting it in blacklist.conf somehow didn't work. I had to put blacklist lines for usbhid, usbkbd and usbmouse into /etc/modprobe.d/usbkbd.conf etc.; just usbhid wasn't enough for some reason. – Strung 1/10, 2016 at 12:27

Sometimes when running make a configuration option automatically gets set to "y" or "n" again. It sounds like you've already found a solution that works, but if you do need to force a configuration option, you can just include it after the make command. For example, you could run make CONFIG_USB_HID=n to force that configuration option. – Beatrix 2/10, 2016 at 16:29

Blacklisting usbhid dind't work for me in Ubuntu 16_04 – Pukka 2/3, 2020 at 19:18

Recommended topics

Hot tags