veilor-org/veilor-os

Author	SHA1	Message	Date
s8n	4f91fbb8f0	fix(overlay): preload uas + usb-storage so UAS enclosures bind post-modules-lock Some checks failed secret-scan / gitleaks (HEAD + history) (push) Has been cancelled Details secret-scan / detect-secrets (entropy + cross-tool) (push) Has been cancelled Details secret-scan / gitleaks (HEAD + history) (pull_request) Has been cancelled Details secret-scan / detect-secrets (entropy + cross-tool) (pull_request) Has been cancelled Details secret-scan / summary (push) Has been cancelled Details secret-scan / summary (pull_request) Has been cancelled Details veilor-modules-lock sets kernel.modules_disabled=1 about 30s after graphical.target. Without uas already loaded, hot-plugged USB-SATA bridges (ASMedia / JMicron / Realtek) that advertise both BBB and UAS alt-settings fail to bind — the kernel prefers uas, usb-storage stands down, and modprobe uas is denied by the lock. Add /etc/modules-load.d/veilor-storage.conf via the overlay so systemd-modules-load.service preloads uas + usb-storage at boot, before the lock engages. Document the rationale and a runtime quirks workaround in docs/HARDENING.md. Incident: 2026-05-13, onyx, SK Hynix SC311 in ASMT105x (174c:55aa).	2026-05-13 15:04:00 +01:00