s8n
4f91fbb8f0
Some checks failed
secret-scan / gitleaks (HEAD + history) (push) Has been cancelled
secret-scan / detect-secrets (entropy + cross-tool) (push) Has been cancelled
secret-scan / gitleaks (HEAD + history) (pull_request) Has been cancelled
secret-scan / detect-secrets (entropy + cross-tool) (pull_request) Has been cancelled
secret-scan / summary (push) Has been cancelled
secret-scan / summary (pull_request) Has been cancelled
veilor-modules-lock sets kernel.modules_disabled=1 about 30s after graphical.target. Without uas already loaded, hot-plugged USB-SATA bridges (ASMedia / JMicron / Realtek) that advertise both BBB and UAS alt-settings fail to bind — the kernel prefers uas, usb-storage stands down, and modprobe uas is denied by the lock. Add /etc/modules-load.d/veilor-storage.conf via the overlay so systemd-modules-load.service preloads uas + usb-storage at boot, before the lock engages. Document the rationale and a runtime quirks workaround in docs/HARDENING.md. Incident: 2026-05-13, onyx, SK Hynix SC311 in ASMT105x (174c:55aa). |
||
|---|---|---|
| .. | ||
| research/2026-05-05-agent-wave | ||
| BUILD.md | ||
| CLI.md | ||
| DOCS-DOCS.md | ||
| HARDENING.md | ||
| INSTALL.md | ||
| INSTALLER.md | ||
| POWER.md | ||
| ROADMAP.md | ||
| STRATEGY.md | ||
| THREAT-MODEL.md | ||