veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions
veilor-os/overlay/etc/modules-load.d/veilor-storage.conf
s8n 4f91fbb8f0
Some checks failed
secret-scan / gitleaks (HEAD + history) (push) Has been cancelled
Details
secret-scan / detect-secrets (entropy + cross-tool) (push) Has been cancelled
Details
secret-scan / gitleaks (HEAD + history) (pull_request) Has been cancelled
Details
secret-scan / detect-secrets (entropy + cross-tool) (pull_request) Has been cancelled
Details
secret-scan / summary (push) Has been cancelled
Details
secret-scan / summary (pull_request) Has been cancelled
Details
fix(overlay): preload uas + usb-storage so UAS enclosures bind post-modules-lock 
veilor-modules-lock sets kernel.modules_disabled=1 about 30s after
graphical.target. Without uas already loaded, hot-plugged USB-SATA
bridges (ASMedia / JMicron / Realtek) that advertise both BBB and
UAS alt-settings fail to bind — the kernel prefers uas, usb-storage
stands down, and modprobe uas is denied by the lock.

Add /etc/modules-load.d/veilor-storage.conf via the overlay so
systemd-modules-load.service preloads uas + usb-storage at boot,
before the lock engages. Document the rationale and a runtime
quirks workaround in docs/HARDENING.md.

Incident: 2026-05-13, onyx, SK Hynix SC311 in ASMT105x (174c:55aa).
2026-05-13 15:04:00 +01:00

35 lines
1.5 KiB
Text
Raw Blame History

# veilor-os — preload USB mass-storage drivers at boot.
#
# Why this exists:
# veilor-modules-lock.service sets kernel.modules_disabled=1 about 30s
# after graphical.target. Any module not loaded by then is permanently
# blocked for the rest of the session. usb-storage is built into the
# default Fedora kernel image and auto-loads at boot, but uas is a
# separate module that the kernel only loads on demand when a UAS-
# capable USB-SATA bridge is enumerated. If no such device is present
# at boot, uas never loads, the lock engages, and any later hot-plug
# of an ASMedia / JMicron / Realtek UAS bridge (e.g. 174c:55aa,
# 152d:*, 0bc2:*) fails:
#
# usb 7-1: Device is not authorized for usage
# modprobe: ERROR: could not insert 'uas': Operation not permitted
#
# The interface descriptor on these enclosures advertises both BBB
# (bulk-only, 08:06:50) and UAS (08:06:62) alt-settings. Kernel
# prefers UAS, so usb-storage stands down expecting uas to claim.
# Without uas loaded, neither driver binds and the block device
# never appears.
#
# Fix:
# Preload uas (and usb-storage as belt+braces) via systemd-modules-
# load.service at boot, before veilor-modules-lock runs. Both modules
# are then resident and can bind hot-plugged devices for the entire
# session.
#
# Incident: 2026-05-13, onyx, SK Hynix SC311 in ASMT105x enclosure.
# References:
# - usb-storage(4), systemd-modules-load.service(8)
# - /etc/systemd/system/veilor-modules-lock.service
uas
usb-storage
Reference in a new issue View git blame Copy permalink