Correct Defaults for Arduino/ Embedded Device Security

Suggestions and feedback for Linux Mint and the forums
Forum rules
Do not post support questions here. Before you post read: Where to post ideas & feature requests
Post Reply
dragon-dragon_dragon

Correct Defaults for Arduino/ Embedded Device Security

Post by dragon-dragon_dragon »

The TL;DR is that users in the adm group are not given write access to Arduinos wich are learning devices used in the education field to teach students about embedded devices. There's also a chip flasher produced by Adafruit that, to work properly, requires users to craft an obscure string and place it in an obscure directory I hadn't heard of until yesterday. Whereas in Windows it just works. I recommend this issue be addressed by a developer.



I've been researching embedded solutions, and I just burned a program to an Arduino Uno and it worked great after adding my user to the dialout group. That was needed because apparently the tty devices, particularly the Uno's /dev/ttyACM0 port requires membership in that group. Windows doesn't have that problem, so I'm wondering if we can specially listen for the Arduino Uno and grant any user write access to it, rather than restrict it? The Uno is essentially meant for users to write to it and this would be really helpful for students of embedded software development.

Also Adafruit, a popular hardware and education organization, wrote a special bootloader for their minimalistic Arduino unit that uses a USBtinySPI interface, and even with being a member of the dialout group, I needed to do really difficult research to allow my user write access to it. Can we have this write access a default privileged of the dialout or adm group? That would be an extremely kind gesture, these hardware folks went through a lot of hoops to get there design out there for people, and we seem to be inadvertently creating an extra hoop for these educators to cope with.

Here's the way to allow write access to Adafruit's trinket bootloader:

(/etc/udev/rules.d/30-allow_trinket.rules)

Code: Select all

SUBSYSTEM=="usb", ATTRS{idVendor}=="1781", ATTRS{idProduct}=="0c9f", GROUP="dialout", MODE="0664"
A repo containing more details on the problem and it's workaround is here.
User avatar
xenopeek
Level 25
Level 25
Posts: 29504
Joined: Wed Jul 06, 2011 3:58 am

Re: Correct Defaults for Arduino/ Embedded Device Security

Post by xenopeek »

There are a lot of additional udev rules out there, for different pieces of hardware. Perhaps this is a topic better in the tutorials sections or in the hardware review database?
Image
dragon-dragon_dragon

Re: Correct Defaults for Arduino/ Embedded Device Security

Post by dragon-dragon_dragon »

xenopeek wrote:There are a lot of additional udev rules out there, for different pieces of hardware. Perhaps this is a topic better in the tutorials sections or in the hardware review database?
The code I posted was a workaround to allow people to use an Arduino-like flasher the same way it can be done in windows. This isn't ideal for everyone to search for on there own and implement. The suggestion is to include a sound set of default udev rules so that the same level of comfort that Windows provides Embedded solution developers can also be provided by Linux Mint. I shared the workaround to provide insights to anyone interested in making changes to the default Linux Mint udev rules.

Would this be better to suggest upstream at Ubuntu? I don't have a test Ubuntu system, so I figured I just drop a note here.
User avatar
xenopeek
Level 25
Level 25
Posts: 29504
Joined: Wed Jul 06, 2011 3:58 am

Re: Correct Defaults for Arduino/ Embedded Device Security

Post by xenopeek »

Yes, this is probably something to take upstream to Ubuntu. Looking at the Linux Mint repositories, only the Debian edition has a patched udev: http://packages.linuxmint.com/search.ph ... ection=any. The main edition uses udev packages from upstream Ubuntu 14.04
Image
dragon-dragon_dragon

Re: Correct Defaults for Arduino/ Embedded Device Security

Post by dragon-dragon_dragon »

K, thanks for the info, I'll send them a report.
Post Reply

Return to “Suggestions & Feedback”