Filtering USB storage data in kernel module

[Greg KH]

On Fri, Nov 18, 2011 at 06:36:18PM +0530, Abhijit Pawar wrote:
> On 11/17/2011 08:19 PM, Greg KH wrote:
> >On Thu, Nov 17, 2011 at 02:15:35PM +0530, Abhijit Pawar wrote:
> >>Hi All,
> >>I need to filter  the data written/read to and from the USB storage
> >>disk.
> >Why?
> I want to build a secure machine with data protection. I want to
> have a security around the machine where anyone can attach a usb
> disk and copy the data. but i want to make the copied data useless
> unless it has the trust relation with the host to which its
> connected.
> So if one has copied data from one secured machine and get that usb
> disk to other machine, he should see the encrypted garbage data.

Interesting idea.

> >What are you wanting to do at "filter" time?
> I want to encrypt the write data packets and decrypt the read data packets.
> >Why just USB disks?  What makes them special?
> They are the one which can be attached to the system easily.
> >How are you going to determine if a disk is a USB device or not?

You forgot to answer this question :)

> >>Now the way USB is made known to OS is through SCSI and then
> >>respective filesystem ( mostly usbfs).
> >Not really, usbfs is only one way, and it has nothing to do with usb
> >disks.
> >
> >>So is there any way I can intercept this stack and have my kernel module
> >>invoked so that I will get the data.
> >Not easily.
> Even if its hard, can you please give  details of how do I achieve this?
> >>I have been thinking on two approaches:
> >>
> >>1. Use VFS and write a proxy filesystem for USB device which will filter
> >>the data.
> >>2. checking SCSI and any intercepting point.
> >Again, what are you trying to "filter"?  That will determine where you
> >make changes.
> thanks, greg k-h
> So what choice do I have now for this?

Lots of work, best of luck with this task, it will not be simple or
easy.

greg k-h