kernel driver

4 Articles

Linux Device Drivers In Only A Few Years

July 11, 2023 by 10 Comments

[Johannes 4GNU_Linux] has been filming a video series on how to write Linux device drivers for a couple of years now, but luckily, you won’t need that long to watch them or to create your own driver. He’s added some recent videos to the series, like the one below, but might want to rewind a few years and start at the beginning.

If you build your own hardware for Linux, you’ll probably eventually want to write a driver which runs as a privileged program. While there are many things you can do in user space, for the ultimate control and performance, you can’t beat a driver.

One problem, though, is that drivers can really crash your system in a big way. In the old days, it was common to have a dedicated system for driver development. Today, for many drivers, you can get away with running a virtual machine that you can crash and reload without much trouble.

The videos cover diverse topics like interrupts, completions, polling, and threads. He even uses a Raspberry Pi, which will be very useful for many embedded projects. Of course, the trend these days is to have one driver — like the USB driver — and have it provide user-space access so that everyone doesn’t have to write their own drivers. But, as usual, that only goes so far.

We aren’t sure how many more videos there will be, but if you make it through the first 31, maybe more will be waiting for you. It has been a while since we looked at SPI drivers in Linux. As an example of why you might want to roll your own, consider a custom FPGA driver.

Continue reading “Linux Device Drivers In Only A Few Years”

Genshin Security Impact

August 29, 2022 by 29 Comments

An MMORPG with cute anime-style characters and maybe a bit too much inspiration taken from another classic Nintento franchise, Genshin Impact is a relatively popular game across the PlayStation, iOS, Android, and PC platforms. That last one has already generated a bit of controversy, since the PC version game includes an anti-cheat kernel driver that runs in the Windows kernel context, and on initial release that module kept running even after the game was closed.

That anti-cheat driver is back in the news, with Trend Micro discovering a ransomware campaign that includes mhyprot2.sys, the anti-cheat driver, as a component of the infection. The module is known to have vulnerabilities, and is still a signed kernel driver, so the malware campaign loads the driver and uses its functions to disable anti-malware protections.

The rest of the campaign is straightforward. Starting with access to a single domain-connected machine, an attacker uses that foothold to gain access to the domain controller. The malicious script is hosted on shared storage, and PsExec is used to run it on all the domain member machines. The real novelty here is the use of the vulnerable anti-cheat kernel driver as the anti-malware bypass. As far as we can tell, this driver is *still* signed and considered trustworthy by Windows. We join the call to Microsoft, to revoke this vulnerable driver, as it’s now actively being used in ongoing malware campaigns. For more on security, check out our weekly column on the topic,

RF Burns And Exploding PC Speakers: Sophos Looks At The Evidence

June 21, 2021 by 24 Comments

Every year in the month of June, someone by the unlikely name of [R.F. Burns] posts a question to the Linux Kernel Mailing List asking whether a Linux kernel module is possible that would blow the PC speaker. It’s fairly obviously a joke, which is why the UK-based anti-virus company Sophos have devoted a light-hearted blog post to it.

The post is an interesting diversion into early PC sounds, when the only hardware guaranteed to be present was a small speaker hooked up to a bit on an output port. The bit could be cycled for square wave beeps, or with a lot of clever manipulation could put out a low-bitrate PWM that delivered almost intelligible sounds including music and voice. They conclude that since the speaker would have been designed to be at the full amplitude of the 5-volt output bit all the time it should be impossible to blow it from software, and we’d be inclined to agree. There’s a remote possibility that some speakers might have a resonant frequency that could be found in software, but we’re not entirely convinced.

Your Hackaday scribe might have spent a while in a university computer lab back in the day trying and failing to write C code that would produce a usable PWM on an XT speaker, but those with long memories might recall the PC speaker driver for Windows 3.1. If you’re a fan of chiptune music there are even entire albums written for this most basic of instruments.

Header image: MKFI, Public domain.

Lattice ICE40 FPGA Configured By Linux Kernel

April 13, 2017 by 15 Comments

The Linux kernel recently added support for loading firmware into an FPGA via the FPGA Manager Framework. [OpenTechLab] has built a driver for the Lattice iCE40 FPGA (same chip used on the iCEStick and other development boards). One attraction to the iCE40 is there is an open source toolchain called iCEStorm.

Even if you aren’t specifically interested in FPGAs, the discussion about Linux device drivers is good background. The principles would apply to other drivers, and would definitely apply if you want to write another FPGA loader.

Continue reading “Lattice ICE40 FPGA Configured By Linux Kernel”