From a5373afc55e789f4657f3d843243e878e4afffa2 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Wed, 7 Aug 2024 14:44:14 +1000
Subject: [PATCH] Details on disabled `fbdev` kernel modules

---
 README.md                                     | 2 +-
 etc/modprobe.d/30_security-misc_disable.conf  | 6 ++++--
 usr/bin/disabled-framebuffer-by-security-misc | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 0ed55ef..0ed1240 100644
--- a/README.md
+++ b/README.md
@@ -207,7 +207,7 @@ disabling should first be blacklisted for a suitable amount of time.
 
 - FireWire (IEEE 1394): Disabled as they are often vulnerable to DMA attacks.
 
-- Framebuffer Drivers: Disabled as they are well-known to be buggy, cause
+- Framebuffer (fbdev): Disabled as drivers are well-known to be buggy, cause
   kernel panics, and are generally only used by legacy devices.
 
 - GPS: Disable GPS-related modules such as those required for Global Navigation
diff --git a/etc/modprobe.d/30_security-misc_disable.conf b/etc/modprobe.d/30_security-misc_disable.conf
index d6c5974..3a72b0e 100644
--- a/etc/modprobe.d/30_security-misc_disable.conf
+++ b/etc/modprobe.d/30_security-misc_disable.conf
@@ -70,10 +70,12 @@ install raw1394 /usr/bin/disabled-firewire-by-security-misc
 install sbp2 /usr/bin/disabled-firewire-by-security-misc
 install video1394 /usr/bin/disabled-firewire-by-security-misc
 
-## Framebuffer Drivers:
-## Known to be buggy, cause kernel panics, and are generally only used by legacy devices.
+## Framebuffer (fbdev):
+## Video drivers are known to be buggy, cause kernel panics, and are generally only used by legacy devices.
 ## These were all previously blacklisted.
 ##
+## https://docs.kernel.org/fb/index.html
+## https://en.wikipedia.org/wiki/Linux_framebuffer
 ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-framebuffer.conf?h=ubuntu/disco
 ##
 install aty128fb /usr/bin/disabled-framebuffer-by-security-misc
diff --git a/usr/bin/disabled-framebuffer-by-security-misc b/usr/bin/disabled-framebuffer-by-security-misc
index 2933f95..681bc40 100755
--- a/usr/bin/disabled-framebuffer-by-security-misc
+++ b/usr/bin/disabled-framebuffer-by-security-misc
@@ -5,6 +5,6 @@
 
 ## Alerts user that a kernel module failed to load due to it being explicitly disabled by default.
 
-echo "$0: ALERT: This framebuffer kernel module is disabled by package security-misc by default. See the configuration file /etc/modprobe.d/30_security-misc_disable.conf for details. | args: $@" >&2
+echo "$0: ALERT: This framebuffer (fbdev) kernel module is disabled by package security-misc by default. See the configuration file /etc/modprobe.d/30_security-misc_disable.conf for details. | args: $@" >&2
 
 exit 1