From 3c720a0715191c858e8d1df9795dddfea5dbdcf1 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Sat, 20 Jul 2024 15:03:21 +1000
Subject: [PATCH] Disable some legacy drivers These were all previously
 blacklisted for over 2 years.

---
 README.md                                      |  3 ++-
 etc/modprobe.d/30_security-misc_blacklist.conf |  6 +-----
 etc/modprobe.d/30_security-misc_disable.conf   | 11 +++++++++++
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 3a9c552..331a5ce 100644
--- a/README.md
+++ b/README.md
@@ -226,7 +226,8 @@ disabling should first be blacklisted for a suitable amount of time.
   are disabled.
 
 - Miscellaneous: Disable an assortment of other modules such as those required
-  for amateur radio, floppy disks, and vivid.
+  for amateur radio, floppy disks, and vivid. Also disable legacy drivers that
+  have been entirely replaced by newer drivers.
 
 - Thunderbolt: Disabled as they are often vulnerable to DMA attacks.
 
diff --git a/etc/modprobe.d/30_security-misc_blacklist.conf b/etc/modprobe.d/30_security-misc_blacklist.conf
index 4f1b1be..2ef0d1a 100644
--- a/etc/modprobe.d/30_security-misc_blacklist.conf
+++ b/etc/modprobe.d/30_security-misc_blacklist.conf
@@ -26,14 +26,10 @@ blacklist sr_mod
 ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist.conf?h=ubuntu/disco
 ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco
 ##
-blacklist ath_pci
 blacklist amd76x_edac
-blacklist asus_acpi
-blacklist bcm43xx
+blacklist ath_pci
 blacklist evbug
-blacklist de4x5
 blacklist pcspkr
-blacklist prism54
 blacklist snd_aw2
 blacklist snd_intel8x0m
 blacklist snd_pcsp
diff --git a/etc/modprobe.d/30_security-misc_disable.conf b/etc/modprobe.d/30_security-misc_disable.conf
index 7ce6190..c78ba2a 100644
--- a/etc/modprobe.d/30_security-misc_disable.conf
+++ b/etc/modprobe.d/30_security-misc_disable.conf
@@ -256,6 +256,17 @@ install hamradio /usr/bin/disabled-miscellaneous-by-security-misc
 ##
 install floppy /usr/bin/disabled-miscellaneous-by-security-misc
 ##
+## Replaced:
+## These legacy drivers have all been entirely replaced and superseded by newer drivers.
+## These were all previously blacklisted.
+##
+## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist.conf?h=ubuntu/disco
+##
+install asus_acpi /usr/bin/disabled-miscellaneous-by-security-misc
+install bcm43xx /usr/bin/disabled-miscellaneous-by-security-misc
+install de4x5 /usr/bin/disabled-miscellaneous-by-security-misc
+install prism54 /usr/bin/disabled-miscellaneous-by-security-misc
+##
 ## Vivid:
 ## Disables the vivid kernel module since it has been the cause of multiple vulnerabilities.
 ##