From 5b16f633b8a61f407fd041f5529c2ea071c1cc34 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 15 Jan 2022 11:12:03 -0300
Subject: Feat: thunderbolt and additional firewire kernel blocks

---
 files/etc/modprobe.d/blacklist.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/files/etc/modprobe.d/blacklist.conf b/files/etc/modprobe.d/blacklist.conf
index 52ea5a4..d339c0d 100644
--- a/files/etc/modprobe.d/blacklist.conf
+++ b/files/etc/modprobe.d/blacklist.conf
@@ -77,6 +77,10 @@ install ohci1394 false
 # Iff we should ever load the ohci1394 module, force the use of the 'phys_dma=0' option.
 options ohci1394 phys_dma=0
 
+# See also https://github.com/lfit/itpol/blob/master/linux-workstation-security.md#blacklisting-modules
+blacklist firewire-core
+blacklist thunderbolt
+
 # PC Speaker
 blacklist pcspkr
 
-- 
cgit v1.2.3