Ghaf kill switch GUI application

[vunnyso]

Description of Changes

1. App can be launched from top right corner of the screen (menu bar/ panel bar)

   

2. Device blocking and unblocking works fine.

3. Device state is persistent and it should reflect actual device status on application startup.

4. Documentation updated accordingly.

Note: Just in case Kill Switch App icon doesn't appear, please follow below steps:

Go to "Cosmic Settings" --> Desktop --> Panel -> "Reset to default" (at bottom)

Type of Change

• New Feature
• Bug Fix
• Improvement / Refactor

Related Issues / Tickets

Depends on:
tiiuae/ghafpkgs#100 [feat(kill-switch): Add ghaf-kill-switch-app gui interface] --> (Merged)
#1528 [Implement PCI device management via vhotplug] --> (Merged)

Checklist

• Clear summary in PR description
• Detailed and meaningful commit message(s)
• Commits are logically organized and squashed if appropriate
• Contribution guidelines followed
• Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
• Author has run make-checks and it passes
• All automatic GitHub Action checks pass - see actions
• Author has added reviewers and removed PR draft status

Testing Instructions

Applicable Targets

• Orin AGX aarch64
• Orin NX aarch64
• Lenovo X1 x86_64
• Dell Latitude x86_64
• System 76 x86_64

Installation Method

• Requires full re-installation
• Can be updated with nixos-rebuild ... switch
• Other:

Test Steps To Verify:

1. Launch the application as mentioned in Description of Changes section.

2. ghaf-killswitch command line tool is moved from ghaf-host to gui-vm

3. Add support for bluetooth device

   [ghaf@gui-vm:~]$ ghaf-killswitch block bluetooth
   Blocking device bt0 ...
   INFO Successfully detached

4. status command is added for ghaf-killswitch to check if device is blocked or not.

   [ghaf@gui-vm:~] $ ghaf-killswitch status
   mic: blocked
   net: blocked
   cam: blocked
   bluetooth: unblocked

5. Add support to block and unblock all devices

   [ghaf@gui-vm:~] $ ghaf-killswitch block --all
   [ghaf@gui-vm:~] $ ghaf-killswitch unblock --all

[brianmcgillion]

Just looking at the screenshot. Should we have a kill switch that will kill all? So a 4th toggle. Maybe at the top. That will switch all the others to off on demand?

Also, from a UX point of view. There is the Airplane mode toggle in the Wi-Fi settings. Should this toggle that switch so you can see the state there. But then we would have to decide who has precedence. i.e. if the kill switch is turned on, can you disable airplane mode from the Wi-Fi menu?

Or how do we warn? It could be that either one will toggle the other (kill switch Wi-Fi, and network setting airplane mode). Or is the kill switch just a convenience function to centralize turning them all off?

[vunnyso]

Just looking at the screenshot. Should we have a kill switch that will kill all? So a 4th toggle. Maybe at the top. That will switch all the others to off on demand?

Yes , we can add 4th toggle to kill all as option for convenience, if it's a requirement.

Also, from a UX point of view. There is the Airplane mode toggle in the Wi-Fi settings. Should this toggle that switch so you can see the state there. But then we would have to decide who has precedence. i.e. if the kill switch is turned on, can you disable airplane mode from the Wi-Fi menu?

Its interesting problem, right now both are independent and state is not synchronized. Kill Switch app calls vhotplugcli pci detach --vid 8086 --did 272b and Airplane mode toggle probably using rfkill.

Or how do we warn? It could be that either one will toggle the other (kill switch Wi-Fi, and network setting airplane mode). Or is the kill switch just a convenience function to centralize turning them all off?

We can discuss more it, I think better to keep one option to avoid confusion and complexity. @kajusnau if you have ideas please suggest.

[kajusnau]

The way I see it we have two possible approaches here to avoid confusion:

1. Hide the airplane mode toggle and use killswitch app exclusively
2. Have both airplane mode and killswitch app but clearly label killswitch app as a HW toggle, while airplane mode would be implied SW

Few things to consider:
Airplane mode does indeed use rfkill for Bluetooth. In my mind, rfkill is more of a SW toggle, since it seems to disable the selected wireless device. Killswitch, on the other hand, is essentially unplugging the device entirely, which could be seen as "more secure".
Killswitch currently doesn't affect Bluetooth functionality, unlike airplane mode.

My vote would be to simply hide the airplane mode toggle (I can make a patch for that).

[kajusnau]

Also I think this discussion and any possible screenshots should be moved to tiiuae/ghafpkgs#100.
App functionality testing should also be done there if at all possible (which I've been told by QA folks that it is indeed possible 😉 )

[vunnyso]

No issues in building x86_64-linux, lenovo-x1-carbon-gen11-debug locally.

[milva-unikie]

No issues in building x86_64-linux, lenovo-x1-carbon-gen11-debug locally.

Looks like the same issue that there has been with Dell 7230. Hopefully #1588 will fix it.

[brianmcgillion]

it will be easier to review when #1528 lands and you can rebase on main. so hopefully that is an incentive to help review #1528 and lets get it merged asap :)

[Bitumiju]

https://jira.tii.ae/browse/SSRCSP-7346

[milva-unikie]

Tested on Darter Pro (nixos-rebuild switch)

• Camera, microphone, Wi-Fi and Bluetooth can be disabled from the kill switch app
• Kill switch status is persistent
• ghaf-killswitch status, ghaf-killswitch block and ghaf-killswitch unblock work in the gui-vm

I already tested this feature on the Lenovo X1 in tiiuae/ghafpkgs#100

[kajusnau]

I guess I'm too late with this but adding anyway for future reference 😀