| There's a few cases where this makes sense: * The laptop supports one or more power supplies, but with different current ratings, and the laptop needs to know how much it can safely draw. (This can be done with passives) * The charger has dynamic power availability, possibly because it charges multiple devices, and the amount of power available varies with other factors, such as temperature. * The charger has various output modes available, only some of which align with the device to be charged. Therefore, the two devices must negotiate a common set of parameters. On the note of USB Condoms, they only interrupt the data lines, USB's power negotiation (nowadays) mostly happens on the power line itself. Though usually, the device's OS (if it has one) has limited/no visiblity to this, and a dedicated port controller handles this interaction, possibly passing higher-level information to the rest of the device. There are some things that can be done to reduce the threat surface: * Build the protocol parser as a FSM. * Formal methods for critical systems. * Severely restrict the expressiveness of the protocol, particularly any variable-length fields. |