Announcement

Collapse
No announcement yet.

Linux 6.13 To Enhance Logic For Trusting Built-In Thunderbolt Controllers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 6.13 To Enhance Logic For Trusting Built-In Thunderbolt Controllers

    Phoronix: Linux 6.13 To Enhance Logic For Trusting Built-In Thunderbolt Controllers

    Due to the possibility of DMA attacks from connected Thunderbolt devices, Linux and other platforms have built up safeguards over the years and different security levels for Thunderbolt to better protect systems having this high speed interface exposing PCIe. With the upcoming Linux 6.13 kernel, the logic of the kernel is being enhanced to better detect and trust built-in Thunderbolt controllers...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Mean while anyone can just plugin a USB device that looks like a USB storage device but is actually identified as a USB HID class and inserts keystrokes to open terminal and type stuff?

    USB is just blindly trusted?

    Comment


    • #3
      Originally posted by uid313 View Post
      Mean while anyone can just plugin a USB device that looks like a USB storage device but is actually identified as a USB HID class and inserts keystrokes to open terminal and type stuff?

      USB is just blindly trusted?
      USB is less powerful than Thunderbolt. USB can only access what the OS allows, whereas Thunderbolt can issue DMA transfers, access other PCIe devices, and more.

      Comment


      • #4
        Originally posted by colejohnson66 View Post

        USB is less powerful than Thunderbolt. USB can only access what the OS allows, whereas Thunderbolt can issue DMA transfers, access other PCIe devices, and more.
        Yes, but any USB device whether it looks like a USB flash storage or a camera or a scanner can identify as USB human interface device (HID) as if it was a USB keyboard and start automatically injecting keystrokes as if they were typed by the user.

        Comment


        • #5
          Originally posted by uid313 View Post
          ... USB human interface device (HID) as if it was a USB keyboard and start automatically injecting keystrokes as if they were typed by the user.
          And? The user would take its PC to a professional to have a look at that strange behavior, just typing stuff at random times will result in various symptoms but is hardly a reliable exploit, you would want to wait until there is an admin terminal open for which you need some way of informing your "keyboard" about that. Are you seriously comparing this to DMA?

          Comment


          • #6
            Originally posted by uid313 View Post

            Yes, but any USB device whether it looks like a USB flash storage or a camera or a scanner can identify as USB human interface device (HID) as if it was a USB keyboard and start automatically injecting keystrokes as if they were typed by the user.
            Only if the host system trusts the device, accepts its connection and hooks it up.

            Comment


            • #7
              Originally posted by uid313 View Post
              Mean while anyone can just plugin a USB device that looks like a USB storage device but is actually identified as a USB HID class and inserts keystrokes to open terminal and type stuff?

              USB is just blindly trusted?
              NEW VERSION OF THE BEST SELLING HOTPLUG With a few seconds of physical access, all bets are off...

              Comment


              • #8
                Originally posted by uid313 View Post
                Mean while anyone can just plugin a USB device that looks like a USB storage device but is actually identified as a USB HID class and inserts keystrokes to open terminal and type stuff?

                USB is just blindly trusted?
                We should figure out a way to fix it, but it may not be the job of kernel to handle that as it is more a social engineering problem.

                Imagine you get a laptop with broken keyboard and touchpad. You definitely don't want your external keyboard and mouse be blocked from accessing the computer. No, requiring explicit approval unless the new keyboard/mouse is the only input device doesn't work. The broken internal keyboard and touchpad may be still sending alive signal to the computer.

                Comment


                • #9
                  Originally posted by Anux View Post
                  And? The user would take its PC to a professional to have a look at that strange behavior, just typing stuff at random times will result in various symptoms but is hardly a reliable exploit, you would want to wait until there is an admin terminal open for which you need some way of informing your "keyboard" about that. Are you seriously comparing this to DMA?
                  No the user wouldn't because the user wouldn't know about it because the USB device would inject the keypresses when the computer was idle and the user not present at the computer. The strange behavior would be so fast to open a terminal, and run some command that the user wouldn't even notice it even if he was there. Even if the user saw it, the user would just ignore it and think it was some normal system update operation happening in the background.​

                  Originally posted by reba View Post
                  Only if the host system trusts the device, accepts its connection and hooks it up.
                  No, you can plugin any USB device and the system will blindly trust it.

                  Originally posted by billyswong View Post

                  We should figure out a way to fix it, but it may not be the job of kernel to handle that as it is more a social engineering problem.

                  Imagine you get a laptop with broken keyboard and touchpad. You definitely don't want your external keyboard and mouse be blocked from accessing the computer. No, requiring explicit approval unless the new keyboard/mouse is the only input device doesn't work. The broken internal keyboard and touchpad may be still sending alive signal to the computer.
                  Then it should require input devices to be present before boot.
                  It should display a message like "a input device has been plugged in, if you want to use it, you have to reboot".
                  Or it needs to be whitelisted in the UEFI settings so that UEFI can use it, but the OS can only allow inputs from an input device after it has been whitelisted in the UEFI.

                  Comment


                  • #10
                    The NSA and spy agencies have something similar but very much smaller, it looks like a normal USB cable but acts as keyboard and has a built-in Wi-Fi so you can connect to it remotely.

                    Comment

                    Working...
                    X