Announcement

Collapse
No announcement yet.

Linux 5.12 To Support USB4 "Security Level 5" To Disable PCIe Tunneling

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 5.12 To Support USB4 "Security Level 5" To Disable PCIe Tunneling

    Phoronix: Linux 5.12 To Support USB4 "Security Level 5" To Disable PCIe Tunneling

    The USB4 / Thunderbolt changes slated for the upcoming Linux 5.12 merge window have been queued into the USB-next tree...

    http://www.phoronix.com/scan.php?pag...-5.12-USB4-SL5

  • #2
    Why is a firmware-level switch being shifted to kernel space?

    Comment


    • #3
      Originally posted by Sonadow View Post
      Why is a firmware-level switch being shifted to kernel space?
      Because it would be more convenient to toggle the switch at any time through sysctl than having to reboot to change it.

      Comment


      • #4
        Originally posted by tildearrow View Post

        Because it would be more convenient to toggle the switch at any time through sysctl than having to reboot to change it.
        ...plus, if it supports changes that don't get persisted as BIOS settings (I haven't checked), then it'd allow boot flows where the system boots with the USB4 ports locked down and then the kernel only brings them up after all relevant security tunings are in place.

        Comment


        • #5
          Will there be/Is there also a usb firewall against unauthorized devices?

          Comment


          • #6
            Also, we should know by now that expecting firmware to do things properly is an ideal that regularly conflicts with reality. Yes, we all want solid UEFI support for all firmware options with good descriptions, a nice UI, and good basic support.

            However, everyone just slaps logos on the same basic shit, doesn't label half of the firmware options, locks out several important options, and fucks up the ACPI tables like DSDT, important interfaces are implemented only through Windows-specific technology like WMI, etc. Plus, they want to save $3 by,making the flash memory small so that you often don't get dual firmware support, and you can't have support for multiple CPU generations in the same firmware version, etc.

            A lot of linux kernel work is dealing with shitty firmware. Vendors rarely care enough to fix stuff for Linux, though it's getting better.

            Comment


            • #7
              Originally posted by Terrablit View Post
              Also, we should know by now that expecting firmware to do things properly is an ideal that regularly conflicts with reality. Yes, we all want solid UEFI support for all firmware options with good descriptions, a nice UI, and good basic support.
              Ideally UEFI is superseded with something more robust/less convoluted.
              I really want to look into Linuxboot and see how easy it is to apply.
              We really do not need most of the code that is found in typical UEFI blobs.

              ​​​If the vendors do not maintain their firmware, I should be able to do it for the parts that are not hardware-dependent.

              Originally posted by Terrablit View Post
              A lot of linux kernel work is dealing with shitty firmware. Vendors rarely care enough to fix stuff for Linux, though it's getting better.
              It would be nice if we at least could fix parts of it ourselves.

              Comment


              • #8
                Originally posted by rawr View Post
                ​​​If the vendors do not maintain their firmware, I should be able to do it for the parts that are not hardware-dependent.
                It would be nice if we at least could fix parts of it ourselves.
                Yet another reason to support vendors like System76 who are using open source firmware.

                Comment


                • #9
                  Originally posted by torsionbar28 View Post
                  Yet another reason to support vendors like System76 who are using open source firmware.
                  Definitely. Don't forget Raptor with the POWER workstations. It's outside the price range of many, but their work is really impressive.

                  Comment

                  Working...
                  X