Red Hat's Latest Project: "Bolt" To Deal With Linux Thunderbolt Security

Written by Michael Larabel in Red Hat on 14 December 2017 at 11:03 AM EST. 10 Comments
RED HAT
"Bolt" is a new project by Red Hat / GNOME developers in dealing with Thunderbolt 3 security levels on Linux.

With Thunderbolt allowing unfettered access to PCI Express, it's super fast but opens up the plug-and-play port to DMA attacks and more. Thus with Thunderbolt 3 they introduced the concept of security levels, which Bolt is part of the equation for supporting this security feature on Linux.

Thunderbolt 3 security levels include none (no security), dponly (DisplayPort with no PCI-E), user (requiring authorization by the user to enable), and secure (similar to user but introducing a key).

In order to deal with these Thunderbolt 3 security levels, Linux 4.13 introduced the kernel-side work for supporting these levels while the new Bolt process handles the user-space integration.

Bolt consists of a generic system daemon on D-Bus for managing the attached Thunderbolt devices and their security levels while there is also a new GNOME component that's part of the GNOME Shell to deal with the UI/UX side.


When running with GNOME and having administrator rights, there will then be integration in the GNOME Shell for informing the user of a newly-attached Thunderbolt 3+ device and needing to take action if wishing to grant it PCI-E access to the system, etc.

More details on the Bolt project and its initial v0.1 bits can be found via Christian Kellner's blog while the GNOME integration bits are outlined in this Wiki whiteboard. It looks like the GNOME bits could be ready for GNOME 3.28 and then we'll see in the future if KDE decides to make use of Bolt's D-Bus daemon for then building their own Plasma integration.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week