Fedora 28 Aiming For Secure Thunderbolt 3 Support
If Fedora developers are successful, Fedora 28 will feature secure and properly supported Thunderbolt 3 device handling out-of-the-box.
Long story short, Fedora 28 will hopefully be featuring Red Hat's Bolt project for dealing with modern Thunderbolt devices. With Thunderbolt allowing for direct access to the PCI Express bus, it opens the system up to DMA attacks and other vulnerabilities. But under Thunderbolt 3 is support for security levels by which devices can be restricted to only DisplayPort access, user authorization of devices, and secure access. The Linux kernel changes for dealing with Thunderbolt 3 is in place but the user-space portion is not.
With the Bolt project, there is a D-Bus system daemon monitoring for Thunderbolt devices being added and then a GNOME Shell user-interface for notifying the system when new devices are added and then prompting for what device rights should be provided.
Red Hat developers hope to have Bolt all tidied up for inclusion in the May release of Fedora 28. Details on the Thunderbolt plans for F28 can be found via the Fedora Wiki.
Long story short, Fedora 28 will hopefully be featuring Red Hat's Bolt project for dealing with modern Thunderbolt devices. With Thunderbolt allowing for direct access to the PCI Express bus, it opens the system up to DMA attacks and other vulnerabilities. But under Thunderbolt 3 is support for security levels by which devices can be restricted to only DisplayPort access, user authorization of devices, and secure access. The Linux kernel changes for dealing with Thunderbolt 3 is in place but the user-space portion is not.
With the Bolt project, there is a D-Bus system daemon monitoring for Thunderbolt devices being added and then a GNOME Shell user-interface for notifying the system when new devices are added and then prompting for what device rights should be provided.
Red Hat developers hope to have Bolt all tidied up for inclusion in the May release of Fedora 28. Details on the Thunderbolt plans for F28 can be found via the Fedora Wiki.
3 Comments