Linux Support Is Coming To Allow De-Authorizing Thunderbolt Devices

Written by Michael Larabel in Hardware on 18 January 2021 at 08:27 AM EST. 11 Comments
HARDWARE
While in recent years there has been growing interest in enhancing Linux's Thunderbolt security with offering security levels and other functionality to authorize supported/known Thunderbolt devices, surprisingly it's taken until 2021 to see the ability for Linux's Thunderbolt software connection manage to handle de-authorizing devices.

If wanting to de-authorize a previously authorized Thunderbolt device for whatever reason or if wanting to establish policies like where on user log-out that devices would be automatically de-authorized, it's looking like Linux 5.12 will support this ability.

Queued this past week into the Thunderbolt dev tree is the subsystem support for de-authorizing Thunderbolt devices. The de-authorization support relies upon the Thunderbolt software connection manager being active as it's able to directly control the PCIe tunnels.

A new "deauthorization" sysfs attribute is exposed to indicate whether the system supports de-authorization of Thunderbolt devices. Specific devices can then be deauthorized by writing "0" to the "authorized" sysfs attribute.

This is the kernel side support while we will see once landed if any user-space policies are proposed for automatically de-authorizing Thunderbolt devices on log-out or other changes in the name of system security.
11 Comments
Related News
Polychromatic 0.9 OpenRazer GUI Frontend Released With Port To PyQt6
Framework Raises $18M In New Funding, More Collaborations Coming With Cooler Master
Reverse Engineered MSI WMI Platform Driver Being Worked On For Linux
udev-hid-bpf To Help Enable HID-BPF Use Rather Than Kernel Drivers To Fix HID Hardware
Rockchip NPU Open-Source Driver Taking Shape, Will Aim For Upstream Accel Driver
TUXEDO Computers Launches First Linux Laptop With AMD Ryzen 7 8845HS
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"