Intel Working On Thunderbolt Security Levels For Linux, Firmware Updates

Written by Michael Larabel in Intel on 19 May 2017 at 11:27 AM EDT. 15 Comments
Intel is continuing to improve the Thunderbolt support within the Linux kernel.

Mika Westerberg of Intel has posted a series of 24 patches for implementing security levels and NVM firmware upgrades for Thunderbolt. Thunderbolt security levels are used to fend off direct memory access (DMA) attacks when PCI Express is being used over Thunderbolt and IOMMU isn't available or working on the system. The firmware upgrade portion of the work is allowing NVM firmware upgrades on the host or device by writing the new firmware file to an nvmem entry over sysfs.

The Thunderbolt security level handling within the Linux driver allows for managing the security levels as otherwise users need to disable the security support from the BIOS if needing a PCI-E tunnel. Under this new code, Thunderbolt devices can be authorized by writing to a file via sysfs.

The developers hope user-space/desktops will add GUI functionality for wrapping around this security authorization functionality when new Thunderbolt devices are added whether it should be allowed, etc, rather than leaving users to dealing with the sysfs entries from the terminal.

This set of patches adding five thousand lines of code to the kernel also adds MSI-X support to the Thunderbolt driver for potentially greater performance over MSI / legacy interrupts, PCI IDs for the Intel Alpine Ridge Thunderbolt 3 controller, and other improvements. Perhaps we'll see this code ready for Linux 4.13 but in the mean time can be found via the kernel mailing list.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week