Latest revision as of 07:25, 20 April 2018

Thunderbolt Enablement

Summary

Support Thunderbolt 3 peripherals in a secure way out of the box.

Owner

Name: Christian Kellner
Email: ckellner@redhat.com
Release notes ticket: #110

Current status

Targeted release: Fedora 28
Last updated: 2018-04-20
Tracker bug: #1534594

Detailed Description

Thunderbolt™ is the brand name of a hardware interface developed by Intel® that allows the connection of external peripherals to a computer.

Devices connected via Thunderbolt can be DMA masters and thus read system memory without interference of the operating system (or even the CPU). Version 3 of the interface provides 4 different security levels, in order to mitigate the aforementioned security risk that connected devices pose to the system. The security level is set by the system firmware.

The four security levels are:

none: Security disabled, all devices will fully functional on connect.
dponly: Only pass the display-port stream through to the connected device.
user: Connected devices need to be manually authorized by the user.
secure: As 'user', but also challenge the device with a secret key to verify its identity.

The Linux kernel, starting with version 4.13, provides an interface via sysfs that enables userspace query the security level, the status of connected devices and, most importantly, to authorize devices, if the security level demands it.

The active security level can normally be selected prior boot via a BIOS option, but it is interesting to note that in the future the none option is likely to go away. This of course means connected thunderbolt devices wont work at all unless they are authorized by the user from with the running operating system.

The solution to automatically enable thunderbolt 3 devices to work with Fedora without compromising the security of the computer consists of two user space compoments: a system daemon (boltd) and a component in GNOME shell. For new devices the shell will automatically enroll (= authorize and store in the database) new devices via the daemon if (and only if) the current user is a system administrator and the session is unlocked. On subsequent connections of the same device the daemon will then automatically authorize the device.

Benefit to Fedora

Thunderbolt 3 peripherals can be used in a convenient and secure way.

Scope

Proposal owners: Stablize bolt and integrate the current GNOME Shell extension proof-of-concept into GNOME Shell upstream.
Other developers: Nothing

Release engineering: 7238
- List of deliverables: N/A (not a System Wide Change)

Policies and guidelines: N/A (not a System Wide Change)

Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

GNOME shell should depend on bolt so it gets pulled in automatically as a dependency on upgrade.

How To Test

A computer with Thunderbolt 3 controller and a Thunderbolt 3 device is required to test.
Install bolt
Plug in the device
Check that the device is listed with boltctl list
Enroll the device with boltctl enroll <uuid>

User Experience

GNOME Shell will display a little icon indicating that thunderbolt 3 devices are being connected and also show notifications in the case of errors.

Dependencies

Linux kernel version greater then 4.13 is required.
GNOME shell needs to be modified to work with boltd

Contingency Plan

Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
Contingency deadline: N/A (not a System Wide Change)
Blocks release? No
Blocks product? Workstation

Documentation

Release Notes

@@ Line 24: / Line 24: @@
 == Summary ==
-Support Thunderbolt 3 peripherals in a secure way hardware out of the box.
+Support Thunderbolt 3 peripherals in a secure way out of the box.
 == Owner ==
@@ Line 33: / Line 33: @@
 * Name: [[User:gicmo| Christian Kellner]]
 * Email: ckellner@redhat.com
-* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> -->
+* Release notes ticket: [https://pagure.io/fedora-docs/release-notes/issue/110 #110]
 <!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
 * FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
@@ Line 53: / Line 53: @@
 CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
 -->
-* Tracker bug: <will be assigned by the Wrangler>
+* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1534594 #1534594]
 == Detailed Description ==
@@ Line 80: / Line 80: @@
 <!-- What work do other developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
-* Release engineering: [https://pagure.io/releng/issues #Releng issue number] (a check of an impact with Release Engineering is needed) <!-- REQUIRED FOR SYSTEM WIDE AS WELL AS FOR SELF CONTAINED CHANGES -->
+* Release engineering: [https://pagure.io/releng/issue/7238 7238] <!-- REQUIRED FOR SYSTEM WIDE AS WELL AS FOR SELF CONTAINED CHANGES -->
 <!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuild required?  include a link to the releng issue.
 The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing, and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication -->
@@ Line 132: / Line 132: @@
 -->
-[[Category:Category:ChangeReadyForWrangler]]
+[[Category:ChangeAcceptedF28]]
 <!-- When your change proposal page is completed and ready for review and announcement -->
 <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->

Search

Changes/ThunderboltEnablement: Difference between revisions