Revision as of 10:02, 15 January 2018

Thunderbolt Enablement

Summary

Support Thunderbolt 3 peripherals in a secure way hardware out of the box.

Owner

Name: Christian Kellner
Email: ckellner@redhat.com
Release notes owner:

Current status

Targeted release: Fedora 28
Last updated: 2018-01-15
Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Thunderbolt™ is the brand name of a hardware interface developed by Intel® that allows the connection of external peripherals to a computer.

Devices connected via Thunderbolt can be DMA masters and thus read system memory without interference of the operating system (or even the CPU). Version 3 of the interface provides 4 different security levels, in order to mitigate the aforementioned security risk that connected devices pose to the system. The security level is set by the system firmware.

The four security levels are:

none: Security disabled, all devices will fully functional on connect.
dponly: Only pass the display-port stream through to the connected device.
user: Connected devices need to be manually authorized by the user.
secure: As 'user', but also challenge the device with a secret key to verify its identity.

The Linux kernel, starting with version 4.13, provides an interface via sysfs that enables userspace query the security level, the status of connected devices and, most importantly, to authorize devices, if the security level demands it.

The active security level can normally be selected prior boot via a BIOS option, but it is interesting to note that in the future the none option is likely to go away. This of course means connected thunderbolt devices wont work at all unless they are authorized by the user from with the running operating system.

The solution to automatically enable thunderbolt 3 devices to work with Fedora without compromising the security of the computer consists of two user space compoments: a system daemon (boltd) and a component in GNOME shell. For new devices the shell will automatically enroll (= authorize and store in the database) new devices via the daemon if (and only if) the current user is a system administrator and the session is unlocked. On subsequent connections of the same device the daemon will then automatically authorize the device.

Benefit to Fedora

Thunderbolt 3 peripherals can be used in a convenient and secure way.

Scope

Proposal owners: Stablize bolt and integrate the current GNOME Shell extension proof-of-concept into GNOME Shell upstream.
Other developers: Nothing

Release engineering: 7238
- List of deliverables: N/A (not a System Wide Change)

Policies and guidelines: N/A (not a System Wide Change)

Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

GNOME shell should depend on bolt so it gets pulled in automatically as a dependency on upgrade.

How To Test

A computer with Thunderbolt 3 controller and a Thunderbolt 3 device is required to test.
Install bolt
Plug in the device
Check that the device is listed with boltctl list
Enroll the device with boltctl enroll <uuid>

User Experience

GNOME Shell will display a little icon indicating that thunderbolt 3 devices are being connected and also show notifications in the case of errors.

Dependencies

Linux kernel version greater then 4.13 is required.
GNOME shell needs to be modified to work with boltd

Contingency Plan

Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
Contingency deadline: N/A (not a System Wide Change)
Blocks release? No
Blocks product? Workstation

Documentation

Release Notes

@@ Line 132: / Line 132: @@
 -->
-[[Category:ChangeReadyForFesco]]
+[[Category:ChangeAcceptedF28]]
 <!-- When your change proposal page is completed and ready for review and announcement -->
 <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->

Search

Changes/ThunderboltEnablement: Difference between revisions