T h u n d e r b o l t 3 a n d G N U / L i n u - - PowerPoint PPT Presentation

t h u n d e r b o l t 3 a n d g n u l i n u x
SMART_READER_LITE
LIVE PREVIEW

T h u n d e r b o l t 3 a n d G N U / L i n u - - PowerPoint PPT Presentation

Nov 02, 2022 229 likes •470 views

T h u n d e r b o l t 3 a n d G N U / L i n u x F O S D E M 2 0 1 8 C h r i s t i a n K e l l n e r , P h D D e s k t o p H a r d w a r e E n a b l e m e n t 0 4 / 0

slide-1
SLIDE 1

T h u n d e r b

  • l

t 3 a n d G N U / L i n u x

F O S D E M 2 1 8 C h r i s t i a n K e l l n e r , P h D D e s k t

  • p

H a r d w a r e E n a b l e m e n t 4 / 2 / 2 1 8

slide-2
SLIDE 2

W h a t i s t h i s , a n y w a y ?

slide-3
SLIDE 3

3

“ T h e U S B

  • C

t h a t d

  • e

s i t a l l ”

I n t e l *

* h t t p s : / / t h u n d e r b

  • l

t t e c h n

  • l
  • g

y . n e t /

slide-4
SLIDE 4

4

T h u n d e r b

  • l

t 3 — O v e r v i e w

  • U

S B t y p e C c

  • n

n e c t

  • r

(

  • n

e p

  • r

t t

  • c
  • n

f u s e t h e m a l l )

  • 4

G b / s

  • 4

P C I E x p r e s s ( G e n 3 ) l a n e s

  • 8

D i s p l a y P

  • r

t ( 1 . 2 ) l a n e s

  • N

a t i v e U S B 3 . 1

  • D

a i s y

  • c

h a i n u p t

  • 6

d e v i c e s

  • U

p t

  • 1

W f

  • r

c h a r g i n g , 1 5 W f

  • r

d e v i c e s

  • N

e t w

  • r

k i n g , e x t e r n a l G r a p h i c

  • D
  • c

k s , d

  • c

k s , d

  • c

k s

slide-5
SLIDE 5

5

T h u n d e r b

  • l

t 3 — C

  • n

n e c t i

  • n

M

  • d

e s

U S B O N L Y D I S P L A Y P O R T O N L Y D P & U S B M U L T I

  • F

U N C T I O N

A c t i v e w h e n U S B d e v i c e s a r e p l u g g e d i n . B e h a v e s a s a n

  • r

m a l U S B

  • C

3 . 1 p

  • r

t .

T H U N D E R B O L T 3

S w i t c h p i n s

  • f

U S B

  • C

i n t

  • D

P a l t e r n a t e m

  • d

e . T B w i l l a c t a s a r

  • u

t e r f

  • r

D P d a t a f r

  • m

G F X t

  • U

S B

  • C

p

  • r

t O n e h i g h

  • s

p e e d p a i r i s u s e d f

  • r

D P . T h e

  • t

h e r h i g h

  • s

p e e d p a i r i s u s e d f

  • r

U S B 3 . 1 A l l 4 h i g h s p e e d s l i n k s a c t i v e ( a t 1 / 2 G b p s ) . m a x 4 P C I e G e n 3 l a n e s m a x 2 D i s p l a y P

  • r

t l i n k s

T H U N D E R B O L T N E T W O R K I G P O W E R D E L I V E R Y & C H A R G I N G

slide-6
SLIDE 6

6

T h u n d e r b

  • l

t — S e c u r i t y ? ? ?

T h u n d e r b

  • l

t i s P C I e → D M A → D M A a t t a c k s

h t t p s : / / g i t h u b . c

  • m

/ u f r i s k / p c i l e e c h

slide-7
SLIDE 7

7

T h u n d e r b

  • l

t 3 — S e c u r i t y M

  • d

e s

N O N E D P O N L Y U S E R

N

  • S

e c u r i t y . D

  • h

. A l l d e v i c e s a r e a u t h

  • r

i z e d b y d e f a u l t .

S E C U R E

D i s p l a y P

  • r

t

  • n

l y . Y

  • u

g u e s s e d r i g h t . T h u n d e r b

  • l

t d e v i c e s n e e d t

  • a

u t h

  • r

i z e d . O n l y t h e n a r e P C I e l a n e s a c t i v a t e d . T h u n d e r b

  • l

t d e v i c e s n e e d t

  • a

u t h

  • r

i z e d . T h e i r i d e n t i t y c a n b e v e r i fi e d v i a a k e y .

slide-8
SLIDE 8

8

T h u n d e r b

  • l

t 3 — S e c u r i t y M

  • d

e s

I n t h e l a n d

  • f

t h e d i a l

  • g

s … … n

  • w

e a r e n

  • t

d

  • i

n g t h a t .

slide-9
SLIDE 9

T h u n d e r b

  • l

t a n d G N U / L i n u x

slide-10
SLIDE 10

1

T h u n d e r b

  • l

t & G N U / L i n u x

O v e r v i e w s y s f s / u d e v L i n u x 4 . 1 3 b

  • l

t d

S y s t e m d e a e m

  • n

g n

  • m

e

  • s

h e l l g n

  • m

e

  • c
  • n

t r

  • l
  • c

e n t e r b

  • l

t c t l D

  • B

u s

  • t

h e r D E i n t e g r a t i

  • n
slide-11
SLIDE 11

1 1

K e r n e l I n t e r f a c e

L i n u x k e r n e l 4 . 1 3 + p r

  • v

i d e a s y s f s i n t e r f a c e

/sys/bus/thunderbolt/ └── devices ├── domain0 → 0-0/ security subsystem@ uevent […] ├── 0-0 → 0-1/ authorized device device_name vendor_name unique_id […] ├── 0-1 → 0-301/ authorized […] key […] unique_id └── 0-301 → […] nvm_active2/ nvm_non_active2/ nvm_version nvm_authenticate # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized # key=$(openssl rand -hex 32) # echo $key > /sys/bus/thunderbolt/devices/0-1/key # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized # echo $key > /sys/bus/thunderbolt/devices/0-1/key # echo 2 > /sys/bus/thunderbolt/devices/0-1/authorized /sys/bus/thunderbolt/ └── devices ├── domain0 → 0-0/ security subsystem@ uevent […] ├── 0-0 → 0-1/ authorized device device_name vendor_name unique_id […] ├── 0-1 → 0-301/ authorized […] key […] unique_id └── 0-301 → […] nvm_active2/ nvm_non_active2/ nvm_version nvm_authenticate # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized # key=$(openssl rand -hex 32) # echo $key > /sys/bus/thunderbolt/devices/0-1/key # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized # echo $key > /sys/bus/thunderbolt/devices/0-1/key # echo 2 > /sys/bus/thunderbolt/devices/0-1/authorized

slide-12
SLIDE 12

1 2

T h u n d e r b

  • l

t fi r m w a r e u p d a t e s

f w u p d & L i n u x V e n d

  • r

F i r m w a r e S e r v i c e ( L V F S )

* h t t p s : / / f w u p d .

  • r

g / # get current version nvm_version # write new firmware to nvm_non_active2/nvmem # start updating nvm_authenticate # get current version nvm_version # write new firmware to nvm_non_active2/nvmem # start updating nvm_authenticate

slide-13
SLIDE 13

1 3

T h u n d e r b

  • l

t & G N U / L i n u x

b

  • l

t d b

  • l

t d

S y s t e m d e a e m

  • n

D

  • B

u s

  • S

y s t e m d a e m

  • n

, a c t i v a t e d

  • n

d e m a n d

  • D
  • B

u s A P I t

  • m

a n a g e d e v i c e s , s i g n a l d e v i c e “ c h a n g e s ”

  • A

u t h

  • r

i z e , e n r

  • l

l ( a u t h

  • r

i z e a n d s t

  • r

e )

  • P
  • l

k i t t

  • s

e c u r e t h e D

  • B

u s A P I

  • D

e v i c e “ d a t a b a s e ”

  • f

p r e v i

  • u

s l y e n r

  • l

l e d d e v i c e s a n d t h e i r p

  • l

i c y

  • P

a r a n

  • i

d ( n

  • w

f

  • r

t i f y ) m

  • d

e

  • N

e e d s a p

  • l

i c y a g e n t t

  • d
  • t

h e i n i t i a l a u t h

  • r

i z a t i

  • n

, e n r

  • l

l m e n t

slide-14
SLIDE 14

1 4

b

  • l

t d

D

  • B

u s A P I : m a n a g e r i n t e r f a c e

slide-15
SLIDE 15

1 5

b

  • l

t d

D

  • B

u s A P I : m a n a g e r i n t e r f a c e

slide-16
SLIDE 16

1 6

b

  • l

t c t l

c l i i n t e r f a c e

slide-17
SLIDE 17

1 7

g n

  • m

e

  • s

h e l l

A c t s a s a p

  • l

i c y a g e n t L i s t e n t

d e v i c e

  • a

d d e d ” D

  • B

u s s i g n a l f r

  • m

b

  • l

t d u s e r l

  • g

g e d i n & s e s s i

  • n

u n l

  • c

k e d y e s n

  • u

s e r i s a d m i n y e s n

  • N
  • t

i fi c a t i

  • n

: n e w U n a u t h

  • r

i z e d d e v i c e E n r

  • l

l d e v i c e P

  • l

k i t a d m i n a u t h

  • r

i z a t i

  • n
slide-18
SLIDE 18

1 8

g n

  • m

e

  • s

h e l l

A c t s a s a p

  • l

i c y a g e n t

slide-19
SLIDE 19

1 9

g n

  • m

e

  • s

h e l l

p r

  • v

i d e U I f e e d b a c k a b

  • u

t t h u n d e r b

  • l

t b u s a c t i v i t y

slide-20
SLIDE 20

2

g n

  • m

e

  • c
  • n

t r

  • l
  • c

e n t e r

m a n a g e d e v i c e s , p r

  • v

i d e f e e d b a c k

slide-21
SLIDE 21

2 1

g n

  • m

e

  • c
  • n

t r

  • l
  • c

e n t e r

m a n a g e d e v i c e s , p r

  • v

i d e f e e d b a c k

slide-22
SLIDE 22

T H A N K Y O U

g i t h u b . c

  • m

/ g i c m

  • /

b

  • l

t c h r i s t i a n . k e l l n e r . m e