diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-20 21:32:37 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-20 21:32:37 -0800 |
| commit | 780607b9731feef575514108fc7956c54180f16e (patch) | |
| tree | 873d8203bd441f6494bbd3f57a9f6371b2ea1973 /Documentation/admin-guide | |
| parent | e4286926abbbaab9b047c8bc25cae78ec990928f (diff) | |
| parent | b5a12546e779d4f5586f58e60e0ef5070a833a64 (diff) | |
Merge tag 'usb-5.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB and Thunderbolt updates from Greg KH:
"Here is the big set of USB and Thunderbolt driver changes for
5.12-rc1.
It's been an active set of development in these subsystems for the
past few months:
- loads of typec features added for new hardware
- xhci features and bugfixes
- dwc3 features added for more hardware support
- dwc2 fixes and new hardware support
- cdns3 driver updates for more hardware support
- gadget driver cleanups and minor fixes
- usb-serial fixes, new driver, and more devices supported
- thunderbolt feature additions for new hardware
- lots of other tiny fixups and additions
The chrome driver changes are in here as well, as they depended on
some of the typec changes, and the maintainer acked them.
All of these have been in linux-next for a while with no reported
issues"
* tag 'usb-5.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (300 commits)
dt-bindings: usb: mediatek: musb: add mt8516 compatbile
dt-bindings: usb: mtk-xhci: add compatible for mt2701 and mt7623
dt-bindings: usb: mtk-xhci: add optional assigned clock properties
Documentation: connector: Update the description of sink-vdos
usb: misc: usb3503: Fix logic in usb3503_init()
dt-bindings: usb: usb-device: fix typo in required properties
usb: Replace lkml.org links with lore
dt-bindings: usb: dwc3: add description for rk3328
dt-bindings: usb: convert rockchip,dwc3.txt to yaml
usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
USB: quirks: sort quirk entries
USB: serial: drop bogus to_usb_serial_port() checks
USB: serial: make remove callback return void
USB: serial: drop if with an always false condition
usb: gadget: Assign boolean values to a bool variable
usb: typec: tcpm: Get Sink VDO from fwnode
dt-bindings: connector: Add SVDM VDO properties
usb: typec: displayport: Fill the negotiated SVDM Version in the header
usb: typec: ucsi: Determine common SVDM Version
usb: typec: tcpm: Determine common SVDM Version
...
Diffstat (limited to 'Documentation/admin-guide')
| -rw-r--r-- | Documentation/admin-guide/thunderbolt.rst | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/Documentation/admin-guide/thunderbolt.rst b/Documentation/admin-guide/thunderbolt.rst index 613cb24c76c7..f18e881373c4 100644 --- a/Documentation/admin-guide/thunderbolt.rst +++ b/Documentation/admin-guide/thunderbolt.rst @@ -47,6 +47,9 @@ be DMA masters and thus read contents of the host memory without CPU and OS knowing about it. There are ways to prevent this by setting up an IOMMU but it is not always available for various reasons. +Some USB4 systems have a BIOS setting to disable PCIe tunneling. This is +treated as another security level (nopcie). + The security levels are as follows: none @@ -77,6 +80,10 @@ The security levels are as follows: Display Port in a dock. All PCIe links downstream of the dock are removed. + nopcie + PCIe tunneling is disabled/forbidden from the BIOS. Available in some + USB4 systems. + The current security level can be read from ``/sys/bus/thunderbolt/devices/domainX/security`` where ``domainX`` is the Thunderbolt domain the host controller manages. There is typically @@ -153,6 +160,22 @@ If the user still wants to connect the device they can either approve the device without a key or write a new key and write 1 to the ``authorized`` file to get the new key stored on the device NVM. +De-authorizing devices +---------------------- +It is possible to de-authorize devices by writing ``0`` to their +``authorized`` attribute. This requires support from the connection +manager implementation and can be checked by reading domain +``deauthorization`` attribute. If it reads ``1`` then the feature is +supported. + +When a device is de-authorized the PCIe tunnel from the parent device +PCIe downstream (or root) port to the device PCIe upstream port is torn +down. This is essentially the same thing as PCIe hot-remove and the PCIe +toplogy in question will not be accessible anymore until the device is +authorized again. If there is storage such as NVMe or similar involved, +there is a risk for data loss if the filesystem on that storage is not +properly shut down. You have been warned! + DMA protection utilizing IOMMU ------------------------------ Recent systems from 2018 and forward with Thunderbolt ports may natively |