linux/drivers/thunderbolt
Mika Westerberg dcc3c9e37f thunderbolt: Export IOMMU based DMA protection support to userspace
Recent systems with Thunderbolt ports may support IOMMU natively. In
practice this means that Thunderbolt connected devices are placed behind
an IOMMU during the whole time it is connected (including during boot)
making Thunderbolt security levels redundant. This is called Kernel DMA
protection [1] by Microsoft.

Some of these systems still have Thunderbolt security level set to
"user" in order to support OS downgrade (the older version of the OS
might not support IOMMU based DMA protection so connecting a device
still relies on user approval).

Export this information to userspace by introducing a new sysfs
attribute (iommu_dma_protection). Based on it userspace tools can make
more accurate decision whether or not authorize the connected device.

In addition update Thunderbolt documentation regarding IOMMU based DMA
protection.

[1] https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Yehezkel Bernat <YehezkelShB@gmail.com>
2018-12-05 12:01:56 +03:00
..
Kconfig thunderbolt: Add support for host and device NVM firmware upgrade 2017-06-09 11:42:43 +02:00
Makefile thunderbolt: Add support for XDomain discovery protocol 2017-10-02 11:24:41 -07:00
cap.c thunderbolt: Add Intel as copyright holder 2018-10-02 15:52:08 -07:00
ctl.c thunderbolt: Add Intel as copyright holder 2018-10-02 15:52:08 -07:00
ctl.h thunderbolt: Add Intel as copyright holder 2018-10-02 15:52:08 -07:00
dma_port.c thunderbolt: Convert rest of the driver files to use SPDX identifier 2018-10-02 15:52:08 -07:00
dma_port.h thunderbolt: Convert rest of the driver files to use SPDX identifier 2018-10-02 15:52:08 -07:00
domain.c thunderbolt: Export IOMMU based DMA protection support to userspace 2018-12-05 12:01:56 +03:00
eeprom.c thunderbolt: Add Intel as copyright holder 2018-10-02 15:52:08 -07:00
icm.c Merge 4.19-rc7 into char-misc-next 2018-10-08 15:33:21 +02:00
nhi.c Merge 4.19-rc7 into char-misc-next 2018-10-08 15:33:21 +02:00
nhi.h thunderbolt: Add Intel as copyright holder 2018-10-02 15:52:08 -07:00
nhi_regs.h thunderbolt: Add Intel as copyright holder 2018-10-02 15:52:08 -07:00
path.c thunderbolt: Make the driver less verbose 2018-10-02 15:52:08 -07:00
property.c thunderbolt: Convert rest of the driver files to use SPDX identifier 2018-10-02 15:52:08 -07:00
switch.c thunderbolt: Prevent root port runtime suspend during NVM upgrade 2018-11-26 20:38:49 +01:00
tb.c thunderbolt: Make the driver less verbose 2018-10-02 15:52:08 -07:00
tb.h thunderbolt: Add Intel as copyright holder 2018-10-02 15:52:08 -07:00
tb_msgs.h thunderbolt: Convert rest of the driver files to use SPDX identifier 2018-10-02 15:52:08 -07:00
tb_regs.h thunderbolt: Add Intel as copyright holder 2018-10-02 15:52:08 -07:00
tunnel_pci.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tunnel_pci.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xdomain.c thunderbolt: Convert rest of the driver files to use SPDX identifier 2018-10-02 15:52:08 -07:00