• Mika Westerberg's avatar
    thunderbolt: Add support for Internal Connection Manager (ICM) · f67cf491
    Mika Westerberg authored
    Starting from Intel Falcon Ridge the internal connection manager running
    on the Thunderbolt host controller has been supporting 4 security
    levels. One reason for this is to prevent DMA attacks and only allow
    connecting devices the user trusts.
    
    The internal connection manager (ICM) is the preferred way of connecting
    Thunderbolt devices over software only implementation typically used on
    Macs. The driver communicates with ICM using special Thunderbolt ring 0
    (control channel) messages. In order to handle these messages we add
    support for the ICM messages to the control channel.
    
    The security levels are as follows:
    
      none - No security, all tunnels are created automatically
      user - User needs to approve the device before tunnels are created
      secure - User need to approve the device before tunnels are created.
    	   The device is sent a challenge on future connects to be able
    	   to verify it is actually the approved device.
      dponly - Only Display Port and USB tunnels can be created and those
               are created automatically.
    
    The security levels are typically configurable from the system BIOS and
    by default it is set to "user" on many systems.
    
    In this patch each Thunderbolt device will have either one or two new
    sysfs attributes: authorized and key. The latter appears for devices
    that support secure connect.
    
    In order to identify the device the user can read identication
    information, including UUID and name of the device from sysfs and based
    on that make a decision to authorize the device. The device is
    authorized by simply writing 1 to the "authorized" sysfs attribute. This
    is following the USB bus device authorization mechanism. The secure
    connect requires an additional challenge step (writing 2 to the
    "authorized" attribute) in future connects when the key has already been
    stored to the NVM of the device.
    
    Non-ICM systems (before Alpine Ridge) continue to use the existing
    functionality and the security level is set to none. For systems with
    Alpine Ridge, even on Apple hardware, we will use ICM.
    
    This code is based on the work done by Amir Levy and Michael Jamet.
    Signed-off-by: default avatarMichael Jamet <michael.jamet@intel.com>
    Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
    Reviewed-by: default avatarYehezkel Bernat <yehezkel.bernat@intel.com>
    Reviewed-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
    Signed-off-by: default avatarAndreas Noever <andreas.noever@gmail.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    f67cf491
nhi.c 23.2 KB