Lines Matching +full:user +full:- +full:level

1 .. SPDX-License-Identifier: GPL-2.0
7 some differences at the register level among other things. Connection
18 software connection manager in Linux also advertises security level
19 ``user`` which means PCIe tunneling is disabled by default. The
21 the software connection manager only supports ``user`` security level and
25 -----------------------------------
27 should be a userspace tool that handles all the low-level details, keeps
31 found in ``Documentation/ABI/testing/sysfs-bus-thunderbolt``.
35 ``/etc/udev/rules.d/99-local.rules``::
44 security levels available. Intel Titan Ridge added one more security level
51 treated as another security level (nopcie).
56 All devices are automatically connected by the firmware. No user
60 user
61 User is asked whether the device is allowed to be connected.
63 ``/sys/bus/thunderbolt/devices``, the user then can make the decision.
67 User is asked whether the device is allowed to be connected. In
87 The current security level can be read from
92 If the security level reads as ``user`` or ``secure`` the connected
93 device must be authorized by the user before PCIe tunnels are created
101 Authorizing devices when security level is ``user`` or ``secure``
102 -----------------------------------------------------------------
105 /sys/bus/thunderbolt/devices/0-1/authorized - 0
106 /sys/bus/thunderbolt/devices/0-1/device - 0x8004
107 /sys/bus/thunderbolt/devices/0-1/device_name - Thunderbolt to FireWire Adapter
108 /sys/bus/thunderbolt/devices/0-1/vendor - 0x1
109 /sys/bus/thunderbolt/devices/0-1/vendor_name - Apple, Inc.
110 /sys/bus/thunderbolt/devices/0-1/unique_id - e0376f00-0300-0100-ffff-ffffffffffff
113 created yet. The user can authorize the device by simply entering::
115 # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized
119 If the device supports secure connect, and the domain security level is
121 a random 32-byte value used for authorization and challenging the device in
124 /sys/bus/thunderbolt/devices/0-3/authorized - 0
125 /sys/bus/thunderbolt/devices/0-3/device - 0x305
126 /sys/bus/thunderbolt/devices/0-3/device_name - AKiTiO Thunder3 PCIe Box
127 /sys/bus/thunderbolt/devices/0-3/key -
128 /sys/bus/thunderbolt/devices/0-3/vendor - 0x41
129 /sys/bus/thunderbolt/devices/0-3/vendor_name - inXtron
130 /sys/bus/thunderbolt/devices/0-3/unique_id - dc010000-0000-8508-a22d-32ca6421cb16
134 If the user does not want to use secure connect they can just ``echo 1``
136 the same way as in the ``user`` security level.
138 If the user wants to use secure connect, the first time the device is
141 # key=$(openssl rand -hex 32)
142 # echo $key > /sys/bus/thunderbolt/devices/0-3/key
143 # echo 1 > /sys/bus/thunderbolt/devices/0-3/authorized
148 Next time the device is plugged in the user can verify (challenge) the
151 # echo $key > /sys/bus/thunderbolt/devices/0-3/key
152 # echo 2 > /sys/bus/thunderbolt/devices/0-3/authorized
157 returned to the user.
159 If the user still wants to connect the device they can either approve
163 De-authorizing devices
164 ----------------------
165 It is possible to de-authorize devices by writing ``0`` to their
171 When a device is de-authorized the PCIe tunnel from the parent device
173 down. This is essentially the same thing as PCIe hot-remove and the PCIe
180 ------------------------------
185 automatically enables IOMMU if not enabled by the user already. These
191 redundant. For this reason some systems ship with security level set to
192 ``none``. Other systems have security level set to ``user`` in order to
200 ----------------------------------------------------
221 device - then you need to connect that particular device).
223 Note an OEM-specific method to power the controller up ("force power") may
227 After that we can write the firmware to the non-active parts of the NVM
231 # dd if=KYK_TBT_FW_0018.bin of=/sys/bus/thunderbolt/devices/0-0/nvm_non_active0/nvmem
236 # echo 1 > /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
246 # cat /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
248 # cat /sys/bus/thunderbolt/devices/0-0/nvm_version
259 Upgrading on-board retimer NVM when there is no cable connected
260 ---------------------------------------------------------------
267 # echo 1 > /sys/bus/thunderbolt/devices/0-0/usb4_port1/offline
273 # echo 1 > /sys/bus/thunderbolt/devices/0-0/usb4_port1/rescan
275 This enumerates and adds the on-board retimers. Now retimer NVM can be
281 # echo 1 > /sys/bus/thunderbolt/devices/0-0/usb4_port1/rescan
286 # echo 0 > /sys/bus/thunderbolt/devices/0-0/usb4_port1/offline
289 --------------------------------------------------
300 ---------------------------------
309 ``thunderbolt-net`` driver is loaded automatically. If the other host is
310 also Linux you should load ``thunderbolt-net`` manually on one host (it
313 # modprobe thunderbolt-net
316 is built-in to the kernel image, there is no need to do anything.
324 -------------
330 For example the intel-wmi-thunderbolt driver exposes this attribute in:
331 /sys/bus/wmi/devices/86CCFD48-205E-4A77-9C48-2021CBEDE341/force_power