Lines Matching +full:secure +full:- +full:firmware
1 .. SPDX-License-Identifier: GPL-2.0
10 connection manager can be implemented either in firmware or software.
11 Typically PCs come with a firmware connection manager for Thunderbolt 3
25 -----------------------------------
27 should be a userspace tool that handles all the low-level details, keeps
31 found in ``Documentation/ABI/testing/sysfs-bus-thunderbolt``.
35 ``/etc/udev/rules.d/99-local.rules``::
53 All devices are automatically connected by the firmware. No user
63 secure
65 addition to UUID the device (if it supports secure connect) is sent
71 The firmware automatically creates tunnels for Display Port and
76 The firmware automatically creates tunnels for the USB controller and
85 If the security level reads as ``user`` or ``secure`` the connected
94 Authorizing devices when security level is ``user`` or ``secure``
95 -----------------------------------------------------------------
98 /sys/bus/thunderbolt/devices/0-1/authorized - 0
99 /sys/bus/thunderbolt/devices/0-1/device - 0x8004
100 /sys/bus/thunderbolt/devices/0-1/device_name - Thunderbolt to FireWire Adapter
101 /sys/bus/thunderbolt/devices/0-1/vendor - 0x1
102 /sys/bus/thunderbolt/devices/0-1/vendor_name - Apple, Inc.
103 /sys/bus/thunderbolt/devices/0-1/unique_id - e0376f00-0300-0100-ffff-ffffffffffff
108 # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized
112 If the device supports secure connect, and the domain security level is
113 set to ``secure``, it has an additional attribute ``key`` which can hold
114 a random 32-byte value used for authorization and challenging the device in
117 /sys/bus/thunderbolt/devices/0-3/authorized - 0
118 /sys/bus/thunderbolt/devices/0-3/device - 0x305
119 /sys/bus/thunderbolt/devices/0-3/device_name - AKiTiO Thunder3 PCIe Box
120 /sys/bus/thunderbolt/devices/0-3/key -
121 /sys/bus/thunderbolt/devices/0-3/vendor - 0x41
122 /sys/bus/thunderbolt/devices/0-3/vendor_name - inXtron
123 /sys/bus/thunderbolt/devices/0-3/unique_id - dc010000-0000-8508-a22d-32ca6421cb16
127 If the user does not want to use secure connect they can just ``echo 1``
131 If the user wants to use secure connect, the first time the device is
134 # key=$(openssl rand -hex 32)
135 # echo $key > /sys/bus/thunderbolt/devices/0-3/key
136 # echo 1 > /sys/bus/thunderbolt/devices/0-3/authorized
144 # echo $key > /sys/bus/thunderbolt/devices/0-3/key
145 # echo 2 > /sys/bus/thunderbolt/devices/0-3/authorized
157 ------------------------------
177 ----------------------------------------------------
178 Since most of the functionality is handled in firmware running on a
179 host controller or a device, it is important that the firmware can be
181 Typically OEMs provide this firmware from their support site.
183 There is also a central site which has links where to download firmware
188 Before you upgrade firmware on a device, host or retimer, please make
198 device - then you need to connect that particular device).
200 Note an OEM-specific method to power the controller up ("force power") may
204 After that we can write the firmware to the non-active parts of the NVM
208 # dd if=KYK_TBT_FW_0018.bin of=/sys/bus/thunderbolt/devices/0-0/nvm_non_active0/nvmem
213 # echo 1 > /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
220 We can verify that the new NVM firmware is active by running the following
223 # cat /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
225 # cat /sys/bus/thunderbolt/devices/0-0/nvm_version
237 --------------------------------------------------
248 ---------------------------------
257 ``thunderbolt-net`` driver is loaded automatically. If the other host is
258 also Linux you should load ``thunderbolt-net`` manually on one host (it
261 # modprobe thunderbolt-net
264 is built-in to the kernel image, there is no need to do anything.
272 -------------
278 For example the intel-wmi-thunderbolt driver exposes this attribute in:
279 /sys/bus/wmi/devices/86CCFD48-205E-4A77-9C48-2021CBEDE341/force_power