Difference between revisions of "Thunderbolt"

From ArchWiki
Jump to navigation Jump to search
m (fix plasma-thunderbolt's url)
m (→‎Graphical front-ends: Correct the availability information for Plasma integration, as there is a package is available.)
Line 26: Line 26:
* [[GNOME]] has native support for authorizing devices from the UI since version 3.30
* [[GNOME]] has native support for authorizing devices from the UI since version 3.30
* [[Plasma]] integration is available ([https://cgit.kde.org/plasma-thunderbolt.git/tree/README.md git repository]) but not yet available as a package for Arch Linux.
* [[Plasma]] integration is available from this [https://cgit.kde.org/plasma-thunderbolt.git/tree/README.md git repository] and from {{Pkg|plasma-thunderbolt}} package in [[Official repositories#kde-unstable]] repository.
=== Automatically connect any device ===
=== Automatically connect any device ===

Revision as of 22:58, 20 September 2019

Thunderbolt 3 works out of the box with recent Linux kernel versions [1]. The Linux kernel, starting with version 4.13, supports Thunderbolt Security, too.

Obtain firmware updates

Manufacturers often release firmware updates for Thunderbolt ports and devices to function properly, visit https://thunderbolttechnology.net/updates for more details how to obtain upgrades for certain vendors.

Note: Some vendors use fwupd to push firmware updates on Linux.

User device authorization

Modern Thunderbolt devices implement security modes that require user authorization when connecting devices - this is to protect from malicious devices performing DMA attacks or otherwise interfering with the hardware (see Thunderstrike 2).

The modes currently supported on Linux are:

  • none - No security, all devices are connected and initialized by default. In BIOS settings this is typically called Legacy mode.
  • user - User authorization is required every time a device is connected. In BIOS settings this is typically called Unique ID.
  • secure - User authorization is required, but the device is then remembered and does not require re-authorization. In BIOS settings this is typically called One time saved key.
  • dponly - DisplayPort functionality only, no other devices are allowed. In BIOS settings this is typically called Display Port Only.

The security level is normally configured at firmware level; it is recommended to set it to at least secure.

Tip: User-space solutions are available such as bolt or tbtAUR to authorize devices.

Graphical front-ends

Automatically connect any device

Users who just want to connect any device without any sort of manual work can create a udev rule as in 99-removable.rules:

ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"

Forcing power

Many OEMs include a method that can be used to force the power of a Thunderbolt controller to an On state. If supported by the machine this will be exposed by the WMI bus with a sysfs attribute called force_power [2].

Forcing power may especially be useful when a connected device loses connection or the controller that switches itself off.

To force the power to be on/off, write 1 or 0 to this attribute, e.g. to force power:

# echo 1 > /sys/bus/wmi/devices/86CCFD48-205E-4A77-9C48-2021CBEDE341/force_power
Note: It is not possible to query the current force_power state.

See also