Lines Matching +full:user +full:- +full:level

1 .. SPDX-License-Identifier: GPL-2.0
7 some differences at the register level among other things. Connection
18 software connection manager in Linux also advertises security level
19 ``user`` which means PCIe tunneling is disabled by default. The
21 the software connection manager only supports ``user`` security level and
25 -----------------------------------
27 should be a userspace tool that handles all the low-level details, keeps
31 found in ``Documentation/ABI/testing/sysfs-bus-thunderbolt``.
35 ``/etc/udev/rules.d/99-local.rules``::
44 security levels available. Intel Titan Ridge added one more security level
53     All devices are automatically connected by the firmware. No user
57   user
58     User is asked whether the device is allowed to be connected.
60     ``/sys/bus/thunderbolt/devices``, the user then can make the decision.
64     User is asked whether the device is allowed to be connected. In
80 The current security level can be read from
85 If the security level reads as ``user`` or ``secure`` the connected
86 device must be authorized by the user before PCIe tunnels are created
94 Authorizing devices when security level is ``user`` or ``secure``
95 -----------------------------------------------------------------
98   /sys/bus/thunderbolt/devices/0-1/authorized	- 0
99   /sys/bus/thunderbolt/devices/0-1/device	- 0x8004
100   /sys/bus/thunderbolt/devices/0-1/device_name	- Thunderbolt to FireWire Adapter
101   /sys/bus/thunderbolt/devices/0-1/vendor	- 0x1
102   /sys/bus/thunderbolt/devices/0-1/vendor_name	- Apple, Inc.
103   /sys/bus/thunderbolt/devices/0-1/unique_id	- e0376f00-0300-0100-ffff-ffffffffffff
106 created yet. The user can authorize the device by simply entering::
108   # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized
112 If the device supports secure connect, and the domain security level is
114 a random 32-byte value used for authorization and challenging the device in
117   /sys/bus/thunderbolt/devices/0-3/authorized	- 0
118   /sys/bus/thunderbolt/devices/0-3/device	- 0x305
119   /sys/bus/thunderbolt/devices/0-3/device_name	- AKiTiO Thunder3 PCIe Box
120   /sys/bus/thunderbolt/devices/0-3/key		-
121   /sys/bus/thunderbolt/devices/0-3/vendor	- 0x41
122   /sys/bus/thunderbolt/devices/0-3/vendor_name	- inXtron
123   /sys/bus/thunderbolt/devices/0-3/unique_id	- dc010000-0000-8508-a22d-32ca6421cb16
127 If the user does not want to use secure connect they can just ``echo 1``
129 the same way as in the ``user`` security level.
131 If the user wants to use secure connect, the first time the device is
134   # key=$(openssl rand -hex 32)
135   # echo $key > /sys/bus/thunderbolt/devices/0-3/key
136   # echo 1 > /sys/bus/thunderbolt/devices/0-3/authorized
141 Next time the device is plugged in the user can verify (challenge) the
144   # echo $key > /sys/bus/thunderbolt/devices/0-3/key
145   # echo 2 > /sys/bus/thunderbolt/devices/0-3/authorized
150 returned to the user.
152 If the user still wants to connect the device they can either approve
157 ------------------------------
162 automatically enables IOMMU if not enabled by the user already. These
168 redundant. For this reason some systems ship with security level set to
169 ``none``. Other systems have security level set to ``user`` in order to
177 ----------------------------------------------------
198 device - then you need to connect that particular device).
200 Note an OEM-specific method to power the controller up ("force power") may
204 After that we can write the firmware to the non-active parts of the NVM
208   # dd if=KYK_TBT_FW_0018.bin of=/sys/bus/thunderbolt/devices/0-0/nvm_non_active0/nvmem
213   # echo 1 > /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
223   # cat /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
225   # cat /sys/bus/thunderbolt/devices/0-0/nvm_version
237 --------------------------------------------------
248 ---------------------------------
257 ``thunderbolt-net`` driver is loaded automatically. If the other host is
258 also Linux you should load ``thunderbolt-net`` manually on one host (it
261   # modprobe thunderbolt-net
264 is built-in to the kernel image, there is no need to do anything.
272 -------------
278 For example the intel-wmi-thunderbolt driver exposes this attribute in:
279   /sys/bus/wmi/devices/86CCFD48-205E-4A77-9C48-2021CBEDE341/force_power