Linux 5.12 To Support USB4 “Security Level 5” To Disable PCIe Tunneling
The USB4 / Thunderbolt changes scheduled for the upcoming Linux 5.12 merge window are queued in the next USB tree.
On the queue in USB-next yesterday were Intel’s Thunderbolt changes for the next kernel window, which also include the latest USB4 performance as part of it. One of the new security options with Linux 5.12 supports the USB4 (SL5) security level of USB4. With this new level of protection, PCIe tunneling is disabled. This higher level of security to disable PCI Express tunneling is usually an option to configure the BIOS with USB4 hardware supported. This “nopcie” option also applies in “dponly” mode for DisplayPort only.
The Linux kernel now supports Thunderbolt / USB4 security settings to require user approval to authorize new devices, automatically tunneling DisplayPort and USB only, USB only, and other authorization mechanisms to repel potentially fraudulent devices connected to the system. . Details of the latest Thunderbolt / USB4 security controls on Linux, set out via sysfs, can be found via the latest documentation.
The Thunderbolt updates for Linux 5.12 also includes support for USB4 _OSC on ACPI 6.4, support for disabling the XDomain protocol and other minor changes.
Comments are closed.