thunderbolt.rst - OpenGrok cross reference for /linux/Documentation/admin-guide/thunderbolt.rst

Lines Matching +full:secure +full:- +full:firmware
1 .. SPDX-License-Identifier: GPL-2.0
10 connection manager can be implemented either in firmware or software.
11 Typically PCs come with a firmware connection manager for Thunderbolt 3
25 -----------------------------------
27 should be a userspace tool that handles all the low-level details, keeps
31 found in ``Documentation/ABI/testing/sysfs-bus-thunderbolt``.
35 ``/etc/udev/rules.d/99-local.rules``::
56     All devices are automatically connected by the firmware. No user
66   secure
68     addition to UUID the device (if it supports secure connect) is sent
74     The firmware automatically creates tunnels for Display Port and
79     The firmware automatically creates tunnels for the USB controller and
92 If the security level reads as ``user`` or ``secure`` the connected
101 Authorizing devices when security level is ``user`` or ``secure``
102 -----------------------------------------------------------------
105   /sys/bus/thunderbolt/devices/0-1/authorized	- 0
106   /sys/bus/thunderbolt/devices/0-1/device	- 0x8004
107   /sys/bus/thunderbolt/devices/0-1/device_name	- Thunderbolt to FireWire Adapter
108   /sys/bus/thunderbolt/devices/0-1/vendor	- 0x1
109   /sys/bus/thunderbolt/devices/0-1/vendor_name	- Apple, Inc.
110   /sys/bus/thunderbolt/devices/0-1/unique_id	- e0376f00-0300-0100-ffff-ffffffffffff
115   # echo 1 > /sys/bus/thunderbolt/devices/0-1/authorized
119 If the device supports secure connect, and the domain security level is
120 set to ``secure``, it has an additional attribute ``key`` which can hold
121 a random 32-byte value used for authorization and challenging the device in
124   /sys/bus/thunderbolt/devices/0-3/authorized	- 0
125   /sys/bus/thunderbolt/devices/0-3/device	- 0x305
126   /sys/bus/thunderbolt/devices/0-3/device_name	- AKiTiO Thunder3 PCIe Box
127   /sys/bus/thunderbolt/devices/0-3/key		-
128   /sys/bus/thunderbolt/devices/0-3/vendor	- 0x41
129   /sys/bus/thunderbolt/devices/0-3/vendor_name	- inXtron
130   /sys/bus/thunderbolt/devices/0-3/unique_id	- dc010000-0000-8508-a22d-32ca6421cb16
134 If the user does not want to use secure connect they can just ``echo 1``
138 If the user wants to use secure connect, the first time the device is
141   # key=$(openssl rand -hex 32)
142   # echo $key > /sys/bus/thunderbolt/devices/0-3/key
143   # echo 1 > /sys/bus/thunderbolt/devices/0-3/authorized
151   # echo $key > /sys/bus/thunderbolt/devices/0-3/key
152   # echo 2 > /sys/bus/thunderbolt/devices/0-3/authorized
163 De-authorizing devices
164 ----------------------
165 It is possible to de-authorize devices by writing ``0`` to their
171 When a device is de-authorized the PCIe tunnel from the parent device
173 down. This is essentially the same thing as PCIe hot-remove and the PCIe
180 ------------------------------
200 ----------------------------------------------------
201 Since most of the functionality is handled in firmware running on a
202 host controller or a device, it is important that the firmware can be
204 Typically OEMs provide this firmware from their support site.
206 There is also a central site which has links where to download firmware
211 Before you upgrade firmware on a device, host or retimer, please make
221 device - then you need to connect that particular device).
223 Note an OEM-specific method to power the controller up ("force power") may
227 After that we can write the firmware to the non-active parts of the NVM
231   # dd if=KYK_TBT_FW_0018.bin of=/sys/bus/thunderbolt/devices/0-0/nvm_non_active0/nvmem
236   # echo 1 > /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
243 We can verify that the new NVM firmware is active by running the following
246   # cat /sys/bus/thunderbolt/devices/0-0/nvm_authenticate
248   # cat /sys/bus/thunderbolt/devices/0-0/nvm_version
259 Upgrading on-board retimer NVM when there is no cable connected
260 ---------------------------------------------------------------
262 firmware even when there is nothing connected to the USB4
264 attributes: ``offline`` and ``rescan``. The way to upgrade the firmware
267   # echo 1 > /sys/bus/thunderbolt/devices/0-0/usb4_port1/offline
273   # echo 1 > /sys/bus/thunderbolt/devices/0-0/usb4_port1/rescan
275 This enumerates and adds the on-board retimers. Now retimer NVM can be
281   # echo 1 > /sys/bus/thunderbolt/devices/0-0/usb4_port1/rescan
286   # echo 0 > /sys/bus/thunderbolt/devices/0-0/usb4_port1/offline
289 --------------------------------------------------
300 ---------------------------------
309 ``thunderbolt-net`` driver is loaded automatically. If the other host is
310 also Linux you should load ``thunderbolt-net`` manually on one host (it
313   # modprobe thunderbolt-net
316 is built-in to the kernel image, there is no need to do anything.
324 -------------
330 For example the intel-wmi-thunderbolt driver exposes this attribute in:
331   /sys/bus/wmi/devices/86CCFD48-205E-4A77-9C48-2021CBEDE341/force_power