113 lines
4.2 KiB
Plaintext
Executable File
113 lines
4.2 KiB
Plaintext
Executable File
What: /sys/bus/thunderbolt/devices/.../domainX/security
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: This attribute holds current Thunderbolt security level
|
|
set by the system BIOS. Possible values are:
|
|
|
|
none: All devices are automatically authorized
|
|
user: Devices are only authorized based on writing
|
|
appropriate value to the authorized attribute
|
|
secure: Require devices that support secure connect at
|
|
minimum. User needs to authorize each device.
|
|
dponly: Automatically tunnel Display port (and USB). No
|
|
PCIe tunnels are created.
|
|
|
|
What: /sys/bus/thunderbolt/devices/.../authorized
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: This attribute is used to authorize Thunderbolt devices
|
|
after they have been connected. If the device is not
|
|
authorized, no devices such as PCIe and Display port are
|
|
available to the system.
|
|
|
|
Contents of this attribute will be 0 when the device is not
|
|
yet authorized.
|
|
|
|
Possible values are supported:
|
|
1: The device will be authorized and connected
|
|
|
|
When key attribute contains 32 byte hex string the possible
|
|
values are:
|
|
1: The 32 byte hex string is added to the device NVM and
|
|
the device is authorized.
|
|
2: Send a challenge based on the 32 byte hex string. If the
|
|
challenge response from device is valid, the device is
|
|
authorized. In case of failure errno will be ENOKEY if
|
|
the device did not contain a key at all, and
|
|
EKEYREJECTED if the challenge response did not match.
|
|
|
|
What: /sys/bus/thunderbolt/devices/.../key
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: When a devices supports Thunderbolt secure connect it will
|
|
have this attribute. Writing 32 byte hex string changes
|
|
authorization to use the secure connection method instead.
|
|
Writing an empty string clears the key and regular connection
|
|
method can be used again.
|
|
|
|
What: /sys/bus/thunderbolt/devices/.../device
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: This attribute contains id of this device extracted from
|
|
the device DROM.
|
|
|
|
What: /sys/bus/thunderbolt/devices/.../device_name
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: This attribute contains name of this device extracted from
|
|
the device DROM.
|
|
|
|
What: /sys/bus/thunderbolt/devices/.../vendor
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: This attribute contains vendor id of this device extracted
|
|
from the device DROM.
|
|
|
|
What: /sys/bus/thunderbolt/devices/.../vendor_name
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: This attribute contains vendor name of this device extracted
|
|
from the device DROM.
|
|
|
|
What: /sys/bus/thunderbolt/devices/.../unique_id
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: This attribute contains unique_id string of this device.
|
|
This is either read from hardware registers (UUID on
|
|
newer hardware) or based on UID from the device DROM.
|
|
Can be used to uniquely identify particular device.
|
|
|
|
What: /sys/bus/thunderbolt/devices/.../nvm_version
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: If the device has upgradeable firmware the version
|
|
number is available here. Format: %x.%x, major.minor.
|
|
If the device is in safe mode reading the file returns
|
|
-ENODATA instead as the NVM version is not available.
|
|
|
|
What: /sys/bus/thunderbolt/devices/.../nvm_authenticate
|
|
Date: Sep 2017
|
|
KernelVersion: 4.13
|
|
Contact: thunderbolt-software@lists.01.org
|
|
Description: When new NVM image is written to the non-active NVM
|
|
area (through non_activeX NVMem device), the
|
|
authentication procedure is started by writing 1 to
|
|
this file. If everything goes well, the device is
|
|
restarted with the new NVM firmware. If the image
|
|
verification fails an error code is returned instead.
|
|
|
|
When read holds status of the last authentication
|
|
operation if an error occurred during the process. This
|
|
is directly the status value from the DMA configuration
|
|
based mailbox before the device is power cycled. Writing
|
|
0 here clears the status.
|