(Fix category (ready for review)) |
(Add RelEng review ticket (7238)) |
||
Line 80: | Line 80: | ||
<!-- What work do other developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | <!-- What work do other developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | ||
* Release engineering: [https://pagure.io/releng/ | * Release engineering: [https://pagure.io/releng/issue/7238 7238] <!-- REQUIRED FOR SYSTEM WIDE AS WELL AS FOR SELF CONTAINED CHANGES --> | ||
<!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)? Is a mass rebuild required? include a link to the releng issue. | <!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)? Is a mass rebuild required? include a link to the releng issue. | ||
The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing, and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication --> | The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing, and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication --> |
Revision as of 09:28, 5 January 2018
Thunderbolt Enablement
Summary
Support Thunderbolt 3 peripherals in a secure way hardware out of the box.
Owner
- Name: Christian Kellner
- Email: ckellner@redhat.com
- Release notes owner:
Current status
- Targeted release: Fedora 28
- Last updated: 2018-01-05
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
Thunderbolt™ is the brand name of a hardware interface developed by Intel® that allows the connection of external peripherals to a computer.
Devices connected via Thunderbolt can be DMA masters and thus read system memory without interference of the operating system (or even the CPU). Version 3 of the interface provides 4 different security levels, in order to mitigate the aforementioned security risk that connected devices pose to the system. The security level is set by the system firmware.
The four security levels are:
- none: Security disabled, all devices will fully functional on connect.
- dponly: Only pass the display-port stream through to the connected device.
- user: Connected devices need to be manually authorized by the user.
- secure: As 'user', but also challenge the device with a secret key to verify its identity.
The Linux kernel, starting with version 4.13, provides an interface via sysfs that enables userspace query the security level, the status of connected devices and, most importantly, to authorize devices, if the security level demands it.
The active security level can normally be selected prior boot via a BIOS option, but it is interesting to note that in the future the none option is likely to go away. This of course means connected thunderbolt devices wont work at all unless they are authorized by the user from with the running operating system.
The solution to automatically enable thunderbolt 3 devices to work with Fedora without compromising the security of the computer consists of two user space compoments: a system daemon (boltd) and a component in GNOME shell. For new devices the shell will automatically enroll (= authorize and store in the database) new devices via the daemon if (and only if) the current user is a system administrator and the session is unlocked. On subsequent connections of the same device the daemon will then automatically authorize the device.
Benefit to Fedora
Thunderbolt 3 peripherals can be used in a convenient and secure way.
Scope
- Proposal owners: Stablize bolt and integrate the current GNOME Shell extension proof-of-concept into GNOME Shell upstream.
- Other developers: Nothing
- Release engineering: 7238
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
GNOME shell should depend on bolt so it gets pulled in automatically as a dependency on upgrade.
How To Test
- A computer with Thunderbolt 3 controller and a Thunderbolt 3 device is required to test.
- Install bolt
- Plug in the device
- Check that the device is listed with boltctl list
- Enroll the device with boltctl enroll <uuid>
User Experience
GNOME Shell will display a little icon indicating that thunderbolt 3 devices are being connected and also show notifications in the case of errors.
Dependencies
- Linux kernel version greater then 4.13 is required.
- GNOME shell needs to be modified to work with boltd
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? No
- Blocks product? Workstation
Documentation
- https://christian.kellner.me/2017/12/14/introducing-bolt-thunderbolt-3-security-levels-for-gnulinux/
- https://wiki.gnome.org/Design/Whiteboards/ThunderboltAccess