| rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame^] | 1 | What: /sys/bus/thunderbolt/devices/.../domainX/security |
| 2 | Date: Sep 2017 |
| 3 | KernelVersion: 4.13 |
| 4 | Contact: thunderbolt-software@lists.01.org |
| 5 | Description: This attribute holds current Thunderbolt security level |
| 6 | set by the system BIOS. Possible values are: |
| 7 | |
| 8 | none: All devices are automatically authorized |
| 9 | user: Devices are only authorized based on writing |
| 10 | appropriate value to the authorized attribute |
| 11 | secure: Require devices that support secure connect at |
| 12 | minimum. User needs to authorize each device. |
| 13 | dponly: Automatically tunnel Display port (and USB). No |
| 14 | PCIe tunnels are created. |
| 15 | |
| 16 | What: /sys/bus/thunderbolt/devices/.../authorized |
| 17 | Date: Sep 2017 |
| 18 | KernelVersion: 4.13 |
| 19 | Contact: thunderbolt-software@lists.01.org |
| 20 | Description: This attribute is used to authorize Thunderbolt devices |
| 21 | after they have been connected. If the device is not |
| 22 | authorized, no devices such as PCIe and Display port are |
| 23 | available to the system. |
| 24 | |
| 25 | Contents of this attribute will be 0 when the device is not |
| 26 | yet authorized. |
| 27 | |
| 28 | Possible values are supported: |
| 29 | 1: The device will be authorized and connected |
| 30 | |
| 31 | When key attribute contains 32 byte hex string the possible |
| 32 | values are: |
| 33 | 1: The 32 byte hex string is added to the device NVM and |
| 34 | the device is authorized. |
| 35 | 2: Send a challenge based on the 32 byte hex string. If the |
| 36 | challenge response from device is valid, the device is |
| 37 | authorized. In case of failure errno will be ENOKEY if |
| 38 | the device did not contain a key at all, and |
| 39 | EKEYREJECTED if the challenge response did not match. |
| 40 | |
| 41 | What: /sys/bus/thunderbolt/devices/.../key |
| 42 | Date: Sep 2017 |
| 43 | KernelVersion: 4.13 |
| 44 | Contact: thunderbolt-software@lists.01.org |
| 45 | Description: When a devices supports Thunderbolt secure connect it will |
| 46 | have this attribute. Writing 32 byte hex string changes |
| 47 | authorization to use the secure connection method instead. |
| 48 | Writing an empty string clears the key and regular connection |
| 49 | method can be used again. |
| 50 | |
| 51 | What: /sys/bus/thunderbolt/devices/.../device |
| 52 | Date: Sep 2017 |
| 53 | KernelVersion: 4.13 |
| 54 | Contact: thunderbolt-software@lists.01.org |
| 55 | Description: This attribute contains id of this device extracted from |
| 56 | the device DROM. |
| 57 | |
| 58 | What: /sys/bus/thunderbolt/devices/.../device_name |
| 59 | Date: Sep 2017 |
| 60 | KernelVersion: 4.13 |
| 61 | Contact: thunderbolt-software@lists.01.org |
| 62 | Description: This attribute contains name of this device extracted from |
| 63 | the device DROM. |
| 64 | |
| 65 | What: /sys/bus/thunderbolt/devices/.../vendor |
| 66 | Date: Sep 2017 |
| 67 | KernelVersion: 4.13 |
| 68 | Contact: thunderbolt-software@lists.01.org |
| 69 | Description: This attribute contains vendor id of this device extracted |
| 70 | from the device DROM. |
| 71 | |
| 72 | What: /sys/bus/thunderbolt/devices/.../vendor_name |
| 73 | Date: Sep 2017 |
| 74 | KernelVersion: 4.13 |
| 75 | Contact: thunderbolt-software@lists.01.org |
| 76 | Description: This attribute contains vendor name of this device extracted |
| 77 | from the device DROM. |
| 78 | |
| 79 | What: /sys/bus/thunderbolt/devices/.../unique_id |
| 80 | Date: Sep 2017 |
| 81 | KernelVersion: 4.13 |
| 82 | Contact: thunderbolt-software@lists.01.org |
| 83 | Description: This attribute contains unique_id string of this device. |
| 84 | This is either read from hardware registers (UUID on |
| 85 | newer hardware) or based on UID from the device DROM. |
| 86 | Can be used to uniquely identify particular device. |
| 87 | |
| 88 | What: /sys/bus/thunderbolt/devices/.../nvm_version |
| 89 | Date: Sep 2017 |
| 90 | KernelVersion: 4.13 |
| 91 | Contact: thunderbolt-software@lists.01.org |
| 92 | Description: If the device has upgradeable firmware the version |
| 93 | number is available here. Format: %x.%x, major.minor. |
| 94 | If the device is in safe mode reading the file returns |
| 95 | -ENODATA instead as the NVM version is not available. |
| 96 | |
| 97 | What: /sys/bus/thunderbolt/devices/.../nvm_authenticate |
| 98 | Date: Sep 2017 |
| 99 | KernelVersion: 4.13 |
| 100 | Contact: thunderbolt-software@lists.01.org |
| 101 | Description: When new NVM image is written to the non-active NVM |
| 102 | area (through non_activeX NVMem device), the |
| 103 | authentication procedure is started by writing 1 to |
| 104 | this file. If everything goes well, the device is |
| 105 | restarted with the new NVM firmware. If the image |
| 106 | verification fails an error code is returned instead. |
| 107 | |
| 108 | When read holds status of the last authentication |
| 109 | operation if an error occurred during the process. This |
| 110 | is directly the status value from the DMA configuration |
| 111 | based mailbox before the device is power cycled. Writing |
| 112 | 0 here clears the status. |