Devices connected via Thunderbolt can be DMA masters and thus read
system memory without interference of the operating system (or even
the CPU). Version 3 of the interface provides 4 different security
levels, in order to mitigate the aforementioned security risk that
connected devices pose to the system. The security level is set by the
system firmware.
The four security levels are:
* none: Security disabled, all devices will fully functional on connect.
* dponly: Only pass the display-port stream through to the connected device.
* user: Connected devices need to be manually authorized by the user.
* secure: As 'user', but also challenge the device with a secret key
to verify its identity.
Can the IOMMU help here? If it can, would it make sense to disable all
security prompts?
Are there plans to prevent enabling devices when the shield is active?
(That's something we should do for most USB decices, too, FWIW.)
Thanks,
Florian
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
