Devices connected via Thunderbolt can be DMA masters and thus read system memory without interference of the operating system (or even the CPU). Version 3 of the interface provides 4 different security levels, in order to mitigate the aforementioned security risk that connected devices pose to the system. The security level is set by the system firmware. The four security levels are: * none: Security disabled, all devices will fully functional on connect. * dponly: Only pass the display-port stream through to the connected device. * user: Connected devices need to be manually authorized by the user. * secure: As 'user', but also challenge the device with a secret key to verify its identity.
Can the IOMMU help here? If it can, would it make sense to disable all security prompts?
Are there plans to prevent enabling devices when the shield is active? (That's something we should do for most USB decices, too, FWIW.)
Thanks, Florian _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
