[Public] Hi, A sysfs file /sys/bus/thunderbolt/devices/domainX/iommu_dma_protection is exported from the kernel and used by userspace to make judgments on whether to automatically authorize PCIe tunnels for USB4 devices. Before kernel 5.19 this file was only populated on Intel USB4 and TBT3 controllers, but starting with 5.19 it also populates for non-Intel as well. This is accomplished by an assertion from the IOMMU subsystem that it's safe to do so by a combination of firmware and hardware. Here is the patch series on top of 5.15.64: 3f6634d997dba8140b3a7cba01776b9638d70dff ed36d04e8f8d7b00db451b0fa56a54e8e02ec43e d0be55fbeb6ac694d15af5d1aad19cdec8cd64e5 f316ba0a8814f4c91e80a435da3421baf0ddd24c f1ca70717bcb4525e29da422f3d280acbddb36fe bfb3ba32061da1a9217ef6d02fbcffb528e4c8df 418e0a3551bbef5b221705b0e5b8412cdc0afd39 acdb89b6c87a2d7b5c48a82756e6f5c6f599f60a ea4692c75e1c63926e4fb0728f5775ef0d733888 86eaf4a5b4312bea8676fb79399d9e08b53d8e71 Can you please consider backporting them to 5.15.y+? I've confirmed with this series of patches that a Lenovo Z13 will populate the sysfs file and automatically authorize docks that are plugged in. Thanks,