Recent Intel Thunderbolt firmware connection manager has support for
another security level, SL5, that disables PCIe tunneling. This option
can be turned on from the BIOS.
When this is set the driver exposes a new security level "nopcie" to the
userspace and hides the authorized attribute under connected devices.
While there we also hide it when "dponly" security level is enabled
since it is not really usable in that case anyway.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Yehezkel Bernat <YehezkelShB@gmail.com>
In some cases it is useful to be able de-authorize devices. For example
if user logs out the userspace can have a policy that disconnects PCIe
devices until logged in again. This is only possible for software based
connection manager as it directly controls the tunnels.
For this reason make the authorized attribute accept writing 0 which
makes the software connection manager to tear down the corresponding
PCIe tunnel. Userspace can check if this is supported by reading a new
domain attribute deauthorization, that holds 1 in that case.
While there correct tb_domain_approve_switch() kernel-doc and
description of authorized attribute to mention that it is only about
PCIe tunnels.
Cc: Christian Kellner <christian@kellner.me>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Yehezkel Bernat <YehezkelShB@gmail.com>
USB4 spec specifies standard access to retimers (both on-board and
cable) through USB4 port sideband access. This makes it possible to
upgrade their firmware in the same way than we already do with the
routers.
This enumerates on-board retimers under each USB4 port when the link
comes up and adds them to the bus under the router the retimer belongs
to. Retimers are exposed in sysfs with name like <device>:<port>.<index>
where device is the router the retimer belongs to, port is the USB4 port
the retimer is connected to and index is the retimer index under that
port (starting from 1). This applies to the upstream USB4 port as well
so if there is on-board retimer between the port and the router it is
also added accordingly.
At this time we do not add cable retimers but there is no techincal
restriction to do so in the future if needed. It is not clear whether it
makes sense to upgrade their firmwares and at least Thunderbolt 3 cables
it has not been done outside of lab environments.
The sysfs interface is made to follow the router NVM upgrade to make it
easy to extend the existing userspace (fwupd) to handle these as well.
Signed-off-by: Kranthi Kuntala <kranthi.kuntala@intel.com>
Co-developed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Update user's and administrator's guide to mention USB4, how it relates
to Thunderbolt and and how it is supported in Linux.
While there add the missing SPDX identifier to the document.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Link: https://lore.kernel.org/r/20191217123345.31850-10-mika.westerberg@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Recent systems with Thunderbolt ports may support IOMMU natively. In
practice this means that Thunderbolt connected devices are placed behind
an IOMMU during the whole time it is connected (including during boot)
making Thunderbolt security levels redundant. This is called Kernel DMA
protection [1] by Microsoft.
Some of these systems still have Thunderbolt security level set to
"user" in order to support OS downgrade (the older version of the OS
might not support IOMMU based DMA protection so connecting a device
still relies on user approval).
Export this information to userspace by introducing a new sysfs
attribute (iommu_dma_protection). Based on it userspace tools can make
more accurate decision whether or not authorize the connected device.
In addition update Thunderbolt documentation regarding IOMMU based DMA
protection.
[1] https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Yehezkel Bernat <YehezkelShB@gmail.com>
This new security level works so that it creates one PCIe tunnel to the
connected Thunderbolt dock, removing PCIe links downstream of the dock.
This leaves only the internal USB controller visible.
Display Port tunnels are created normally.
While there make sure security sysfs attribute returns "unknown" for any
future security level.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Edits for grammar, punctuation, and a doubled-up word.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Andreas Noever <andreas.noever@gmail.com>
Cc: Michael Jamet <michael.jamet@intel.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Yehezkel Bernat <yehezkel.bernat@intel.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
WMI is the bus inside kernel, so, we may access the GUID via
/sys/bus/wmi instead of doing this through /sys/devices path.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Mario Limonciello <mario.limonciello@dell.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
For this cycle we have quite an update for the Dell SMBIOS driver
including WMI work to provide an interface for SMBIOS tokens via sysfs
and WMI support for 2017+ Dell laptop models. SMM dispatcher code is
split into a separate driver followed by a new WMI dispatcher.
The latter provides a character device interface to user space.
The pull request contains a merge of immutable branch from Wolfram Sang
in order to apply a dependent fix to the Intel CherryTrail Battery
Management driver.
Other Intel drivers got a lot of cleanups. The Turbo Boost Max 3.0
support is added for Intel Skylake.
Peaq WMI hotkeys driver gets its own maintainer and white list of
supported models.
Silead DMI is expanded to support few additional platforms.
Tablet mode via GMMS ACPI method is added to support some ThinkPad
tablets.
Two commits appear here which were previously merged during the
v4.14-rcX cycle:
- d7ca5ebf24 platform/x86: intel_pmc_ipc: Use devm_* calls in driver probe function
- e3075fd6f8 platform/x86: intel_pmc_ipc: Use spin_lock to protect GCR updates
Add driver to force WMI Thunderbolt controller power status:
- Add driver to force WMI Thunderbolt controller power status
asus-wmi:
- Add lightbar led support
dell-laptop:
- Allocate buffer before rfkill use
dell-smbios:
- fix string overflow
- Add filtering support
- Introduce dispatcher for SMM calls
- Add a sysfs interface for SMBIOS tokens
- only run if proper oem string is detected
- Prefix class/select with cmd_
- Add pr_fmt definition to driver
dell-smbios-smm:
- test for WSMT
dell-smbios-wmi:
- release mutex lock on WMI call failure
- introduce userspace interface
- Add new WMI dispatcher driver
dell-smo8800:
- remove redundant assignments to byte_data
dell-wmi:
- don't check length returned
- clean up wmi descriptor check
- increase severity of some failures
- Do not match on descriptor GUID modalias
- Label driver as handling notifications
dell-*wmi*:
- Relay failed initial probe to dependent drivers
dell-wmi-descriptor:
- check if memory was allocated
- split WMI descriptor into it's own driver
fujitsu-laptop:
- Fix radio LED detection
- Don't oops when FUJ02E3 is not presnt
hp_accel:
- Add quirk for HP ProBook 440 G4
hp-wmi:
- Fix tablet mode detection for convertibles
ideapad-laptop:
- Add Lenovo Yoga 920-13IKB to no_hw_rfkill dmi list
intel_cht_int33fe:
- Update fusb302 type string, add properties
- make a couple of local functions static
- Work around BIOS bug on some devices
intel-hid:
- Power button suspend on Dell Latitude 7275
intel_ips:
- Convert timers to use timer_setup()
- Remove FSF address from GPL notice
- Remove unneeded fields and label
- Keep pointer to struct device
- Use PCI_VDEVICE() macro
- Switch to new PCI IRQ allocation API
- Simplify error handling via devres API
intel_pmc_ipc:
- Revert Use MFD framework to create dependent devices
- Use MFD framework to create dependent devices
- Use spin_lock to protect GCR updates
- Use devm_* calls in driver probe function
intel_punit_ipc:
- Fix resource ioremap warning
intel_telemetry:
- Remove useless default in Kconfig
- Add needed inclusion
- cleanup redundant headers
- Fix typos
- Fix load failure info
intel_telemetry_debugfs:
- Use standard ARRAY_SIZE() macro
intel_turbo_max_3:
- Add Skylake platform
intel-wmi-thunderbolt:
- Silence error cases
MAINTAINERS:
- Add entry for the PEAQ WMI hotkeys driver
mlx-platform:
- make a couple of structures static
peaq_wmi:
- Fix missing terminating entry for peaq_dmi_table
peaq-wmi:
- Remove unnecessary checks from peaq_wmi_exit
- Add DMI check before binding to the WMI interface
- Revert Blacklist Lenovo ideapad 700-15ISK
- Blacklist Lenovo ideapad 700-15ISK
silead_dmi:
- Add silead, home-button property to some tablets
- Add entry for the Digma e200 tablet
- Fix GP-electronic T701 entry
- Add entry for the Chuwi Hi8 Pro tablet
sony-laptop:
- Drop variable assignment in sony_nc_setup_rfkill()
- Fix error handling in sony_nc_setup_rfkill()
thinkpad_acpi:
- Implement tablet mode using GMMS method
tools/wmi:
- add a sample for dell smbios communication over WMI
wmi:
- release mutex on module acquistion failure
- create userspace interface for drivers
- Don't allow drivers to get each other's GUIDs
- Add new method wmidev_evaluate_method
- Destroy on cleanup rather than unregister
- Cleanup exit routine in reverse order of init
- Sort include list
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEhiZOUlnC9oKN3n3AmT3/83c5Sy0FAloQcs0ACgkQmT3/83c5
Sy2agQ//WJirmlqR4WMSDynq0w/rKomx7qMZvabbIxFc7n5beCUrlc61lt4x/cPN
0HrdkNcYvkW21j8q/Lk5RDlK45JLZLgtDb1rIGjx8Pkf+EXyKwNb4UtqaZuwZRN6
nVnSGAdShF6f4OqVQU+ZuRr2nQvBlK4OyopKuRaq0kuejJjMLq1sc7VNidvb9zdj
w4zfhh8RQ2KV3NK8g0k/uQu573Y+tCDUQvxQj5YIgC4RWbv4ZTuZD1Hbjc3Vdy9+
z0RvrUBCikM0CTqVyXn/ncgiMnAj6oeLdB76F1dlaIaAH/WtisEWr3hLWHskdJwW
N+qGBB0K72gUHwr4Ck4x2s/S76XeiFYD0BeHL3ODn6ZlKoh7gV2NVwYFDNQHd+uc
MXN9Xzs3lRkiDFyoXbtBG0wZRn2rS1rhGSYDYQUKg8Qf7MirwEVdYA0CZKeXAA78
2V29FNdvUmWiL/ZiA/2peeuUTWgPdzENDLHXzE/jOCGBS2/pL4znYv2ZSJ+HIeyW
oCVMxasSI3pMLxCU8KxgA1QwrbDoiFTYYXCa1Ighq9o2ZEoy7Ub1XmpBB9HKHby7
K6zQcCYcf+SyscIqvu50ZImZ8nt5FnIdPSrTOX/FMM0Niv42mfKwD+UniG+P5K1z
OLCIEm74NE9jRjzxuW5E1DSo56gJHUbxxy1rOFzgJnGQ+CAVXKo=
=upqs
-----END PGP SIGNATURE-----
Merge tag 'platform-drivers-x86-v4.15-1' of git://git.infradead.org/linux-platform-drivers-x86
Pull x86 platform driver updates from Andy Shevchenko:
"Here is the collected material against Platform Drivers x86 subsystem.
It's rather bit busy cycle for PDx86, mostly due to Dell SMBIOS driver
activity
For this cycle we have quite an update for the Dell SMBIOS driver
including WMI work to provide an interface for SMBIOS tokens via sysfs
and WMI support for 2017+ Dell laptop models. SMM dispatcher code is
split into a separate driver followed by a new WMI dispatcher. The
latter provides a character device interface to user space.
The git history also contains a merge of immutable branch from Wolfram
Sang in order to apply a dependent fix to the Intel CherryTrail
Battery Management driver.
Other Intel drivers got a lot of cleanups. The Turbo Boost Max 3.0
support is added for Intel Skylake.
Peaq WMI hotkeys driver gets its own maintainer and white list of
supported models.
Silead DMI is expanded to support few additional platforms.
Tablet mode via GMMS ACPI method is added to support some ThinkPad
tablets.
new driver:
- Add driver to force WMI Thunderbolt controller power status
asus-wmi:
- Add lightbar led support
dell-laptop:
- Allocate buffer before rfkill use
dell-smbios:
- fix string overflow
- Add filtering support
- Introduce dispatcher for SMM calls
- Add a sysfs interface for SMBIOS tokens
- only run if proper oem string is detected
- Prefix class/select with cmd_
- Add pr_fmt definition to driver
dell-smbios-smm:
- test for WSMT
dell-smbios-wmi:
- release mutex lock on WMI call failure
- introduce userspace interface
- Add new WMI dispatcher driver
dell-smo8800:
- remove redundant assignments to byte_data
dell-wmi:
- don't check length returned
- clean up wmi descriptor check
- increase severity of some failures
- Do not match on descriptor GUID modalias
- Label driver as handling notifications
dell-*wmi*:
- Relay failed initial probe to dependent drivers
dell-wmi-descriptor:
- check if memory was allocated
- split WMI descriptor into it's own driver
fujitsu-laptop:
- Fix radio LED detection
- Don't oops when FUJ02E3 is not presnt
hp_accel:
- Add quirk for HP ProBook 440 G4
hp-wmi:
- Fix tablet mode detection for convertibles
ideapad-laptop:
- Add Lenovo Yoga 920-13IKB to no_hw_rfkill dmi list
intel_cht_int33fe:
- Update fusb302 type string, add properties
- make a couple of local functions static
- Work around BIOS bug on some devices
intel-hid:
- Power button suspend on Dell Latitude 7275
intel_ips:
- Convert timers to use timer_setup()
- Remove FSF address from GPL notice
- Remove unneeded fields and label
- Keep pointer to struct device
- Use PCI_VDEVICE() macro
- Switch to new PCI IRQ allocation API
- Simplify error handling via devres API
intel_pmc_ipc:
- Revert Use MFD framework to create dependent devices
- Use MFD framework to create dependent devices
- Use spin_lock to protect GCR updates
- Use devm_* calls in driver probe function
intel_punit_ipc:
- Fix resource ioremap warning
intel_telemetry:
- Remove useless default in Kconfig
- Add needed inclusion
- cleanup redundant headers
- Fix typos
- Fix load failure info
intel_telemetry_debugfs:
- Use standard ARRAY_SIZE() macro
intel_turbo_max_3:
- Add Skylake platform
intel-wmi-thunderbolt:
- Silence error cases
mlx-platform:
- make a couple of structures static
peaq_wmi:
- Fix missing terminating entry for peaq_dmi_table
peaq-wmi:
- Remove unnecessary checks from peaq_wmi_exit
- Add DMI check before binding to the WMI interface
- Revert Blacklist Lenovo ideapad 700-15ISK
- Blacklist Lenovo ideapad 700-15ISK
silead_dmi:
- Add silead, home-button property to some tablets
- Add entry for the Digma e200 tablet
- Fix GP-electronic T701 entry
- Add entry for the Chuwi Hi8 Pro tablet
sony-laptop:
- Drop variable assignment in sony_nc_setup_rfkill()
- Fix error handling in sony_nc_setup_rfkill()
thinkpad_acpi:
- Implement tablet mode using GMMS method
tools/wmi:
- add a sample for dell smbios communication over WMI
wmi:
- release mutex on module acquistion failure
- create userspace interface for drivers
- Don't allow drivers to get each other's GUIDs
- Add new method wmidev_evaluate_method
- Destroy on cleanup rather than unregister
- Cleanup exit routine in reverse order of init
- Sort include list"
* tag 'platform-drivers-x86-v4.15-1' of git://git.infradead.org/linux-platform-drivers-x86: (74 commits)
platform/x86: silead_dmi: Add silead, home-button property to some tablets
platform/x86: dell-laptop: Allocate buffer before rfkill use
platform/x86: dell-*wmi*: Relay failed initial probe to dependent drivers
platform/x86: dell-wmi-descriptor: check if memory was allocated
platform/x86: Revert intel_pmc_ipc: Use MFD framework to create dependent devices
platform/x86: dell-smbios-wmi: release mutex lock on WMI call failure
platform/x86: wmi: release mutex on module acquistion failure
platform/x86: dell-smbios: fix string overflow
platform/x86: intel_pmc_ipc: Use MFD framework to create dependent devices
platform/x86: intel_punit_ipc: Fix resource ioremap warning
platform/x86: dell-smo8800: remove redundant assignments to byte_data
platform/x86: hp-wmi: Fix tablet mode detection for convertibles
platform/x86: intel_ips: Convert timers to use timer_setup()
platform/x86: sony-laptop: Drop variable assignment in sony_nc_setup_rfkill()
platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill()
tools/wmi: add a sample for dell smbios communication over WMI
platform/x86: dell-smbios-wmi: introduce userspace interface
platform/x86: wmi: create userspace interface for drivers
platform/x86: dell-smbios: Add filtering support
platform/x86: dell-smbios-smm: test for WSMT
...
ThunderboltIP is a protocol created by Apple to tunnel IP/ethernet
traffic over a Thunderbolt cable. The protocol consists of configuration
phase where each side sends ThunderboltIP login packets (the protocol is
determined by UUID in the XDomain packet header) over the configuration
channel. Once both sides get positive acknowledgment to their login
packet, they configure high-speed DMA path accordingly. This DMA path is
then used to transmit and receive networking traffic.
This patch creates a virtual ethernet interface the host software can
use in the same way as any other networking interface. Once the
interface is brought up successfully network packets get tunneled over
the Thunderbolt cable to the remote host and back.
The connection is terminated by sending a ThunderboltIP logout packet
over the configuration channel. We do this when the network interface is
brought down by user or the driver is unloaded.
Signed-off-by: Amir Levy <amir.jer.levy@intel.com>
Signed-off-by: Michael Jamet <michael.jamet@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Current implementations of Intel Thunderbolt controllers will go
into a low power mode when not in use.
Many machines containing these controllers also have a GPIO wired up
that can force the controller awake. This is offered via a ACPI-WMI
interface intended to be manipulated by a userspace utility.
This mechanism is provided by Intel to OEMs to include in BIOS.
It uses an industry wide GUID that is populated in a separate _WDG
entry with no binary MOF.
This interface allows software such as fwupd to wake up thunderbolt
controllers to query the firmware version or flash new firmware.
Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
[andy fixed merge conflicts and bump kernel version for ABI]
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Since there are no such tool yet that handles all the low-level details
of connecting devices and upgrading their firmware, add a small document
that shows how the Thunderbolt bus can be used directly from command
line.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
Reviewed-by: Michael Jamet <michael.jamet@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Andreas Noever <andreas.noever@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mika Westerberg