| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <90daf5669f064057b3d0da5fc110b3a4@AUSX13MPC105.AMER.DELL.COM>
Date: Wed, 20 Nov 2019 17:06:39 +0000
From: <Mario.Limonciello@...l.com>
To: <mika.westerberg@...ux.intel.com>
CC: <pmenzel@...gen.mpg.de>, <andreas.noever@...il.com>,
<michael.jamet@...el.com>, <YehezkelShB@...il.com>, <ck@...om.net>,
<linux-kernel@...r.kernel.org>, <anthony.wong@...onical.com>
Subject: RE: USB devices on Dell TB16 dock stop working after resuming
> > Yeah it might be useful to enumerate all the BIOS settings that are selected
> > related to Thunderbolt. Some of them are a bit confusing.
>
> BTW, I played a bit with 9380 and it looks like there is no option to
> enable Preboot ACL which means that if you have TBT security enabled
> (user or secure) the Dock PCIe side is not functional during boot, only
> once the OS has booted up. That's fine unless you want to enter BIOS
> menu from the keyboard you have connected to the TB16 dock (probably not
> too common use case anyway).
Eh? On 9380 in front of me:
System Configuration -> Thunderbolt (TM) Adapter Configuration
There is a checkbox for "Enable Thunderbolt (and PCIe behind TBT) Pre-boot
modules". It's not checked by default, but that should turn on pre-boot ACL
stuff. That's the thing that Paul probably needs checked too.
But I mean this is generally an unsafe (but convenient) option, it means that you
throw out security pre-boot, and all someone needs to do is turn off your machine,
plug in a malicious device, turn it on and then they have malicious device all the way
into OS.
Powered by blists - more mailing lists