Locking down the Thunderbolt interface Lightning Protection
Linux Magazine|#260/July 2022: Privacy
The Thunderbolt interface supports extremely fast data transfer rates, but be careful about what you plug into your port, because Thunderbolt devices access memory directly. We'll show you some Linux tools for locking down your Thunderbolt interface.
Thorsten Scherf
Locking down the Thunderbolt interface Lightning Protection

The Thunderbolt interface is an interface used for connecting peripheral devices to many modern computers. Thunderbolt connections (with the familiar lightning arrow symbol - see Figure 1) support fast transfer of audio, video, and other data over a single cable and can also charge devices connected through the same interface.

The Thunderbolt specification was developed by Intel in collaboration with Apple. Many users might think of Thunderbolt in the context of Apple hardware. Apple actually started shipping MacBook Pro models with the interface back in 2011 (see the box entitled "Thunderbolt Through the Years"). Thunderbolt has become a common feature on MacBook computers, as well as many other Intel-based systems.

Through the years, however, the power and speed of Thunderbolt has led to some security issues. Like other technologies that communicate with a syste via PCI Express (PCIe), Firewire, or similar protocols, Thunderbolt supports direct access to system memory. Directly accessing memory enables fast data transfer rates, but it also poses a security risk, because many different components access memory at the same time, which creates the potential for a DMA attack. (A DMA attack involves unauthorized access to the system memory in order to read arbitrary data.)

Security concerns have led to a new approach with recent Thunderbolt versions. Some of the basic security features available in Thunderbolt 3 have been enhanced for version 4. Thunderbolt now uses the Intel Virtualization Technology for Directed I/O (VT-d) to provide protection against DMA attacks.

Esta historia es de la edición #260/July 2022: Privacy de Linux Magazine.

Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 9,000 revistas y periódicos.

Esta historia es de la edición #260/July 2022: Privacy de Linux Magazine.

Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 9,000 revistas y periódicos.

MÁS HISTORIAS DE LINUX MAGAZINEVer todo
MADDOG'S DOGHOUSE
Linux Magazine

MADDOG'S DOGHOUSE

The stakeholder approach of open source broadens the pool of who can access, influence, and benefit from information technologies.

time-read
3 minutos  |
#289/December 2024: Coding with AI
MakerSpace
Linux Magazine

MakerSpace

Rust, a potential successor to C/C++, claims to solve some memory safety issues while maintaining high performance. We look at Rust on embedded systems, where memory safety, concurrency, and security are equally important

time-read
10+ minutos  |
#289/December 2024: Coding with AI
In Harmony
Linux Magazine

In Harmony

Using the Go Interface mechanism, Mike demonstrates its practical application with a refresh program for local copies of Git repositories.

time-read
9 minutos  |
#289/December 2024: Coding with AI
Monkey Business
Linux Magazine

Monkey Business

Even small changes in a web page can improve the browsing experience. Your preferred web browser provides all the tools you need to inject JavaScript to adapt the page. You just need a browser with its debugging tools, some knowledge of scripting, and the browser extension Tampermonkey.

time-read
10+ minutos  |
#289/December 2024: Coding with AI
Smarter Navigation
Linux Magazine

Smarter Navigation

Zoxide, a modern version of cd, lets you navigate long directory paths with less typing.

time-read
4 minutos  |
#289/December 2024: Coding with AI
Through the Back Door
Linux Magazine

Through the Back Door

Cybercriminals are increasingly discovering Linux and adapting malware previously designed for Windows systems. We take you inside the Linux version of a famous Windows ransomware tool.

time-read
9 minutos  |
#289/December 2024: Coding with AI
Page Pulse
Linux Magazine

Page Pulse

Do you want to be alerted when a product is back in stock on your favorite online store? Do you want to know when a website without an RSS feed gets an update? With changedetection.io, you can stay up-to-date on website changes.

time-read
8 minutos  |
#289/December 2024: Coding with AI
Arco Linux
Linux Magazine

Arco Linux

ArcoLinux, an Arch derivative, offers easier installs while educating users about Arch Linux along the way.

time-read
5 minutos  |
#289/December 2024: Coding with AI
Ghost Coder
Linux Magazine

Ghost Coder

Artificial intelligence is increasingly supporting programmers in their daily work. How effective are these tools? What are the dangers? And how can you benefit from Al-assisted development today?

time-read
10+ minutos  |
#289/December 2024: Coding with AI
Zack's Kernel News
Linux Magazine

Zack's Kernel News

Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.

time-read
9 minutos  |
#289/December 2024: Coding with AI