package/kernel/linux/tb-usb4-default-security.patch

   1 # --- T2-COPYRIGHT-NOTE-BEGIN ---
   2 # T2 SDE: package/*/linux/tb-usb4-default-security.patch
   3 # Copyright (C) 2024 The T2 SDE Project
   4 #
   5 # This Copyright note is generated by scripts/Create-CopyPatch,
   6 # more information can be found in the files COPYING and README.
   7 #
   8 # This patch file is dual-licensed. It is available under the license the
   9 # patched project is licensed under, as long as it is an OpenSource license
  10 # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
  11 # of the GNU General Public License version 2 as used by the T2 SDE.
  12 # --- T2-COPYRIGHT-NOTE-END ---
  13
  14 Default to no security, so thunderbolt devices just work, even in a minimal install
  15 or install environment.
  16
  17 TODO: add sysfs interface to change secuirty level after boot.
  18
  19 --- linux-6.9/drivers/thunderbolt/tb.c.vanilla  2024-07-10 10:50:25.355977034 +0200
  20 +++ linux-6.9/drivers/thunderbolt/tb.c  2024-07-10 10:49:41.355981273 +0200
  21 @@ -1345,6 +1345,10 @@
  22         tb_add_dp_resources(sw);
  23         tb_scan_switch(sw);
  24
  25 +       if (sw->tb->security_level == TB_SECURITY_NONE &&
  26 +           !tb_domain_approve_switch(sw->tb, sw))
  27 +                sw->authorized = 1;
  28 +
  29  out_rpm_put:
  30         if (port->usb4) {
  31                 pm_runtime_mark_last_busy(&port->usb4->dev);
  32 @@ -3181,7 +3181,7 @@
  33                 return NULL;
  34
  35         if (tb_acpi_may_tunnel_pcie())
  36 -               tb->security_level = TB_SECURITY_USER;
  37 +               tb->security_level = TB_SECURITY_NONE;
  38         else
  39                 tb->security_level = TB_SECURITY_NOPCIE;
  40