/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dom0 does not need Thunderbolt drivers #3802

Open
DemiMarie opened this Issue Apr 8, 2018 · 11 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.1
4 participants
@DemiMarie @andrewdavidwong @dylangerdaly @marmarek
@DemiMarie

DemiMarie commented Apr 8, 2018

Qubes OS version:

R4.0

Affected component(s):

Dom0 Kernel

Steps to reproduce the behavior:

Run find /lib/modules/4.14.18-1.pvops.qubes.x86_64/kernel/drivers/thunderbolt

Expected behavior:

No output or an error that the directory does not exist

Actual behavior:

Lots of output

General notes:

Dom0 does not need Thunderbolt drivers, and they increase attack surface in the event of a misconfiguration. That said, what VM are Thunderbolt devices currently assigned to?

Related issues:
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Apr 8, 2018

Member

That said, what VM are Thunderbolt devices currently assigned to?

AFAIK, none: #2454
Member

andrewdavidwong commented Apr 8, 2018

That said, what VM are Thunderbolt devices currently assigned to?

AFAIK, none: #2454

@andrewdavidwong andrewdavidwong added enhancement C: other security labels Apr 8, 2018

@andrewdavidwong andrewdavidwong added this to the Release 4.1 milestone Apr 8, 2018

@dylangerdaly

This comment has been minimized.

Show comment
Hide comment
@dylangerdaly

dylangerdaly Jun 14, 2018

I'm currently using my TB3 port on my XPS 13 to run my Display and Keyboard, will this mean I can no longer use an External Display in 4.1?

Many laptops are increasingly dropping Display IO for TB3.

I could be wrong in that Thunderbolt has nothing to do with Display?

dylangerdaly commented Jun 14, 2018

I'm currently using my TB3 port on my XPS 13 to run my Display and Keyboard, will this mean I can no longer use an External Display in 4.1?

Many laptops are increasingly dropping Display IO for TB3.

I could be wrong in that Thunderbolt has nothing to do with Display?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jun 14, 2018

Member

Display over Thunderbolt is a tricky question but not because of its drivers shipped in dom0 or not, but because in 4.1 we plan to move the whole GUI handling out of dom0 (#2618). I wonder what that means in context of thunderbolt ports - would some additional device needs to be assigned there? What about non-display devices plugged there?
Member

marmarek commented Jun 14, 2018

Display over Thunderbolt is a tricky question but not because of its drivers shipped in dom0 or not, but because in 4.1 we plan to move the whole GUI handling out of dom0 (#2618). I wonder what that means in context of thunderbolt ports - would some additional device needs to be assigned there? What about non-display devices plugged there?
@DemiMarie

This comment has been minimized.

Show comment
Hide comment
@DemiMarie

DemiMarie Jun 15, 2018

DemiMarie commented Jun 15, 2018

@DemiMarie

This comment has been minimized.

Show comment
Hide comment
@DemiMarie

DemiMarie Jun 15, 2018

DemiMarie commented Jun 15, 2018

@dylangerdaly

This comment has been minimized.

Show comment
Hide comment
@dylangerdaly

dylangerdaly Jun 15, 2018

@marmarek Ah this being sys-gpu or whatever it ends up being called, yeah I think TB3 for Display would be a requirement yeah? It's turning into the defacto standard for display, at least on newer laptops.

@DemiMarie I plan on doing the exact same thing for Fallout 76 (Windows HVM -- eGPU), Also it's my understanding Qubes isn't signing Kernel Releases / xen.efi because they don't trust the hardware (UEFI Firmware). But I do believe something is better than nothing, but also could offer false sense of Security?

dylangerdaly commented Jun 15, 2018
edited
Edited 1 time
  • @dylangerdaly dylangerdaly edited Jun 15, 2018 (most recent)
  • @dylangerdaly dylangerdaly created Jun 15, 2018

@marmarek Ah this being sys-gpu or whatever it ends up being called, yeah I think TB3 for Display would be a requirement yeah? It's turning into the defacto standard for display, at least on newer laptops.

@DemiMarie I plan on doing the exact same thing for Fallout 76 (Windows HVM -- eGPU), Also it's my understanding Qubes isn't signing Kernel Releases / xen.efi because they don't trust the hardware (UEFI Firmware). But I do believe something is better than nothing, but also could offer false sense of Security?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jun 15, 2018

Member

But I do believe something is better than nothing, but also could offer false sense of Security?

See this message and its thread. Signing just Xen/Kernel isn't enough for meaningful boot security.
Member

marmarek commented Jun 15, 2018

But I do believe something is better than nothing, but also could offer false sense of Security?

See this message and its thread. Signing just Xen/Kernel isn't enough for meaningful boot security.
@DemiMarie

This comment has been minimized.

Show comment
Hide comment
@DemiMarie

DemiMarie Jun 16, 2018

DemiMarie commented Jun 16, 2018

@DemiMarie

This comment has been minimized.

Show comment
Hide comment
@DemiMarie

DemiMarie Jun 16, 2018

DemiMarie commented Jun 16, 2018

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jun 16, 2018

Member

Another thought: could Thunderbolt be emulated over multiple USB 3 ports? Most systems have several.

I don't know. And really isn't a place for such discussion, better use qubes-devel maling list.

Also, secure boot does solve the problem I mentioned earlier (Thunderbolt option-ROM attacks). If the Thunderbolt port’s DMA engine is disabled until the OS takes control, we are safe, as we can use the IOMMU to sandbox the GPU.

Many BIOSes also have option to disable them until OS approve particular device, independently of Secure Boot.
Member

marmarek commented Jun 16, 2018

Another thought: could Thunderbolt be emulated over multiple USB 3 ports? Most systems have several.

I don't know. And really isn't a place for such discussion, better use qubes-devel maling list.

Also, secure boot does solve the problem I mentioned earlier (Thunderbolt option-ROM attacks). If the Thunderbolt port’s DMA engine is disabled until the OS takes control, we are safe, as we can use the IOMMU to sandbox the GPU.

Many BIOSes also have option to disable them until OS approve particular device, independently of Secure Boot.
@DemiMarie

This comment has been minimized.

Show comment
Hide comment
@DemiMarie

DemiMarie Jun 17, 2018

DemiMarie commented Jun 17, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment