Require (admin level) user permission to add new PCIe enabled devices (SL1 security) No limitations, everything enumerates and connects (2011 and newer)Īsk for permission to connect device (2013 and newer) | the default mode These modes apply to PCIe protocol, while DisplayPort connects by default as it has no DMA capability exposure Thunderbolt(TM) enables implementation of different security policies. Separating Thunderbolt(TM) data stream from display tunneling to help prevent walk-up access of PCIe unless it is specifically allowed.Įvery Thunderbolt(TM) 3 Controller has a unique ID fused in silicon during production, this allows to identify a specific deviceĪ list of Thunderbolt(TM) devices ("components") that the user has already approved to enumerate and can connect automatically
Intel thunderbolt 3 admin software#
Thunderbolt(TM) 3 Security Features details and definitionsįirmware and software supported feature that requires user approval before allowing a PCIe capable Thunderbolt(TM) connection for the first time, supported on Thunderbolt(TM) starting in 2013Ĭryptographic authentication of connection to help prevent a peripheral device to be spoofed to masquerade as an "approved" device to the user (authentication of the connection), supported from Thunderbolt(TM) 2 products onward, starting in 2014
Intel thunderbolt 3 admin Pc#
Pre-boot protection Thunderbolt(TM) devices are allowed to be enumerated and connected during boot time only if they have been approved by the user before.įurther details about the various security features that help protect** the PC from potential known Thunderbolt(TM) 3 related PCIe IO vulnerabilities below.Policy management (also referred to as Security Levels): This capability allow the user to decide between multiple levels of restricting policies such as disabling the Thunderbolt(TM) 3 port, allowing it but only with explicit approval of the user each time a device is connected, allowing only devices with cryptographic authentication or allowing it in a Display Port or USB only mode (more details below).
Intel thunderbolt 3 admin driver#
Software based authorization of Thunderbolt(TM) 3 Ports: Thunderbolt(TM) 3 ports are controlled by a utility software and driver provided by Intel, that allows the user to decide whether a device's PCIe data path can connect to the system or not.This is achieved by the following set of capabilities:
![intel thunderbolt 3 admin intel thunderbolt 3 admin](https://www.notebookcheck.org/uploads/tx_nbc2/e5530-stock.jpg)
For instance, this will prevent unauthorized access when the system is locked. In order to mitigate potential malicious access to system memory from an external PCIe device, there is security protection with Thunderbolt(TM) 3 that prevents unauthorized Thunderbolt(TM) PCIe-based devices from connecting without user authorization. This potentially allows access to system memory from a physical IO device that is being connected and utilizing the PCIe protocol. The Thunderbolt(TM) controller is a PCIe device, which means that it has Direct Memory Access (DMA) IO (via PCIe), and exposes the PCIe protocol externally through USB-C ports for a range of usages.