summaryrefslogtreecommitdiff
path: root/drivers/thunderbolt
diff options
context:
space:
mode:
authorMika Westerberg <mika.westerberg@linux.intel.com>2017-12-08 14:11:39 +0300
committerMika Westerberg <mika.westerberg@linux.intel.com>2018-03-09 12:54:11 +0300
commit6fc14e1a44e53c472865252b47398346a27d600e (patch)
tree2ddc11cdf4f12749618fc06dc4969a5157fac6eb /drivers/thunderbolt
parent9aaa3b8b4c56d24210acef37b7c800ca218c3d40 (diff)
downloadlinux-6fc14e1a44e53c472865252b47398346a27d600e.tar.xz
thunderbolt: Introduce USB only (SL4) security level
This new security level works so that it creates one PCIe tunnel to the connected Thunderbolt dock, removing PCIe links downstream of the dock. This leaves only the internal USB controller visible. Display Port tunnels are created normally. While there make sure security sysfs attribute returns "unknown" for any future security level. Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Diffstat (limited to 'drivers/thunderbolt')
-rw-r--r--drivers/thunderbolt/domain.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index ab4b304306f7..6281266b8ec0 100644
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -117,6 +117,7 @@ static const char * const tb_security_names[] = {
[TB_SECURITY_USER] = "user",
[TB_SECURITY_SECURE] = "secure",
[TB_SECURITY_DPONLY] = "dponly",
+ [TB_SECURITY_USBONLY] = "usbonly",
};
static ssize_t boot_acl_show(struct device *dev, struct device_attribute *attr,
@@ -227,8 +228,12 @@ static ssize_t security_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
struct tb *tb = container_of(dev, struct tb, dev);
+ const char *name = "unknown";
- return sprintf(buf, "%s\n", tb_security_names[tb->security_level]);
+ if (tb->security_level < ARRAY_SIZE(tb_security_names))
+ name = tb_security_names[tb->security_level];
+
+ return sprintf(buf, "%s\n", name);
}
static DEVICE_ATTR_RO(security);