The settings below configure the Thunderbolt adapter security settings
within the operating system. Security Levels are not applicable or
enforced in the Pre-boot environment.
No Security: Automatically connect to
devices plugged into the Thunderbolt port.
User Authorization: Approval is required for any new
devices connected to the Thunderbolt port.
Secure Connect: The Thunderbolt adapter port
will only allow connection to devices that have been configured with
a shared key.
NOTE The first time a Thunderbolt peripheral’s Unique ID is granted “always
connect” PCIe access, a secure encrypted key is written to the peripheral
controller’s non-volatile memory and added to the host PC’s ACL list.
Each time a peripheral’s Unique ID is found on the ACL, the PC’s controller
sends a security challenge and the response from the peripheral is
then verified before the PCIe connection is allowed. If the response
is not valid, the user receives a connection permission prompt. This
capability, when enabled, prevents pre-SL2 capable peripherals from
connecting to a PC; thereby preventing a potential HW spoofing of
an approved device to generate a DMA exploit (beyond what is prevented
with SL1).
DisplayPort Only: Automatically connect to DisplayPort
devices only. No Thunderbolt adapter or PCIe devices are allowed
to connect.
In the BIOS of a Dell Thunderbolt-enabled
PC, you will be able to configure the security settings of the Thunderbolt
connection. You can find the configuration options in the BIOS path: System Configuration > USB / Thunderbolt Configuration.
Allow legacy Thunderbolt devices to auto-connect
– the CM auto connects a new device plugged in.
User Authorization
Allow User Notification devices at minimum – the
CM requests connection approval from the host SW and auto-approval
may be given based on the Unique ID of the connecting device.
Secure Connect
Allow one-time saved key devices at minimum – the
CM requests connection approval from the host SW and auto-approval
is only given if the host challenge to the device is acceptable.
DisplayPort Only
Allow DisplayPort sinks to be connected (re-driver
or DP tunnel, no PCIe tunneling).
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\