From 70d2bd58706a1318c40233f17d8d8ffcc71d323c Mon Sep 17 00:00:00 2001 From: Jason Barbier Date: Thu, 22 Aug 2019 10:26:58 -0700 Subject: [PATCH] Adding info about thunderbolt 3 security and security levels Signed-off-by: Jason Barbier --- linux-workstation-security.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/linux-workstation-security.md b/linux-workstation-security.md index 2165333..3b358ce 100644 --- a/linux-workstation-security.md +++ b/linux-workstation-security.md @@ -1,6 +1,6 @@ # Linux workstation security checklist -Updated: 2017-12-15 +Updated: 2019-08-22 *Status: CURRENT* @@ -98,6 +98,10 @@ ExpressCard are guilty of the same, though some later implementations of Thunderbolt attempt to limit the scope of memory access. It is best if the system you are getting has none of these ports, but it is not critical, as they usually can be turned off via UEFI or disabled in the kernel itself. +If you are getting a system that has Thunderbolt 3, it is best if you plan on +leaving it enabled to ensure that Thunderbolt security is enabled and if security +levels are supported it is set to User Authorzation. This will prevent Thunderbolt +devices from attaching to the system without the user's knowledge. #### TPM Chip