Thunderbolt (interface)
Thunderbolt is the brand name of a hardware interface for the connection of external peripherals to a computer. It was developed by Intel in collaboration with Apple.[7][8] It was initially marketed under the name Light Peak, and first sold as part of an end-user product on 24 February 2011.[1]
Not to be confused with Lightning (connector).Production history
Various
Since 24 February 2011[1]
- IEEE 1394 (FireWire)
- ExpressCard
7.4 mm plug (8.3 mm receptacle)
4.5 mm plug (5.4 mm receptacle)
Yes
Yes
Via DisplayPort protocol or USB-based external audio cards. Supports audio through HDMI converters.
Via DisplayPort protocol
- Thunderbolt 1 and 2: 20
- Thunderbolt 3, 4 and 5: 24
- Thunderbolt 1 and 2: Mini DisplayPort
- Thunderbolt 3, 4, and 5: USB-C
18 V (bus power)
Yes
- Thunderbolt 1: x4 PCI Express 2.0[5] DisplayPort 1.1a[2]
- Thunderbolt 2: x4 PCI Express 2.0, DisplayPort 1.2
- Thunderbolt 3: x4 PCI Express 3.0, DisplayPort 1.2,[6] USB 3.1 Gen 2
- Thunderbolt 4: x4 PCI Express 3.0, DisplayPort 2.0, USB4
- Thunderbolt 5: x4 PCI Express 4.0, DisplayPort 2.1, USB4
GND
HPD
HS0TX(P)
HS0RX(P)
HS0TX(N)
HS0RX(N)
GND
GND
LSR2P TX
GND
LSP2R RX
GND
GND
GND
HS1TX(P)
HS1RX(P)
HS1TX(N)
HS1RX(N)
GND
DPPWR
Thunderbolt combines PCI Express (PCIe) and DisplayPort (DP) into two serial signals,[9][10] and additionally provides DC power via a single cable. Up to six peripherals may be supported by one connector through various topologies. Thunderbolt 1 and 2 use the same connector as Mini DisplayPort (MDP), whereas Thunderbolt 3, 4, and 5 use the USB-C connector, and support USB devices.
History[edit]
Introduction[edit]
Intel introduced Light Peak at the 2009 Intel Developer Forum (IDF), using a prototype Mac Pro logic board to run two 1080p video streams plus LAN and storage devices over a single 30-meter optical cable with modified USB ends.[19] The system was driven by a prototype PCI Express card, with two optical buses powering four ports.[20] Jason Ziller, head of Intel's Optical I/O Program Office showed the internal components of the technology under a microscope and the sending of data through an oscilloscope.[21] The technology was described as having an initial speed of 10 Gbit/s over plastic optical cables, and promising a final speed of 100 Gbit/s.[22] At the show, Intel said Light Peak-equipped systems would begin to appear in 2010, and posted a YouTube video showing Light Peak-connected HD cameras, laptops, docking stations, and HD monitors.[23]
On 4 May 2010, in Brussels, Intel demonstrated a laptop with a Light Peak connector, indicating that the technology had shrunk enough to fit inside such a device, and had the laptop send two simultaneous HD video streams down the connection, indicating that at least some fraction of the software/firmware stacks and protocols were functional. At the same demonstration, Intel officials said they expected hardware manufacturing to begin around the end of 2010.[24]
In September 2010, some early commercial prototypes from manufacturers were demonstrated at Intel Developer Forum 2010.[25]
Security vulnerabilities[edit]
Vulnerability to DMA attacks[edit]
Thunderbolt 3 – like many high-speed expansion buses, including PCI Express, PC Card, ExpressCard, FireWire, PCI, and PCI-X — is potentially vulnerable to a direct memory access (DMA) attack. If users extend the PCI Express bus (the most common high-speed expansion bus in systems as of 2018) with Thunderbolt, it allows very low-level access to the computer. An attacker could physically attach a malicious device, which, through its direct and unimpeded access to system memory and other devices, would be able to bypass almost all security measures of the operating system, allowing the attacker to read and write system memory, potentially exposing encryption keys or installing malware.[148] Such attacks have been demonstrated, modifying inexpensive commodity Thunderbolt hardware.[149][150] The IOMMU virtualization, if present, and configured by the BIOS and the operating system, can close a computer's vulnerability to DMA attacks,[149] but only if the IOMMU can block the DMA access of malicious device. As of 2019, the major OS vendors had not taken into account the variety of ways in which a malicious device could take advantage of complex interactions between multiple emulated peripherals, exposing subtle bugs and vulnerabilities.[151] Some motherboard and UEFI implementations offer Kernel DMA Protection. Intel VT-d-based direct memory access (DMA) protection is a mandatory requirement for Thunderbolt 4 Host Certification.[152]
This vulnerability is not present when Thunderbolt is used as a system interconnection (IPoTB supported on OS X Mavericks), because the IP implementation runs on the underlying Thunderbolt low-latency packet-switching fabric, and the PCI Express protocol is not present on the cable. That means that if IPoTB networking is used between a group of computers, there is no threat of such DMA attack between them.[148][149][153][154]
Vulnerability to Option ROM attacks[edit]
When a system with Thunderbolt boots, it loads and executes Option ROMs from attached devices. A malicious Option ROM can allow malware to execute before an operating system is started. It can then invade the kernel, log keystrokes, or steal encryption keys.[155] The ease of connecting Thunderbolt devices to portable computers makes them ideal for evil-maid attacks.[156]
Some systems load Option ROMs during firmware updates, allowing the malware in a Thunderbolt device's Option ROM to potentially overwrite the SPI flash ROM containing the system's boot firmware.[157][158] In February 2015, Apple issued a Security Update to Mac OS X to eliminate the vulnerability of loading Option ROMs during firmware updates, although the system is still vulnerable to Option ROM attacks during normal boots.[159]
Firmware-enforced boot security measures, such as UEFI Secure Boot (which specifies the enforcement of signatures or hash allowlists of Option ROMs) are designed to mitigate this kind of attack.
Vulnerability to data exposure attacks (Thunderspy)[edit]
In May 2020, seven major security flaws were discovered in the Thunderbolt protocol, collectively named Thunderspy. They allow a malicious party to access all data stored in a computer, even if the device is locked, password-protected, and has an encrypted hard drive. These vulnerabilities affect all Thunderbolt 1, 2 and 3 ports.[150] The attack requries the computer to be in sleep mode and have a Thunderbolt controller with a writable fireware chip. A well-trained attacker with physical access to the computer ("evil maid") can perform the required steps in 5 minutes. With a malicious firmware, the attacker can covertly disable Thunderbolt security, clone device identities, and proceed to use DMA to extract data.[160] Thunderspy vulnerabilities can largely be mitigated using Kernel DMA Protection, along with traditional anti-intrusion hardware features.[161][162]