Intel Announces Thunderbolt 4: Universal Cable Connectivity for Everyone

[windwhirl]

Why is nobody discussing the fact that Thunderbolt 4 doesn't increase bandwidth at all? I was seriously expecting Thunderbolt 4 to use a PCIe 4.0x4/3.0x8 link and deliver 64Gbps/80Gbps...based on how every single past generation doubled bandwidth, why isn't this one? I was expecting TB4 to be able to finally run eGPUs with zero bottleneck.... So what's the point of TB4?

Frankly, it looks to me that TB4 comes to fix or mitigate a bunch of potential issues. For example, a Thunderbolt 4 cable (essentially a USB Type-C cable) can replace any other Type C cables. All TB4 cables must be capable of delivering everything the TB4 specification offers. Intel VT-d is now required too, in an effort to cut down security vulnerabilities based on DMA attacks.

Isn't?

Well, security is always important, but a balance must be found between performance/features and security. It doesn't matter much how secure a system is, if you can't get your work done in time or at all.

Fortunately, yes!

AMD has their own thing for this, but I'm not sure how it's gonna work with TB4, if at all. Intel wasn't certifying any non-Intel systems for Thunderbolt until a few months ago...

 

[Steevo]

Clearly very easy to figure out what is what
I've also never seen most of those USB logos.
Let's see if Intel can truly pull off what they promise here.

So all the "security" that was full of holes before this is somehow NOT supposed to make me doubt them this time? Sure.

 

[ur6beersaway]

It's nice to see that I wasn't the only one that saw this and instantly got DMA flashbacks

Cmd prompt:
powercfg-lastwake

Wake Source: mouse fart

or mosquito sneeze or ghosts.... easily the most Un-reliable function ever... Full shut down every time... True story


I don't know about the mouse fart , but I thought waking a PC from sleep with the keyboard has been a normal thing for years if not decades?

I could go even further and say that the "starting up the computer with the keyboard" feature has been around since at least 1997? HP Vectra PCs of that time already had that functionality, and you can still find it in UEFI today (I have that enabled)...

Am I missing something??



Honestly, I didn't even know about the existence of half of those

 

[TheLostSwede]

So all the "security" that was full of holes before this is somehow NOT supposed to make me doubt them this time? Sure.

I didn't say that. At least they shoved all of those hole into a VM now

 

[zlobby]

I didn't say that. At least they shoved all of those hole into a VM now

Totally reassuring, no? I mean, how could one even think of VM escape? The ignorance!

 

[Caring1]

Clearly very easy to figure out what is what
I've also never seen most of those USB logos.

Calling any USB-C port USB is confusing, that design should have been given a different name from the beginning.

 

[Fourstaff]

Clearly very easy to figure out what is what
I've also never seen most of those USB logos.
Let's see if Intel can truly pull off what they promise here.

Relevant: https://xkcd.com/927/

So far the biggest use of Thunderbolt I have seen is ... connecting it to a hub . Intel might want to take a look at making daisy chain cables a standard to mitigate the need for a hub.

 

[Darmok N Jalad]

Isn’t so much of the issue that to achieve the max rated speeds, that cable length has to stay under a few feet? That really puts the limits on the hardware, since you can’t place it very far from your workspace. It’s mostly a benefit to users that can’t add what they need internally, like in laptops, or any Mac not named Mac Pro.

 

[Solaris17]

Required Intel VT-d-based direct memory access (DMA) protection that helps prevent physical DMA attacks.

Sweet, with this Intel standard people can get ring0 or root access faster than ever before to your information.

Seriously saw that and laughed. Can't wait for someone to leverage there need for access to gain access for themselves.

 

[Steevo]

Seriously saw that and laughed. Can't wait for someone to leverage there need for access to gain access for themselves.

Trying to incorporate all the protocols is what gets me, what do they think will happen if someone feeds it the code from a GPU that gives direct memory access? It's like they plan on everyone playing nice. Then they act surprised when malware targets their implementation.

 

[Solaris17]

Trying to incorporate all the protocols is what gets me, what do they think will happen if someone feeds it the code from a GPU that gives direct memory access? It's like they plan on everyone playing nice. Then they act surprised when malware targets their implementation.

Not to mention GPU sideband attacks are a real thing. Wack man.

 

[AnarchoPrimitiv]

Because greater than 40 Gb/s has huge costs and questionable benefit. Even DP2.0, which was supposed to reach 80 Gb/s has been...delayed. Costs soar even when there's demand for it. Ends up being cheaper and more sensical to use two cables of the existing standard than try to cram all that data into one cable.

Cost? The mainstream has already moved to PCIe 4.0, so what's the issue with giving it x4 lanes like they did with PCIe 3.0? They've had external PCIe cables that can carry x16 lanes for years, no new technology has to be developed, just redeployed with economies of scale driving price down.

 

[FordGT90Concept]

The mainstream has already moved to PCIe 4.0, so what's the issue with giving it x4 lanes like they did with PCIe 3.0?

It has not. PCIE 4.0 is only common in new server platforms. There's only one line of processors (Ryzen 3rd gen has 20 lanes) in the consumer space that support PCIe 4.0 and one chipset (X570). B550 only exposes the PCIe 4.0 lanes from the CPU, it doesn't provide any itself.

 

[watzupken]

Why is nobody discussing the fact that Thunderbolt 4 doesn't increase bandwidth at all? I was seriously expecting Thunderbolt 4 to use a PCIe 4.0x4/3.0x8 link and deliver 64Gbps/80Gbps...based on how every single past generation doubled bandwidth, why isn't this one? I was expecting TB4 to be able to finally run eGPUs with zero bottleneck.... So what's the point of TB4?

Generally when there is a new version of a connectivity port, there is always an expectation that the bandwidth will improve. Perhaps I am not that well informed, but this is one of those rare port updates that have no improvement in bandwidth. Granted that the current TB3 is actually very fast, but with competing port standards catching up, not sure if Intel is too chill about it.

 

[Easo]

Isn't?

Ok, emm... how about... using the equipment for it's purpose? Do you buy computer equipment due to security, or because you want to use it?
I hope I explained what I mean't.

 

[zlobby]

Ok, emm... how about... using the equipment for it's purpose? Do you buy computer equipment due to security, or because you want to use it?
I hope I explained what I mean't.

Yes, I get your point. But, just but, what if I need my computer solely for security?

 

[windwhirl]

Yes, I get your point. But, just but, what if I need my computer solely for security?

Then you probably would have a established process of checking any hardware with an electronic microscope... Plus no connection to the Internet and a lot of building/environment security in place

 

[zlobby]

Then you probably would have a established process of checking any hardware with an electronic microscope... Plus no connection to the Internet and a lot of building/environment security in place

You won't believe it even if I showed you.

 

[windwhirl]

You won't believe it even if I showed you.

To be frank I wasn't fully joking (the microscope thing, yes ). But for security-sensitive contexts, I do imagine certain precautions would have already been taken, like physical security ones. I wouldn't bet everything on Intel VT-d, after all.

So, Intel can declare AMD's feature as incompatible and limit Thunderbold 4 to Intel only platform. Great.

Ian Cutress from Anandtech went and asked AMD and Intel about this and made a Twitter thread on the subject. I'm posting the link here and leaving a copy under the spoiler, but TLDR, there are no assurances until someone sends an AMD board with a TB4 controller for certification. According to Intel, certification is conducted by 3rd parties, so there shouldn't be any bias.

Spoiler: Ian Cutress' thread on Twitter about TB4 on non-Intel systems

TB4 + DMA: A Thread As we reported in our piece on Thunderbolt 4, in order to get certified, you need DMA security protections. Intel initially confused the matter by saying you had to have VT-d, which is an Intel-only technology. This raised questions as to TB4 on AMD systems.

Intel later affirmed that any DMA protection feature that meets certification will be certified. They didn't want to talk about anyone else's solution. We reached out to AMD.

When asked if AMD has equivalent protections suitable for TB4 certification, we were told: AMD: The “Zen 2” architecture supports DMA security in pre-boot and OS environments via AMD-Vi (IOMMU) on USB and PCIe interfaces.

When asked to clarify if this was sufficient for the TB4 spec, we were told by AMD: AMD: If the question is [if] we support DMA, the answer is yes. Any questions [on] if this would satisfy another companies requirements for an interface ... it would need to be directed at them.

I cycled back to Intel, to ask if AMD-Vi is sufficient for TB4 certification. This is their comment (multi-tweet) Intel: TB is open to non-Intel-based systems. Like any other system, devices must pass Thunderbolt certification and end-to-end testing conducted by 3rd-party labs.

Intel: Thunderbolt 4 requirements include Intel VT-d based or an equivalent DMA protection technology that provides IO virtualization (often referred to as IO Memory Management Unit or IOMMU), as well as OS implementation support.

Intel: If the equivalent technology supports prevention against physical attacks, then that should meet the requirement.

So to end a long story short, neither company will say if AMD-Vi supports *everything* that is required for TB4 certification regarding DMA security. There's no public absolute checklist we can go through for requirements and AMD-Vi support.

I guess we'll find out when an OEM partner using an AMD CPU + Intel TB4 controller submits to certification checks in order to find out.

All this applies to Apple as well when they're not using Intel CPUs.