# --- T2-COPYRIGHT-NOTE-BEGIN ---
# T2 SDE: package/*/linux/tb-usb4-default-security.patch
# Copyright (C) 2024 The T2 SDE Project
# 
# This Copyright note is generated by scripts/Create-CopyPatch,
# more information can be found in the files COPYING and README.
# 
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License version 2 as used by the T2 SDE.
# --- T2-COPYRIGHT-NOTE-END ---

Default to no security, so thunderbolt devices just work, even in a minimal install
or install environment.

TODO: add sysfs interface to change secuirty level after boot.

--- linux-6.9/drivers/thunderbolt/tb.c.vanilla	2024-07-10 10:50:25.355977034 +0200
+++ linux-6.9/drivers/thunderbolt/tb.c	2024-07-10 10:49:41.355981273 +0200
@@ -1345,6 +1345,10 @@
 	tb_add_dp_resources(sw);
 	tb_scan_switch(sw);
 
+	if (sw->tb->security_level == TB_SECURITY_NONE &&
+	    !tb_domain_approve_switch(sw->tb, sw))
+		 sw->authorized = 1;
+
 out_rpm_put:
 	if (port->usb4) {
 		pm_runtime_mark_last_busy(&port->usb4->dev);
@@ -3181,7 +3181,7 @@
 		return NULL;
 
 	if (tb_acpi_may_tunnel_pcie())
-		tb->security_level = TB_SECURITY_USER;
+		tb->security_level = TB_SECURITY_NONE;
 	else
 		tb->security_level = TB_SECURITY_NOPCIE;