Kernel
Improved Laptop Battery Life
Fedora 28 enables a number of power saving features by default for the first time. The changes are in base packages and so all users will automatically gain these improvements upon upgrading. As a result, laptops running Fedora will be able to last longer on battery power.
Thunderbolt enablement
Fedora 28 adds support for Thunderbolt - an interface developed by Intel which allows connection of external peripherals to a computer.
Devices connected via Thunderbolt are DMA masters, which means they can read system memory directly without interference from the computer’s operating system or even CPU. To mitigate the security risk this type of access poses, there are four available security levels for communication, which are set by system firmware:
-
none
- security is disabled, all devices are fully functional when connected -
dponly
- only pass the DisplayPort stream through to the connected device -
user
- connected devices must be manually authorized by the user -
secure
- same asuser
, but also verify the device’s identy through a secret key
Starting with version 4.13, the Linux kernel provides an interface through
sysfs
which enables userspace query about the security level, the status
of any connected devices, and to authorize devices if the security level
demands it. The active security level must normally be selected before
booting via a BIOS/EFI option, but it is interesting to note that the none
option will likely be removed in the future. This would mean that connected
Thunderbolt devices would not work unless authorized by the user from within
the running operating system.
For this reason, Fedora 28 implements full Thunderbolt 3 support. In order
to avoid compromising the security, there are two userspace components
working together to enable Thunderbolt: a system service
(boltd
) and a component
in GNOME Shell. The shell component will automatically enroll (authorize
and store in an internal database) any new connected devices using boltd
only if the current user is an administrator and if the session is
unlocked. After the device has been authorized once, its information is
stored in the database and it will be authorized automatically on subsequent
connections.
Want to help? Learn how to contribute to Fedora Docs ›