Intel Thunderbolt

James Coddington
Ed Mackowiak
Thunderbolt Basics
● PCI Express and DisplayPort through a
single connection made available to external
devices.
Thunderbolt Basics
● Developed by Intel and Apple. Fully owned
by Intel
● Codenamed Light Peak
● Uses the Mini DisplayPort connector
● 10 Gigabits/second per channel (copper)
● 20 Gigabits/second per channel (optical)
● Released February 24th, 2011 - First used
on Apple MacBook laptops
● Up to six peripherals supported on the bus at
one time
Thunderbolt Basics
● PCI Express (PCIe) and DisplayPort (DP)
are combined into one serial data link
● Host supplies power (up to 10W) to devices
Thunderbolt Basics
● Two ways to connect
Thunderbolt Basics
● Copper Cables
○ Easy to supply power (10 Watts, per Thunderbolt
spec)
○ Performs significantly better (as compared to optical
cables) than the designers expected
○ 3 meter maximum length (per cable)
● Fiber Optic Cables
○ Can be run significantly longer (tens of meters)
○ First generation of optical cables will not supply
power
○ Not currently available
Why Is This Cool?
Why Is This Cool?
● Allows physically external devices access at
the Platform Controller Hub level
○ No existing consumer-level solutions have provided
this level of access and performance
○ PCIe enclosures commercially available currently
● Allows drastic improvements in data IO
performance
● One cable can be used to "dock" a laptop to
a monitor, keyboard, mouse, backup hard
drive, etc
What's Not So Cool
● Cables are not particularly cheap (yet)
● The first generation cables got a tad warm...
Protocol Specification
● We're not really sure... (it's proprietary)
● But Intel says it's really good
Protocol Specification
● Allows device time synchronization to within
8 nanoseconds
● Low-overhead
● Supports hot-plugging
Connector and Cable
Connector and Cable
● Uses the Mini DisplayPort connector
● 20 pins in a compact form
● Active cable
PCI Express
● Peripheral Component Interconnect Express
● Natively Hot-pluggable (good for a connector
plugged into the outside of a laptop...)
● One of several primary motherboard
interconnects used in modern devices
PCI Express
● Connections are called interconnects or links
● Links connect two PCIe ports and allow both
ends of the connection to send and receive:
○ Configuration read/write commands
○ IO read/write commands
○ Memory read/write commands
○ Interrupts
● Each connection may have up to 32 lanes in
powers of two (x1, x2, x4, x8, x16, x32)
● Each lane has two pairs of differential
signalling wires (one set for each direction)
PCI Express
● Packet-Based, typically 8-bit byte streams
● Point-to-Point (switched) topology (as
opposed to the shared bus topology of the
older PCI bus. Allows each link to the root
complex (host) to operate at the fastest
speed each device can support, rather than
the speed of the slowest device.
● Thunderbolt spec allows both direct and fan-
out PCI bus mapping
● Only fan-out mapping currently available
Fan-Out Mapping
● First device has lowest latency
Direct Mapping
● First device has highest PCI switch
negotiation burden
● Potentially wastes bandwidth on arbitration
PCI Express
● Serial interface
○ Fewer physical wires required
○ No clock skew possible
○ Higher bandwidth
● Multiple lanes allow slower devices to
operate without slowing down fast devices
● Maximum signal frequency is in the multi-
gigahertz range (Parallel busses often
limited to several hundreds of megahertz)
PCI Express Physical Layer
● Clock signal embedded in data transfer
○ PCIe 2.0 uses 8b/10b encoding to prevent long
sequences of 1's or 0's being transmitted
○ PCIe 3.0 uses 128b/130b encoding, featuring lower
overhead
● All control messages and interrupts sent on
data lines
● Scrambling may be employed to resist
electromagnetic interference
● Data striping used for multi-lane devices
○ Requires data deskewing (with demultiplexing)
PCI Express Data Link Layer
● Not nearly as exciting as the PHY layer
● Basically, the data link layer sequences and
packages up transactions
● Performs some error checking (CRC)
● Responsible for acknowledgements
PCI Express Transaction Layer
● PCIe utilizes split transactions (request and
response are independent, asynchronous)
● Credit-based control flow
○ Devices have a finite number of credits available for
each buffer available
○ Devices sending transactions deduct the credit cost
of the transaction from their amount of available
credit
○ Upon completion of a transaction, credits are
returned to the requesting device's available credit
pool
DisplayPort
● Developed by the Video Electronics
Standards Association (VESA)
● Royalty free!
● Designed to replace VGA, DVI, FPD-Link
● First display spec to use packetized
transmission.
○ Useful for Thunderbolt multiplexing
○ Extensible
● Video: 6-16 bits per color channel
● Audio: 8 channels of 24-bit, 192 kHz PCM
DisplayPort
● Separate data/control channel
● Can carry USB signals
● 8b/10b encoding
● Supports a very, very large selection of
capabilities, including:
○ HDCP
○ Passive conversion from DP to DVI and HDMI
○ Many color schemes
○ Embedded use (to connect a laptop GPU to the
screen, for example)
Security Considerations
● Thunderbolt allows external access to the
PCI bus, which means an external device
could bypass operating system-level security
measures
● DMA side-channel attacks
○ A Thunderbolt device could dump the memory of a
computer for an attacker to gain access to
encryption keys
○ Similar attack surface/pattern as that of FireWire

See Also: "Inception" attac/research/hacking tool

http://www.breaknenter.org/projects/inception/
Security Considerations
● Current processors have IOMMUs
(input/output memory management unit)

● AMD-vi
● Intel VT-d

Typically only used for

giving VMs access to
hardware, rather than
for security purposes
Questions?
References
● http://www.intel.com/content/www/us/en/io/thunderbolt/thunderbolt-technology-developer.html
● http://www.intel.com/content/www/us/en/architecture-and-technology/thunderbolt/thunderbolt-
technology-brief.html
● http://www.intel.com/content/www/us/en/io/thunderbolt/thunderbolt-overview-brief.html
● http://en.wikipedia.org/wiki/Thunderbolt_(interface)
● http://www.apple.com/pr/library/2011/02/24Apple-Updates-MacBook-Pro-with-Next-Generation-
Processors-Graphics-Thunderbolt-I-O-Technology.html
● http://en.wikipedia.org/wiki/PCI_Express
● http://www.tomshardware.com/reviews/thunderbolt-performance-z77a-gd80,3205.html
● http://www.pcisig.com/news_room/faqs/pcie3.0_faq/
● http://www.displayport.org/faq/faq-archive/
● http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2008/02/19/46464.aspx
● http://en.wikipedia.org/wiki/IOMMU