USB4 security on motherboards: Asus not giving options?

I have a ROG Strix X670E-I Gaming Wifi which has two USB4 ports, and recently got a device that uses PCI-E tunnelling (a QNA-T310G1S). In setting that up, I found out that the board has no support for device security: either you enable PCI-E tunnelling with no security, or disable it entirely and use it as a USB3 port only.

Most existing thunderbolt devices, as far as I can find, require user confirmation before enabling a device for tunnelling, as these devices can do DMA, meaning they could be malicious and steal data. The spec exists for the security and other devices seem to use that by default, the software support seems to be there already.

I found this info basically impossible to find detail on, only a post from the Asus ROG forums where the representative says the rather impressive line:

And we further confirmed that, as long as the connected devices are secure, there won’t be any security issues.

While this probably isn’t an issue for most people, someone may for example take it to a public LAN party (especially with an ITX board), where someone else could stealthily plug in a malicious device, this being enabled by default with no security and having no option to mitigate except turning it off isn’t exactly ideal, and certainly not something most people will think of needing to do. I don’t know how big an issue it is—I’m not sure how vulnerable the lack of having to authorize new devices connected makes you, but it certainly gives me pause.

I’m interested if there is any information on what boards with USB4 support security-wise, if some manufacturers offer it, some don’t, or if anyone has other experiences with it or knowledge on how vulnerable devices are without it, with USB4 becoming more prevalent, e.g: x870 having it by default, I feel it might become an issue. It’s not something I feel like I’ve seen reviewers talking about.

so the evil maid, has progressed form just USB to full PCIE?

I would be presuming, that indeed, the motherboard people, do not have the investment to concern themselves, with such a thing, and they simply offer a “turn off” for people who are concerned?

At least in Asus’ case on this board, yeah. With USB4 being the big selling point for x870 boards, it does seem like “just turn it off if you want security” is a horrible answer (alongside “just don’t plug anything bad in”), although I can only talk to my own board, so I don’t know if this is the case on newer boards or other manufacturers.

I was hoping that maybe other people here would be able to chip in about their boards and what they support, as this info seems basically impossible to find, but I don’t know how many people actually have USB4 motherboards at this point given the poor value proposition of x870 and the relative rarity of the ports on the desktop otherwise. I only got mine because I got it at a stupidly good price (actually cheaper than the B550 variant at the time) discounted right before x870 launched.

I’ll try to point this out more in reviews. this is not uncommon.

unfortunately many customers with older thunderbolt 2 or 3 devices are SoL to get security at all, hence why they hide the options I think.

amd has implemented it, it even works with certain versions of intels thunderbolt tray utility (lol) but no amd specific tb control util

This topic was automatically closed 273 days after the last reply. New replies are no longer allowed.