USB has come a long way since Apple made the I/O mainstream with its iMac in September 1998. The technology rapidly replaced a wide range of aging connectors on PCs and became the universal standard for wired data and power transfers. With USB4's versatility opening the door to broad external PCI adoption, Google is working to protect your Chromebook from unauthorized access to your data.
We've discovered a series of commits on the Chromium Gerrit that references Pciguard, a new Chrome OS component that limits data access from external PCI devices using Thunderbolt 3 or USB4. With the help of an experimental chrome flag on the Chrome OS Canary channel, you can proactively keep your Chromebook safe from harmful USB 4 devices. If you enable chrome://flags/#enable-pci-guard-ui from the drop-down menu and restart your device, you'll see a new Data access protection toggle in Chrome OS settings.
'Data access protection for peripherals' in the Chrome OS Settings.
There's not a lot to look at, but based on the description, Pciguard acts as a one-way valve that helps mitigate externally connected peripherals from reaching your data. The developers added a toggle in case the additional security interferes with devices that demand full USB4 and Thunderbolt 3 bandwidth.
We dug into the Chromium Gerrit for more details on how some of it will work. After plugging in an external PCI device, the Chrome OS Type-C daemon collects low-level information about it—such as if the peripheral supports Thunderbolt—and forwards the data to the Typecd D-Bus client. PciePeripheralManager will then observe the D-bus client for events and use it to send notifications to the system tray. If the user is on a guest account and connects a thunderbolt-only peripheral, Chrome OS will block data access due to security risks with direct memory access. USB4 devices will continue to work, albeit with limited performance.
Adding security protections from malicious peripherals will give Chrome OS users peace of mind that their data is safe. With USB4 devices slowly entering the market, it matters more than ever that your Chromebook is secure, and this new feature will ensure that going forward.
- Chromium Gerrit