Thunderbolt on Windows Part 2: Intel's DZ77RE-K75 & ASUS' P8Z77-V Premium
by Anand Lal Shimpi on June 3, 2012 2:08 AM EST- Posted in
- Motherboards
- CPUs
- Intel
- Asus
- Thunderbolt
- Ivy Bridge
- Chipsets
Performance
In our earlier look at Thunderbolt under Windows I didn't have a working Pegasus driver to really push the limits of the interface's bandwidth. With that now changed, I went to work. I started by pulling out all of the hard drives from the Pegasus R6 and installed four SSDs. I didn't have four identical drives so I threw in a mix of SF-2281 based drives and Vertex 4s. The lowest common capacity was 240GB so the resulting logical RAID-0 drive I built was just under 1TB in size. I then ran a 128KB sequential read test using Iometer to see what sort of performance I could get from the setup:
With this configuration, I achieved a very respectable 922MB/s. Note that the fastest speed I ever attained under OS X was 1000MB/s so we're not all that far off the peak. To try and move the needle a little further I hooked up the SSD based LaCie Little Big Disk and performed a 128KB sequential read across both the LBD and the SSD equipped Pegasus:
Performance moved up a bit to 933MB/s but it's clear that we should've seen a bigger increase in performance from adding another two SSDs to the chain. The fact that performance didn't go up tells me that we're reaching the limits of the interface.
As a last ditch effort I added two more SSDs to the Pegasus R6 chassis, a pair of 128GB Samsung SSD 830s in RAID-0. I repeated the 128KB sequential read test, but now across all four drive targets (2 in the LBD, and 2 RAID arrays in the Pegasus R6):
Unfortunately, performance didn't change. It's safe to say that on a single Thunderbolt port you can get just under 7.5Gbps of bandwidth, in one direction, to a chain of devices. Each Thunderbolt port should have two channels however; the second should allow DisplayPort traffic to be carried without impacting performance. To test this theory I repeated the test but with Apple's Thunderbolt Display in the chain. To drive the 27-inch 2560 x 1440 panel at 60Hz you need around 7Gbps of bandwidth (more if you take into account overhead). With the display connected I repeated the transfer test:
Performance actually went up by a few MB/s, but basically remained unchanged from the earlier 7.5Gbps peak. While I never was able to hit the 8Gbps I got under OS X, that was with the very first iteration of Thunderbolt support under OS X as well as from Promise. It's entirely possible that further tuning/firmware updates have limited performance a bit since then. Either way, it's safe to say that Thunderbolt under Windows is capable of the same class of performance we've seen under OS X.
Pushing video out to the display while pulling in data from external storage devices is actually the best case scenario for Thunderbolt, but what happens if we're sending traffic out on both channels? I conducted the same test with the Thunderbolt Display attached but this time I ran a 128KB sequential write to the attached SSDs:
There's a bit of a performance drop (~6.9Gbps vs. 7.5Gbps) but it's unclear whether this is due to lower SSD write speeds or upstream bandwidth limitations for a single Thunderbolt port.
Final Words
Armed with the right drivers, Promise's Pegasus helped prove that Thunderbolt can be nearly as fast under Windows as it is under OS X. Similar to what we saw under OS X, around 7.5Gbps isn't tough to achieve over a single Thunderbolt port. There's also no significant performance impact seen when driving DisplayPort over the same interface.
The first Thunderbolt equipped motherboards are expensive, but that's mostly a function of Thunderbolt being paired with the absolute highest end models. Over time, I'd expect more ubiquitous deployment of the interface—although it's not clear how long that would take.
Intel's certification program for Thunderbolt on Windows definitely improves the behavior of devices and generally makes the interface OS agnostic. Unfortunately, the reliance on the certification program for proper functionality under Windows means the interface will get off to a rough start on its new platform. As of today, there are no publicly available certified Windows drivers for Thunderbolt devices. This will change, hopefully over the course of the next quarter, but we still need to play a bit of the waiting game.
We also need more Thunderbolt devices. Apple's Thunderbolt Display is a great example of what you can do with Thunderbolt, but without official Windows support we're left waiting again.
Despite the teething problems, I am glad to see Thunderbolt finally arrive on Windows PCs. While there's an obvious fit for mobile, I do believe that even desktop users can benefit from Thunderbolt. At the bare minimum, it can simplify external cable management with only a single cable carrying Ethernet, audio, USB, DisplayPort, etc... from your PC to your Thunderbolt hub and/or display. The fact that it can also move high performance storage out of your chassis might also enable smaller/more interesting desktop form factors. There's an obvious fit with all-in-one designs but even things like mini-ITX become a lot more flexible with Thunderbolt.
Facebook
Twitter
RSS
116 Comments
View All Comments
ka_ - Monday, June 4, 2012 - link
The one thing that will keep me away from TB is the major problem that any device can access the DMA of any connected devices essentially removing all security of any system with TB - except if by disabling DMA while using the plug. I have come to notice that Apple have a undocumented method to disable DMA on TB <http://matt.ucc.asn.au/apple/>, though it indicates this method only apply to the Firewire over TB exploit, and it likely is not much time until someone have a better method. But if it is possible do disable DMA/restrict DMA access on the machines, then TB might even eventually get accepted by the security focused audience too?If possible do disable DMA under Windows/Linux how much would this degrade the TB performance?
repoman27 - Monday, June 4, 2012 - link
Disabling DMA for Thunderbolt is akin to disabling DMA for PCIe, i.e. not practical. IOMMU will hopefully provide security for these types of scenarios, but the driver implementation just isn't there yet.Does the fear of DMA attacks prevent you from using PC's with available PCIe slots, ExpressCard or IEEE 1394 ports? Hardware DMA attacks require physical access to the machine or some sort of social engineering ploy. If an attacker has physical access to your machine, they would most likely try many other vectors before resorting to a DMA attack. DMA attacks generally involve custom hardware which is time consuming and expensive to develop. Do you really see someone buying or creating a custom piece of Thunderbolt hardware just to attempt to compromise PCs under your control?
While these types of security vulnerabilities are real, exploitation of them is rather uncommon, and for the foreseeable future, far more likely to come in the form of FireWire or ExpressCard than Thunderbolt.
If someone ships you a shiny new Pegasus R6 with a note saying, "You're the lucky winner!" just sell it on eBay and move on.
ka_ - Monday, June 4, 2012 - link
"While these types of security vulnerabilities are real, exploitation of them is rather uncommon, and for the foreseeable future, far more likely to come in the form of FireWire or ExpressCard than Thunderbolt."Completely wrong - The firewire exploit is possible to do on any TB and the exploit is already in the wild: <http://www.breaknenter.org/2012/02/adventures-with...
Even script kiddies can apparently do this attack against TB and firewire already...
So yes - I would indeed sell the machine coming with this port unless there is a way to prevent DMA access for units connected through the TB port.
I think Asus UX32VD-DB71 or one of the UX31A's which does not have TB, Firewire, ExpressCard or any of the other easily exploitable ports.
repoman27 - Monday, June 4, 2012 - link
Did ya read the article you linked to? Did ya understand any of it? Because I had already done so, and came away with a very different assessment of the severity of the threat in question.The exploit as described is a FireWire DMA attack requiring physical access to the PC along with several bulky hardware devices costing many hundreds of dollars. The pointlessness of this exercise is especially extreme, because at the time it was written, the only PC with Thunderbolt but lacking FireWire was the 2011 MacBook Air.
I don't generally let script kiddies hang out in my house, but I'd probably notice if they left an Apple Thunderbolt Display or a Sonnet Echo ExpressCard/34 Thunderbolt Adapter, ExpressCard FireWire adapter, 2.0 m Apple Thunderbolt cable, FireWire cable and "attack" PC running Linux lying about attached to my MacBook Air. Just sayin'.
ka_ - Monday, June 4, 2012 - link
The article specify "or equivelent" - ebay got a thunderbird to firewire adaptor from USD 4.25And no - you dont need daisy chain except to test some of the more advanced hacks there...
http://www.ebay.com/itm/6-pin-Firewire-to-Thunderb...
repoman27 - Tuesday, June 5, 2012 - link
That's a 6-pin to 8-pin FireWire adapter you moron.I guess if you can fall for eBay listings like that, you need to protect yourself pretty darn well against potential social engineering attacks. Good luck with that.
repoman27 - Tuesday, June 5, 2012 - link
Sorry, I didn't really mean to call you a moron. I wish this site allowed editing of posts.ka_ - Tuesday, June 5, 2012 - link
No problem - I might have been to hasty including the first search result I found for "Thunderbolt to Firewire" converter/adapter. There are others too such as<http://istore.techtools.com.au/index.php?route=pro...
The real point I am trying to make is that you most certainly wont need expensive hubs or daisy chains to perform this attack - any adapter/converter will do.
In fact - Firewire was only used to demonstrate that the problem still persist with Thunderbolt. That particular exploit can be prevented by simply blacklisting Firewire / 1394 devices, however that is only keeping the currently known exploit from happening.
Since Thunderbolt have DMA access on its own, it is only a matter of time before an exploit can be made with no conversion at all!
I know there are USB2/3 to Firewire converters too, which might make USB3 vulnerable to the same exploit even though USB3 in itself does not have DMA access. So all firewire is indeed on my blacklist even though I don't have any firewire ports on my laptop.
jontech - Monday, June 4, 2012 - link
enthusiasts would have been tripping over themselves calling it the second coming.The fact is, Intel can ramp up TB to 100GB in the next couple of years. USB can't keep up.
The footprint is much smaller, mDP vs USB so it's perfect for Notebooks and allows for breakout and dock solutions that include many other technologies
It is here to stay, and the fact that Apple pushed it and has every one of their computers with it means that those companies who have made TB devices have been rewarded with sales.
rs2 - Tuesday, June 5, 2012 - link
You killed my interest in Thunderbolt when you said:"Interfaces like USB are great because you can generally count on anything that physically fits in the port just working. With Thunderbolt on Windows we now have a situation where you can't assume the same."
That is *not* the way to introduce a new connectivity standard. If I can't plug any Thunderbolt device into any Thunderbolt connector and *know* for a fact that it will work without issue, then something is very seriously wrong.