TL;DR: The solution: in your BIOS settings (or UEFI settings), look for a “security” menu, and look for “Thunderbolt Security Level” or a thunderbolt setting. You are usually presented with some or all of “Unique ID”, “One time saved key”, “DP++”, and “Legacy”. Choose either “Unique ID” or “One time saved key”. Mine was set to “Legacy” which was why I was having issues.
… but here’s some monologue anyways:
How I first encountered this.
My Intel NUC seemed to one day stop connecting the eGPU (a Razer Core X) at startup anymore after I played around with the settings/updated my Windows, but it DID connect after unplugging and re-connecting the Thunderbolt wire, or after scanning for hardware changes.
I suspected it might be a new security feature, with Windows introducing things like Memory Integrity protection, and other features into Windows Security. Considering this was around the time back then when the news of a thunderbolt security flaw came out, I was thinking this would be definitely related to memory since the flaw sounded like a DMA issue.
At first, I tried turning on/off memory integrity protection in Windows security, which seemed to improve this issue, albeit temporarily until I rebooted my computer and gave up after all in-Windows fixes I found online failed.
Then I came back to check again, and discovered the thunderbolt security level setting in the Intel UEFI firmware (I did see it before but didn’t want to touch it). It was set to Legacy mode for me, which I’m assuming the OS automatically treats as untrusted until we sign in and manually approve it (via device manager scan for hardware changes) or plug it in after boot so Windows can manage its’ security. Both “Unique ID” and “One time saved key” appeared to work for me, but I ended up using “One time saved key” as that sounded like it would be faster and more secure since the host OS exchanges security keys with the eGPU and only needing to validate the key vs. needing for the host to validate the connection again every boot. But just my thoughts, not sure if this is accurate.
Leave a Reply