Security teams at large enterprises have long worried about USB ports. A stray thumb drive or a cleverly disguised peripheral can exfiltrate data in seconds. Or worse, introduce malware. Lenovo built a targeted answer into newer ThinkPad models. It blocks data while still allowing power delivery. Now Linux is catching up.
The feature, known as USB-C Restricted Mode, has existed in select Intel-based ThinkPads for some time. Lenovo’s own user guide spells it out plainly. “USB-C Restricted Mode is a security feature that allows you to disable data transfer through USB-C connectors while the charge function of the USB-C connectors is kept.” It stops data from being copied to connected USB storage. Public charging stations in airports or hotel lobbies become safer. No more fear of data leakage through the charging cable.
But. The mode only works if the battery sits above 5 percent. Otherwise the system refuses to engage it. Users enable or disable the setting with a simple hotkey sequence: Fn+U followed by Fn+S. Once active, an LED indicator blinks briefly whenever a USB device connects. Clear. Practical. Limited so far to Intel platforms.
Kernel Patches Bring Visibility to Linux Administrators
Yesterday’s news changes the picture for open-source deployments. Michael Larabel at Phoronix reported that Linux kernel developers are wiring up reporting for this exact capability inside the ThinkPad ACPI driver. When active, power flows. Data lines stay silent. The intent targets kiosk-style setups and tightly controlled environments where any data transfer poses unacceptable risk.
The new code exposes the state through a straightforward sysfs node: /sys/devices/platform/thinkpad_acpi/usb_c_security. Administrators can check whether the feature exists on a given machine simply by looking for the file. They can read its value to see if restricted mode runs. Patches from contributor vishnuocv, posted to the platform-driver-x86 mailing list, handle the ACPI communication. No user-space tools required yet. But the foundation now sits in the pipeline for upcoming kernels.
And this matters. Enterprises running fleets of Linux ThinkPads in secure facilities gain a new lever. They can query device state at scale. Scripts can verify compliance before employees leave the building. Kiosk operators avoid the nightmare of a compromised USB port. The change doesn’t add new hardware protections. It surfaces what Lenovo already baked in.
Lenovo’s support documentation echoes the same goals. In their official solution page, the company stresses prevention of unauthorized data exfiltration. “This helps prevent data from being copied from the computer to USB storage devices connected to the computer.” The message stays consistent across manuals and support articles. Charge yes. Talk to the host no.
Recent discussions in Linux communities show growing interest. While no major new articles appeared in the past 24 hours beyond the Phoronix piece, the timing aligns with broader platform-driver work. Just days ago the same ThinkPad ACPI driver gained support for reporting physically damaged USB-C ports. Lenovo continues to expose more hardware telemetry to Linux. Administrators benefit. Security teams gain visibility without custom firmware.
Critics might argue the feature feels narrow. It applies only to certain Intel ThinkPads for now. AMD variants lack equivalent controls in current documentation. The hotkey method works only when the machine powers on. And real-world testing against sophisticated BadUSB-style attacks remains sparse in public. Still. For organizations already committed to ThinkPad hardware, the Linux enablement removes a point of friction.
Deployment teams can now monitor the setting alongside other ACPI-reported states. Firmware updates, battery health, thermal limits. Add USB-C restricted status to the list. The patches don’t toggle the mode from Linux yet. They report it. Future iterations may expand capabilities. For today the focus stays on awareness.
Security-conscious buyers already choose ThinkPads for their hardware locks, discrete TPM chips, and tamper detection. This USB-C addition fits the pattern. It addresses a specific vector. Malicious chargers. Compromised docks. Drive-by data thieves. In physically secured spaces the risk drops. In public the peace of mind rises.
So the Linux community moves another step closer to parity with Windows management features. Enterprises that standardize on open-source desktops gain another tool. No flashy marketing claims. No sweeping promises. Just a sysfs file and a clear hardware behavior. Sometimes that’s exactly what IT departments need.
Watch the platform-drivers-x86 tree. Once merged, the feature lands in mainline kernels. Distros will pick it up quickly. Documentation will follow. And fleet operators will add one more check to their compliance scripts. Quiet progress. Solid engineering.


WebProNews is an iEntry Publication