1BOLTD(8) bolt Manual BOLTD(8)
2
3
4
6 boltd - thunderbolt device managing system daemon
7
9 boltd [OPTIONS]
10
12 boltd is the thunderbolt device manager daemon. Its goal is to enable
13 the secure and convenient use of thunderbolt devices by using the
14 security features of modern thunderbolt controllers. It provides the
15 org.freedesktop.bolt name on the system bus. boltd is autostarted via
16 systemd/udev if a thunderbolt devices is connected.
17
18 The thunderbolt I/O technology works by bridging PCIe between the
19 controllers on each end of the connection, which in turn means that
20 devices connected via Thunderbolt are ultimately connected via PCIe.
21 Therefore thunderbolt can achieve very high connection speeds, fast
22 enough to even drive external graphics cards. The downside is that it
23 also makes certain attacks possible. To mitigate these security
24 problems, the latest version — known as Thunderbolt 3 — supports
25 different security levels: none: No security. The behavior is identical
26 to previous Thunderbolt versions. dponly: No PCIe tunnels are created
27 at all, but DisplayPort tunnels are allowed and will work. user:
28 Connected devices must be authorized by the user. Only then will the
29 PCIe tunnels be activated. secure: Basically the same as user mode, but
30 additionally a key will be written to the device the first time the
31 device is connected. This key will then be used to verify the identity
32 of the connected device.
33
34 The primary task of boltd is to authorize thunderbolt peripherals if
35 the security level is either user or secure. It provides a D-Bus API to
36 list devices, enroll them (authorize and store them in the local
37 database) and forget them again (remove previously enrolled devices).
38 It also emits signals if new devices are connected (or removed). During
39 enrollment devices can be set to be automatically authorized as soon as
40 they are connected. A command line tool, called boltctl(1), can be used
41 to control the daemon and perform all the above mentioned tasks.
42
44 -h, --help
45 Prints a short help text and exits.
46
47 --version
48 Shows the version number and exits.
49
50 -r, --replace
51 Replace the currently running boltd instance.
52
53 -v, --verbosee
54 Print debug output.
55
57 BOLT_DBPATH
58 Specifies the path where the daemon stores device information,
59 including the keys used for authorization. Overwrites the path that
60 was set at compile time.
61
63 On success 0 is returned, a non-zero failure code otherwise.
64
66 Written by Christian Kellner <ckellner@redhat.com>.
67
69 boltctl(1)
70
71
72
73bolt 0.4 05/11/2019 BOLTD(8)