1BOLTCTL(1) bolt Manual BOLTCTL(1)
2
6 boltctl - control the thunderbolt device manger
7
9 boltctl authorize DEVICE
10 boltctl domains
11 boltctl enroll DEVICE
12 boltctl forget DEVICE
13 boltctl info DEVICE
14 boltctl list
15 boltctl monitor
16 boltctl power
17
19 boltctl is the command line interface to interact with boltd, the
20 system daemon that manages Thunderbolt 3(TM) devices. It can be used to
21 query the state of devices as well as manage them.
22 Devices can be globally identified via their unique identifier (uuid).
24 All commands that take a DEVICE identifier expect this unique id.
25 If no command is given, it is equivalent to boltctl list.
27
29 --version
30 Print version information and exit.
31 -U | --uuid {full | short | alias | N}
33 Control how UUIDs are printed. Since they are somewhat sensitive
34 data it is not advisable to share them publically in full length.
35 Instead short or alias can and should be used when sharing the
36 output of boltctl.
37 full
39 Print all UUIDs in full length.
40 short
42 Truncate all UUIDs so only the first 13 characters are printed.
43 alias
45 All UUIDs are replaced by a random string that is dervied from
46 the UUID, therefore the devices can be uniquely identified
47 without revealing the original UUID.
48 N
50 If a integer N is specified, all UUIDs are truncted to only
51 show up to N.
52
54 authorize [-F | --first-time] DEVICE
55 Authorize a currently unauthorized device identified via its unique id
56 (uuid) DEVICE. If a key is stored in the database it will be used,
57 given the security level of the domain supports secure device
58 connection. Use boltctl list to find out the uuid of a device.
59 -F | --first-time
61 Normally, when attempting to authorize an already authorized device
62 boltctl will do nothing and return a successful status code. When
63 using this option, the attempt will fail and result in a negative
64 exit code if the device is already authorized.
65 domains [-v | --verbose]
67 List all currently active Thunderbolt domains. A Thunderbolt domain
68 represents the Thunderbolt controller hardware. There will be one
69 domain (and host device) for each Thunderbolt controller present in the
70 system. The security property shows the security level of the
71 controller. bootacl shows the used and total slots of the boot access
72 control list (BootACL) and the content of all non-empty entries. NB: if
73 BootACL is unsupported it will show 0 for both (0/0). The online
74 property shows if the thunderbolt controller is currently powered by
75 the firmware. NB: if the controller is currently offline the BootACL
76 list will reflect what boltd estimates the list will look like once the
77 controller is back online and local changes have been synchronized to
78 the controller. This might not be accurate if the list was modified in
79 the meantime, e.g. from a different installation or OS.
80 enroll [--policy policy] DEVICE
82 Authorize and record the device with the unique id DEVICE in the
83 database. If the domain supports secure connection a new key will be
84 generated and stored in the database alongside the device name and
85 vendor name. The key, if created, will be used in the future to
86 securely authorize the device.
87 --policy {default | auto | manual}
89 Specify the policy to be used for the newly enrolled device.
90 default
92 Use the global default policy of the daemon; this can be
93 changed, but is normally also auto.
94 auto
96 Automatically authorize this device whenever it is connected.
97 manual
99 Do not automatically authorize the device; instead require
100 manual authorization via boltctl authorize.
101 forget DEVICE
103 Remove the information about the device with the unique id DEVICE from
104 the database. This includes the key, if one was previously generated.
105 If you pass --all instead of the DEVICE all devices are removed instead
106 of just one.
107 info DEVICE
109 Display information about the device with the unique id DEVICE.
110 list [-a | --all]
112 List and print information about all connected and stored devices.
113 -a | --all
115 Normally, the only the device type that will be shown is
116 peripherals. Therefore the device that represents the host itself
117 will be omitted. Using this option will instead include all device
118 types in the list.
119 monitor
121 Listen for and show changes in connected devices.
122 power [-t | --timeout seconds] [-q | --query]
124 Power up the Thunderbolt controller. If the Thunderbolt controller is
125 not in "native enumeration mode" it can be completely powered down by
126 the host firmware/BIOS. On supported systems there is an interface to
127 "force" power the thunderbolt controller. If supported this command
128 will request the daemon to do so. The daemon will keep track of all
129 client requests and will release the force power override when the last
130 request is released.
131 -t | --timeout seconds
133 Release the force power request after the specified amount of
134 seconds and exit.
135 -q | --query
137 Query the current force power status of the daemon.
138
140 Written by Christian Kellner <ckellner@redhat.com>.
141bolt 0.7 01/31/2019 BOLTCTL(1)