1BOLTCTL(1)                        bolt Manual                       BOLTCTL(1)
2
3
4

NAME

6       boltctl - control the thunderbolt device manager
7

SYNOPSIS

9       boltctl authorize DEVICE
10       boltctl config
11       boltctl domains
12       boltctl enroll DEVICE
13       boltctl forget DEVICE
14       boltctl info DEVICE
15       boltctl list
16       boltctl monitor
17       boltctl power
18

DESCRIPTION

20       boltctl is the command line interface to interact with boltd, the
21       system daemon that manages Thunderbolt 3(TM) devices. It can be used to
22       query the state of devices as well as manage them.
23
24       Devices can be globally identified via their unique identifier (uuid).
25       All commands that take a DEVICE identifier expect this unique id.
26
27       If no command is given, it is equivalent to boltctl list.
28

OPTIONS

30       --version
31           Print version information and exit.
32
33       -U | --uuid {full | short | alias | N}
34           Control how UUIDs are printed. Since they are somewhat sensitive
35           data it is not advisable to share them publicly in full length.
36           Instead short or alias can and should be used when sharing the
37           output of boltctl.
38
39           full
40               Print all UUIDs in full length.
41
42           short
43               Truncate all UUIDs so only the first 13 characters are printed.
44
45           alias
46               All UUIDs are replaced by a random string that is derived from
47               the UUID, therefore the devices can be uniquely identified
48               without revealing the original UUID.
49
50           N
51               If a integer N is specified, all UUIDs are truncated to only
52               show up to N.
53

COMMANDS

55   authorize [-F | --first-time] DEVICE
56       Authorize a currently unauthorized device identified via its unique id
57       (uuid) DEVICE. If a key is stored in the database it will be used,
58       given the security level of the domain supports secure device
59       connection. Use boltctl list to find out the uuid of a device.
60
61       -F | --first-time
62           Normally, when attempting to authorize an already authorized device
63           boltctl will do nothing and return a successful status code. When
64           using this option, the attempt will fail and result in a negative
65           exit code if the device is already authorized.
66
67   config --describe [global|domain|device]
68       List global, domain, or all (if nothing is specified) properties. The
69       format is 3 columns: permission, name, description. Permission
70       indicates if the property is only readable or can also be written.
71
72   config KEY [VALUE]
73       Get or set, if VALUE is specified, a global property.
74
75   config <domain|device>.KEY TARGET [VALUE]
76       Get or set, if VALUE is specified, a domain or device property, where
77       TARGET is the unique id of the domain or the device.
78
79   domains [-v | --verbose]
80       List all currently active Thunderbolt domains. A Thunderbolt domain
81       represents the Thunderbolt controller hardware. There will be one
82       domain (and host device) for each Thunderbolt controller present in the
83       system. The security property shows the security level of the
84       controller. If iommu support is active (see the boltd man page) it will
85       be indicated by a +iommu suffix for "secure" or "user" mode, or just
86       plain iommu in case the security level is "none" (sl0). bootacl shows
87       the used and total slots of the boot access control list (BootACL) and
88       the content of all non-empty entries. NB: if BootACL is unsupported it
89       will show 0 for both (0/0). The online property shows if the
90       thunderbolt controller is currently powered by the firmware. NB: if the
91       controller is currently offline the BootACL list will reflect what
92       boltd estimates the list will look like once the controller is back
93       online and local changes have been synchronized to the controller. This
94       might not be accurate if the list was modified in the meantime, e.g.
95       from a different installation or OS.
96
97   enroll [--policy policy] DEVICE
98       Authorize and record the device with the unique id DEVICE in the
99       database. If the domain supports secure connection a new key will be
100       generated and stored in the database alongside the device name and
101       vendor name. The key, if created, will be used in the future to
102       securely authorize the device.
103
104       --policy {default | auto | manual}
105           Specify the policy to be used for the newly enrolled device.
106
107           default
108               Use the global default policy of the daemon; this can be
109               changed, but is normally also auto.
110
111           auto
112               Automatically authorize this device whenever it is connected.
113
114           manual
115               Do not automatically authorize the device; instead require
116               manual authorization via boltctl authorize.
117
118   forget DEVICE
119       Remove the information about the device with the unique id DEVICE from
120       the database. This includes the key, if one was previously generated.
121       If you pass --all instead of the DEVICE all devices are removed instead
122       of just one.
123
124   info DEVICE
125       Display information about the device with the unique id DEVICE.
126
127   list [-a | --all]
128       List and print information about all connected and stored devices.
129
130       -a | --all
131           Normally, the only the device type that will be shown is
132           peripherals. Therefore the device that represents the host itself
133           will be omitted. Using this option will instead include all device
134           types in the list.
135
136   monitor
137       Listen for and show changes in connected devices.
138
139   power [-t | --timeout seconds] [-q | --query]
140       Power up the Thunderbolt controller. If the Thunderbolt controller is
141       not in "native enumeration mode" it can be completely powered down by
142       the host firmware/BIOS. On supported systems there is an interface to
143       "force" power the thunderbolt controller. If supported this command
144       will request the daemon to do so. The daemon will keep track of all
145       client requests and will release the force power override when the last
146       request is released.
147
148       -t | --timeout seconds
149           Release the force power request after the specified amount of
150           seconds and exit.
151
152       -q | --query
153           Query the current force power status of the daemon.
154

AUTHOR

156       Written by Christian Kellner <ckellner@redhat.com>.
157
158
159
160bolt 0.9.6                        09/13/2023                        BOLTCTL(1)
Impressum