boltctl

List connected (and authorized) devices

$ boltctl

$ boltctl list

$ boltctl authorize [device_uuid]

$ boltctl enroll [device_uuid]

$ boltctl forget [device_uuid]

$ boltctl info [device_uuid]

boltctl [OPTIONS...] COMMAND [ARG...]

--version
    Show program's version number and exit

-h, --help
    Show help message and exit

--debug
    Enable debug output

--json
    Output in JSON format

list
    List connected Thunderbolt devices

domains
    List Thunderbolt domains

enroll
    Enroll a Thunderbolt device, storing it in the database.

authorize
    Authorize a Thunderbolt device with the given UUID.

forget
    Forget (remove) a Thunderbolt device with the given UUID from the database.

security
    Show current security level

set-security
    Set the Thunderbolt security level (0-3). Requires appropriate privileges.

boltctl is a command-line tool for managing Thunderbolt devices and configuring security levels on Linux systems. It allows users to list connected Thunderbolt devices, authorize or deny device connections, set the security level for Thunderbolt devices, and retrieve information about the Thunderbolt security manager daemon (boltd). It's a crucial utility for controlling access to Thunderbolt devices, preventing unauthorized connections, and ensuring system security. This command interacts with the boltd service, which handles the actual device authorization and security level enforcement. boltctl requires root privileges (or appropriate authorizations) to modify security settings. Improper use can lead to device connection issues or reduced system security, so caution should be exercised when changing Thunderbolt configuration parameters.
The command relies on the D-Bus interface provided by boltd to communicate with the Thunderbolt hardware.
The usage spans from desktop workstations to server environments where managing Thunderbolt ports and associated security is important.

Requires root privileges (or appropriate authorizations) for modifying security settings. Incorrect usage can lead to device connection problems or security vulnerabilities. boltd service must be running.

The security levels define how Thunderbolt devices are handled. Level 0 means no security (legacy mode), Level 1 requires user authorization via GUI, Level 2 is secure connect and Level 3 is display port and usb tunneling only.

boltctl was developed alongside the boltd daemon to provide a user-friendly interface for managing Thunderbolt device security. Its creation addresses the need for granular control over Thunderbolt connections and security levels in modern Linux distributions. The utility has evolved with the Thunderbolt technology itself, adapting to new security features and connection protocols.

udev(7), systemd(1)