boltctl
Manage Thunderbolt devices
TLDR
List connected (and authorized) devices
List connected devices, including unauthorized ones
Authorize a device temporarily
Authorize and remember a device
Revoke a previously authorized device
Show more information about a device
SYNOPSIS
boltctl [OPTIONS...] COMMAND [ARG...]
PARAMETERS
--version
Show program's version number and exit
-h, --help
Show help message and exit
--debug
Enable debug output
--json
Output in JSON format
list
List connected Thunderbolt devices
domains
List Thunderbolt domains
enroll
Enroll a Thunderbolt device, storing it in the database.
authorize
Authorize a Thunderbolt device with the given UUID.
forget
Forget (remove) a Thunderbolt device with the given UUID from the database.
security
Show current security level
set-security
Set the Thunderbolt security level (0-3). Requires appropriate privileges.
DESCRIPTION
boltctl
is a command-line tool for managing Thunderbolt devices and configuring security levels on Linux systems. It allows users to list connected Thunderbolt devices, authorize or deny device connections, set the security level for Thunderbolt devices, and retrieve information about the Thunderbolt security manager daemon (boltd). It's a crucial utility for controlling access to Thunderbolt devices, preventing unauthorized connections, and ensuring system security. This command interacts with the boltd service, which handles the actual device authorization and security level enforcement. boltctl
requires root privileges (or appropriate authorizations) to modify security settings. Improper use can lead to device connection issues or reduced system security, so caution should be exercised when changing Thunderbolt configuration parameters.
The command relies on the D-Bus interface provided by boltd to communicate with the Thunderbolt hardware.
The usage spans from desktop workstations to server environments where managing Thunderbolt ports and associated security is important.
CAVEATS
Requires root privileges (or appropriate authorizations) for modifying security settings. Incorrect usage can lead to device connection problems or security vulnerabilities. boltd
service must be running.
SECURITY LEVELS
The security levels define how Thunderbolt devices are handled. Level 0 means no security (legacy mode), Level 1 requires user authorization via GUI, Level 2 is secure connect and Level 3 is display port and usb tunneling only.
HISTORY
boltctl
was developed alongside the boltd
daemon to provide a user-friendly interface for managing Thunderbolt device security. Its creation addresses the need for granular control over Thunderbolt connections and security levels in modern Linux distributions. The utility has evolved with the Thunderbolt technology itself, adapting to new security features and connection protocols.
SEE ALSO
udev(7), systemd(1)