boltctl

List connected and authorized devices

$ boltctl

$ boltctl list

$ boltctl authorize [device_uuid]

$ boltctl enroll [device_uuid]

$ boltctl forget [device_uuid]

$ boltctl info [device_uuid]

boltctl [command] [options] [deviceuuid_]

boltctl manages Thunderbolt devices and their security levels. It controls which Thunderbolt devices are authorized to connect to the system, providing protection against malicious devices (Thunderclap attacks).
The tool works with the boltd daemon to enforce security policies for Thunderbolt/USB4 ports.

list

List all connected devices

Temporarily authorize a device for this session

Authorize and remember a device for future connections

Remove a device from the authorized list

Display detailed device information

Control force power state

Thunderbolt security levels are set in BIOS/UEFI. Not all systems support all security levels. Unauthorized devices may have limited or no functionality.

Thunderbolt security became important with the discovery of DMA attacks through Thunderbolt ports. The bolt project was developed to provide user-space security controls for Linux systems.

boltd(8), udevadm(8)