1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
boltctl(1)
==========
NAME
----
boltctl - control the thunderbolt device manger
SYNOPSIS
--------
[verse]
*boltctl* 'authorize' 'DEVICE'
*boltctl* 'domains'
*boltctl* 'enroll' 'DEVICE'
*boltctl* 'forget' 'DEVICE'
*boltctl* 'info' 'DEVICE'
*boltctl* 'list'
*boltctl* 'monitor'
*boltctl* 'power'
DESCRIPTION
------------
'boltctl' is the command line interface to interact with 'boltd', the
system daemon that manages Thunderbolt 3(TM) devices. It can be used to
query the state of devices as well as manage them.
Devices can be globally identified via their unique identifier
(uuid). All commands that take a 'DEVICE' identifier expect this
unique id.
If no command is given, it is equivalent to 'boltctl list'.
OPTIONS
-------
*--version*::
Print version information and exit.
*-U | --uuid {'full' | 'short' | 'alias' | N}*::
Control how UUIDs are printed. Since they are somewhat sensitive data
it is not advisable to share them publically in full length. Instead
'short' or 'alias' can and should be used when sharing the output of
'boltctl'.
'full';;
Print all UUIDs in full length.
'short';;
Truncate all UUIDs so only the first 13 characters are printed.
'alias';;
All UUIDs are replaced by a random string that is dervied from the
UUID, therefore the devices can be uniquely identified without
revealing the original UUID.
N;;
If a integer 'N' is specified, all UUIDs are truncted to only show up
to 'N'.
COMMANDS
--------
authorize [-F | --first-time] 'DEVICE'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Authorize a currently unauthorized device identified via its unique id
(uuid) 'DEVICE'. If a key is stored in the database it will be used,
given the security level of the domain supports secure device
connection. Use 'boltctl list' to find out the uuid of a device.
*-F | --first-time*::
Normally, when attempting to authorize an already authorized device
*boltctl* will do nothing and return a successful status code. When
using this option, the attempt will fail and result in a negative
exit code if the device is already authorized.
domains [-v | --verbose]
~~~~~~~~~~~~~~~~~~~~~~~~
List all currently active Thunderbolt domains. A Thunderbolt domain
represents the Thunderbolt controller hardware. There will be one
domain (and host device) for each Thunderbolt controller present
in the system. The 'security' property shows the security level of
the controller. 'bootacl' shows the used and total slots of the
boot access control list (BootACL) and the content of all non-empty
entries. NB: if BootACL is unsupported it will show 0 for both (0/0).
The 'online' property shows if the thunderbolt controller is currently
powered by the firmware. *NB*: if the controller is currently offline
the BootACL list will reflect what 'boltd' estimates the list will look
like once the controller is back online and local changes have been
synchronized to the controller. This might not be accurate if the list
was modified in the meantime, e.g. from a different installation or OS.
enroll [--policy 'policy'] 'DEVICE'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Authorize and record the device with the unique id 'DEVICE' in the
database. If the domain supports secure connection a new key will be
generated and stored in the database alongside the device name and
vendor name. The key, if created, will be used in the future to
securely authorize the device.
*--policy {'default' | 'auto' | 'manual'}*::
Specify the policy to be used for the newly enrolled device.
'default';;
Use the global default policy of the daemon; this can be changed,
but is normally also 'auto'.
'auto';;
Automatically authorize this device whenever it is connected.
'manual';;
Do *not* automatically authorize the device; instead require
manual authorization via *boltctl authorize*.
forget 'DEVICE'
~~~~~~~~~~~~~~~
Remove the information about the device with the unique id 'DEVICE'
from the database. This includes the key, if one was previously
generated. If you pass '--all' instead of the 'DEVICE' all devices are
removed instead of just one.
info 'DEVICE'
~~~~~~~~~~~~
Display information about the device with the unique id 'DEVICE'.
list [-a | --all]
~~~~~~~~~~~~~~~~~
List and print information about all connected and stored devices.
*-a | --all*::
Normally, the only the device type that will be shown is peripherals.
Therefore the device that represents the host itself will be omitted.
Using this option will instead include all device types in the list.
monitor
~~~~~~~
Listen for and show changes in connected devices.
power [-t | --timeout 'seconds'] [-q | --query]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Power up the Thunderbolt controller. If the Thunderbolt controller
is not in "native enumeration mode" it can be completely powered down
by the host firmware/BIOS. On supported systems there is an interface
to "force" power the thunderbolt controller. If supported this command
will request the daemon to do so. The daemon will keep track of all
client requests and will release the force power override when the last
request is released.
*-t | --timeout 'seconds'*::
Release the force power request after the specified amount of 'seconds'
and exit.
*-q | --query*::
Query the current force power status of the daemon.
Author
------
Written by Christian Kellner <ckellner@redhat.com>.
|
