How to use the command 'boltctl' (with examples)
- Linux
- December 25, 2023
The ‘boltctl’ command is used to control thunderbolt devices on a Linux system. It provides a way to manage connected devices, authorize and revoke device access, and gather information about specific devices.
Use case 1: List connected (and authorized) devices
Code:
boltctl
Motivation: By running the ‘boltctl’ command without any arguments, you can quickly list all the connected and authorized thunderbolt devices on your system. This can be useful to get an overview of the available devices and their status.
Explanation: The ‘boltctl’ command, when executed without any arguments, lists all the connected and authorized thunderbolt devices on the system. It provides information such as the device UUID, name, vendor, domain, security level, authorized status, and connected status.
Example output:
● dock2
├─ type: peripheral
├─ name: Plugable TBT3-UDC1
├─ vendor: Intel Corp.
├─ domain: 1-2-3
├─ security: user
├─ policy: authorized
├─ connected: yes
└─ stored: yes
● dock1
├─ type: peripheral
├─ name: CalDigit, Inc.
├─ vendor: Intel Corp.
├─ domain: 4-5-6
├─ security: user
├─ policy: authorized
├─ connected: yes
└─ stored: yes
Use case 2: List connected devices, including unauthorized ones
Code:
boltctl list
Motivation: If you want to view all the connected thunderbolt devices, including the ones that are not authorized, you can use the ‘boltctl list’ command. This can be useful when you need to check the status of all devices, regardless of their authorization status.
Explanation: The ‘boltctl list’ command lists all the connected thunderbolt devices on the system, including both authorized and unauthorized ones. It provides information such as the device UUID, name, vendor, domain, security level, and connected status.
Example output:
● dock2
├─ type: peripheral
├─ name: Plugable TBT3-UDC1
├─ vendor: Intel Corp.
├─ domain: 1-2-3
├─ security: user
└─ connected: yes
○ dock3
├─ type: peripheral
├─ name: JHL7540 Thunderbolt 3 USB Controller [Titan Ridge 4C 2018]
├─ vendor: Intel Corp.
├─ domain: 4-5-6
├─ security: none
└─ connected: yes
Use case 3: Authorize a device temporarily
Code:
boltctl authorize device_uuid
Motivation: If you trust a thunderbolt device for a specific session and want to temporarily authorize it, you can use the ‘boltctl authorize’ command. This provides a way to allow a device to connect and function for a short period, without permanently granting access.
Explanation: The ‘boltctl authorize’ command authorizes a thunderbolt device temporarily. It takes the device UUID as an argument, which can be obtained from the output of the ‘boltctl’ or ‘boltctl list’ command. The device will be authorized until the next time it is disconnected or the system is rebooted.
Example output:
Device with UUID "0f7b1b24-7f69-456f-a98b-d96a6a8e7221" authorized temporarily.
Use case 4: Authorize and remember a device
Code:
boltctl enroll device_uuid
Motivation: If you frequently use a thunderbolt device and want to permanently authorize it, you can use the ‘boltctl enroll’ command. This ensures that the device is always authorized whenever it is connected to the system.
Explanation: The ‘boltctl enroll’ command authorizes a thunderbolt device permanently. It takes the device UUID as an argument, which can be obtained from the output of the ‘boltctl’ or ‘boltctl list’ command. The device will be authorized and remembered, even after system reboots.
Example output:
Device with UUID "0f7b1b24-7f69-456f-a98b-d96a6a8e7221" authorized and remembered.
Use case 5: Revoke a previously authorized device
Code:
boltctl forget device_uuid
Motivation: If you no longer want a thunderbolt device to be authorized on your system, you can use the ‘boltctl forget’ command. This revokes the authorization for the device, preventing it from connecting or functioning on the system.
Explanation: The ‘boltctl forget’ command revokes the authorization for a thunderbolt device. It takes the device UUID as an argument, which can be obtained from the output of the ‘boltctl’ or ‘boltctl list’ command. The device will no longer be authorized, even if it is connected in the future.
Example output:
Device with UUID "0f7b1b24-7f69-456f-a98b-d96a6a8e7221" is no longer authorized.
Use case 6: Show more information about a device
Code:
boltctl info device_uuid
Motivation: If you need detailed information about a specific thunderbolt device, you can use the ‘boltctl info’ command. This provides additional information such as the device’s security level, authorized status, domain, serial number, and firmware version.
Explanation: The ‘boltctl info’ command shows more information about a thunderbolt device. It takes the device UUID as an argument, which can be obtained from the output of the ‘boltctl’ or ‘boltctl list’ command. The command provides detailed information about the device, including its security level, authorized status, domain, serial number, firmware version, and more.
Example output:
Device UUID: 0f7b1b24-7f69-456f-a98b-d96a6a8e7221
- Name: Plugable TBT3-UDC1
- Vendor: Intel Corp.
- Security: user
- Policy: temporary
- Domain: 1-2-3
- Serial Number: XX0X0XXX00XX
- Firmware Version: NVM185
- Firmware Capabilities: none
- Hardware AIC: no
- Active Cable: no
- Stored: yes
- Authorized: yes
- Connected: yes
Conclusion:
The ‘boltctl’ command provides a convenient way to manage thunderbolt devices on a Linux system. It allows you to list connected devices, authorize and revoke device access, and gather detailed information about specific devices. By using the different command options, you can efficiently control and monitor your thunderbolt devices with ease.
