1What: /sys/bus/thunderbolt/devices/.../domainX/boot_acl
2Date:		Jun 2018
3KernelVersion:	4.17
4Contact:	thunderbolt-software@lists.01.org
5Description:	Holds a comma separated list of device unique_ids that
6		are allowed to be connected automatically during system
7		startup (e.g boot devices). The list always contains
8		maximum supported number of unique_ids where unused
9		entries are empty. This allows the userspace software
10		to determine how many entries the controller supports.
11		If there are multiple controllers, each controller has
12		its own ACL list and size may be different between the
13		controllers.
14
15		System BIOS may have an option "Preboot ACL" or similar
16		that needs to be selected before this list is taken into
17		consideration.
18
19		Software always updates a full list in each write.
20
21		If a device is authorized automatically during boot its
22		boot attribute is set to 1.
23
24What: /sys/bus/thunderbolt/devices/.../domainX/deauthorization
25Date:		May 2021
26KernelVersion:	5.12
27Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
28Description:	This attribute tells whether the system supports
29		de-authorization of devices. Value of 1 means user can
30		de-authorize PCIe tunnel by writing 0 to authorized
31		attribute under each device.
32
33What: /sys/bus/thunderbolt/devices/.../domainX/iommu_dma_protection
34Date:		Mar 2019
35KernelVersion:	4.21
36Contact:	thunderbolt-software@lists.01.org
37Description:	This attribute tells whether the system uses IOMMU
38		for DMA protection. Value of 1 means IOMMU is used 0 means
39		it is not (DMA protection is solely based on Thunderbolt
40		security levels).
41
42What: /sys/bus/thunderbolt/devices/.../domainX/security
43Date:		Sep 2017
44KernelVersion:	4.13
45Contact:	thunderbolt-software@lists.01.org
46Description:	This attribute holds current Thunderbolt security level
47		set by the system BIOS. Possible values are:
48
49		=======  ==================================================
50		none     All devices are automatically authorized
51		user     Devices are only authorized based on writing
52		         appropriate value to the authorized attribute
53		secure   Require devices that support secure connect at
54			 minimum. User needs to authorize each device.
55		dponly   Automatically tunnel Display port (and USB). No
56			 PCIe tunnels are created.
57		usbonly  Automatically tunnel USB controller of the
58			 connected Thunderbolt dock (and Display Port). All
59			 PCIe links downstream of the dock are removed.
60		nopcie   USB4 system where PCIe tunneling is disabled from
61			 the BIOS.
62		=======  ==================================================
63
64What: /sys/bus/thunderbolt/devices/.../authorized
65Date:		Sep 2017
66KernelVersion:	4.13
67Contact:	thunderbolt-software@lists.01.org
68Description:	This attribute is used to authorize Thunderbolt devices
69		after they have been connected. If the device is not
70		authorized, no PCIe devices are available to the system.
71
72		Contents of this attribute will be 0 when the device is not
73		yet authorized.
74
75		Possible values are supported:
76
77		==  ===================================================
78		0   The device will be de-authorized (only supported if
79		    deauthorization attribute under domain contains 1)
80		1   The device will be authorized and connected
81		==  ===================================================
82
83		When key attribute contains 32 byte hex string the possible
84		values are:
85
86		==  ========================================================
87		0   The device will be de-authorized (only supported if
88		    deauthorization attribute under domain contains 1)
89		1   The 32 byte hex string is added to the device NVM and
90		    the device is authorized.
91		2   Send a challenge based on the 32 byte hex string. If the
92		    challenge response from device is valid, the device is
93		    authorized. In case of failure errno will be ENOKEY if
94		    the device did not contain a key at all, and
95		    EKEYREJECTED if the challenge response did not match.
96		==  ========================================================
97
98What: /sys/bus/thunderbolt/devices/.../boot
99Date:		Jun 2018
100KernelVersion:	4.17
101Contact:	thunderbolt-software@lists.01.org
102Description:	This attribute contains 1 if Thunderbolt device was already
103		authorized on boot and 0 otherwise.
104
105What: /sys/bus/thunderbolt/devices/.../generation
106Date:		Jan 2020
107KernelVersion:	5.5
108Contact:	Christian Kellner <christian@kellner.me>
109Description:	This attribute contains the generation of the Thunderbolt
110		controller associated with the device. It will contain 4
111		for USB4.
112
113What: /sys/bus/thunderbolt/devices/.../key
114Date:		Sep 2017
115KernelVersion:	4.13
116Contact:	thunderbolt-software@lists.01.org
117Description:	When a devices supports Thunderbolt secure connect it will
118		have this attribute. Writing 32 byte hex string changes
119		authorization to use the secure connection method instead.
120		Writing an empty string clears the key and regular connection
121		method can be used again.
122
123What:		/sys/bus/thunderbolt/devices/.../device
124Date:		Sep 2017
125KernelVersion:	4.13
126Contact:	thunderbolt-software@lists.01.org
127Description:	This attribute contains id of this device extracted from
128		the device DROM.
129
130What:		/sys/bus/thunderbolt/devices/.../device_name
131Date:		Sep 2017
132KernelVersion:	4.13
133Contact:	thunderbolt-software@lists.01.org
134Description:	This attribute contains name of this device extracted from
135		the device DROM.
136
137What:		/sys/bus/thunderbolt/devices/.../maxhopid
138Date:		Jul 2021
139KernelVersion:	5.13
140Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
141Description:	Only set for XDomains. The maximum HopID the other host
142		supports as its input HopID.
143
144What:		/sys/bus/thunderbolt/devices/.../rx_speed
145Date:		Jan 2020
146KernelVersion:	5.5
147Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
148Description:	This attribute reports the device RX speed per lane.
149		All RX lanes run at the same speed.
150
151What:		/sys/bus/thunderbolt/devices/.../rx_lanes
152Date:		Jan 2020
153KernelVersion:	5.5
154Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
155Description:	This attribute reports number of RX lanes the device is
156		using simultaneusly through its upstream port.
157
158What:		/sys/bus/thunderbolt/devices/.../tx_speed
159Date:		Jan 2020
160KernelVersion:	5.5
161Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
162Description:	This attribute reports the TX speed per lane.
163		All TX lanes run at the same speed.
164
165What:		/sys/bus/thunderbolt/devices/.../tx_lanes
166Date:		Jan 2020
167KernelVersion:	5.5
168Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
169Description:	This attribute reports number of TX lanes the device is
170		using simultaneusly through its upstream port.
171
172What:		/sys/bus/thunderbolt/devices/.../vendor
173Date:		Sep 2017
174KernelVersion:	4.13
175Contact:	thunderbolt-software@lists.01.org
176Description:	This attribute contains vendor id of this device extracted
177		from the device DROM.
178
179What:		/sys/bus/thunderbolt/devices/.../vendor_name
180Date:		Sep 2017
181KernelVersion:	4.13
182Contact:	thunderbolt-software@lists.01.org
183Description:	This attribute contains vendor name of this device extracted
184		from the device DROM.
185
186What:		/sys/bus/thunderbolt/devices/.../unique_id
187Date:		Sep 2017
188KernelVersion:	4.13
189Contact:	thunderbolt-software@lists.01.org
190Description:	This attribute contains unique_id string of this device.
191		This is either read from hardware registers (UUID on
192		newer hardware) or based on UID from the device DROM.
193		Can be used to uniquely identify particular device.
194
195What:		/sys/bus/thunderbolt/devices/.../nvm_version
196Date:		Sep 2017
197KernelVersion:	4.13
198Contact:	thunderbolt-software@lists.01.org
199Description:	If the device has upgradeable firmware the version
200		number is available here. Format: %x.%x, major.minor.
201		If the device is in safe mode reading the file returns
202		-ENODATA instead as the NVM version is not available.
203
204What:		/sys/bus/thunderbolt/devices/.../nvm_authenticate
205Date:		Sep 2017
206KernelVersion:	4.13
207Contact:	thunderbolt-software@lists.01.org
208Description:	When new NVM image is written to the non-active NVM
209		area (through non_activeX NVMem device), the
210		authentication procedure is started by writing to
211		this file.
212		If everything goes well, the device is
213		restarted with the new NVM firmware. If the image
214		verification fails an error code is returned instead.
215
216		This file will accept writing values "1" or "2"
217
218		- Writing "1" will flush the image to the storage
219		  area and authenticate the image in one action.
220		- Writing "2" will run some basic validation on the image
221		  and flush it to the storage area.
222
223		When read holds status of the last authentication
224		operation if an error occurred during the process. This
225		is directly the status value from the DMA configuration
226		based mailbox before the device is power cycled. Writing
227		0 here clears the status.
228
229What:		/sys/bus/thunderbolt/devices/<xdomain>.<service>/key
230Date:		Jan 2018
231KernelVersion:	4.15
232Contact:	thunderbolt-software@lists.01.org
233Description:	This contains name of the property directory the XDomain
234		service exposes. This entry describes the protocol in
235		question. Following directories are already reserved by
236		the Apple XDomain specification:
237
238		========  ===============================================
239		network   IP/ethernet over Thunderbolt
240		targetdm  Target disk mode protocol over Thunderbolt
241		extdisp   External display mode protocol over Thunderbolt
242		========  ===============================================
243
244What:		/sys/bus/thunderbolt/devices/<xdomain>.<service>/modalias
245Date:		Jan 2018
246KernelVersion:	4.15
247Contact:	thunderbolt-software@lists.01.org
248Description:	Stores the same MODALIAS value emitted by uevent for
249		the XDomain service. Format: tbtsvc:kSpNvNrN
250
251What:		/sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcid
252Date:		Jan 2018
253KernelVersion:	4.15
254Contact:	thunderbolt-software@lists.01.org
255Description:	This contains XDomain protocol identifier the XDomain
256		service supports.
257
258What:		/sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcvers
259Date:		Jan 2018
260KernelVersion:	4.15
261Contact:	thunderbolt-software@lists.01.org
262Description:	This contains XDomain protocol version the XDomain
263		service supports.
264
265What:		/sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcrevs
266Date:		Jan 2018
267KernelVersion:	4.15
268Contact:	thunderbolt-software@lists.01.org
269Description:	This contains XDomain software version the XDomain
270		service supports.
271
272What:		/sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcstns
273Date:		Jan 2018
274KernelVersion:	4.15
275Contact:	thunderbolt-software@lists.01.org
276Description:	This contains XDomain service specific settings as
277		bitmask. Format: %x
278
279What:		/sys/bus/thunderbolt/devices/<device>:<port>.<index>/device
280Date:		Oct 2020
281KernelVersion:	v5.9
282Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
283Description:	Retimer device identifier read from the hardware.
284
285What:		/sys/bus/thunderbolt/devices/<device>:<port>.<index>/nvm_authenticate
286Date:		Oct 2020
287KernelVersion:	v5.9
288Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
289Description:	When new NVM image is written to the non-active NVM
290		area (through non_activeX NVMem device), the
291		authentication procedure is started by writing 1 to
292		this file. If everything goes well, the device is
293		restarted with the new NVM firmware. If the image
294		verification fails an error code is returned instead.
295
296		When read holds status of the last authentication
297		operation if an error occurred during the process.
298		Format: %x.
299
300What:		/sys/bus/thunderbolt/devices/<device>:<port>.<index>/nvm_version
301Date:		Oct 2020
302KernelVersion:	v5.9
303Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
304Description:	Holds retimer NVM version number. Format: %x.%x, major.minor.
305
306What:		/sys/bus/thunderbolt/devices/<device>:<port>.<index>/vendor
307Date:		Oct 2020
308KernelVersion:	v5.9
309Contact:	Mika Westerberg <mika.westerberg@linux.intel.com>
310Description:	Retimer vendor identifier read from the hardware.
311
312What:		/sys/bus/thunderbolt/devices/.../nvm_authenticate_on_disconnect
313Date:		Oct 2020
314KernelVersion:	v5.9
315Contact:	Mario Limonciello <mario.limonciello@dell.com>
316Description:	For supported devices, automatically authenticate the new Thunderbolt
317		image when the device is disconnected from the host system.
318
319		This file will accept writing values "1" or "2"
320
321		- Writing "1" will flush the image to the storage
322		  area and prepare the device for authentication on disconnect.
323		- Writing "2" will run some basic validation on the image
324		  and flush it to the storage area.
325