1What: /sys/bus/thunderbolt/devices/.../domainX/security 2Date: Sep 2017 3KernelVersion: 4.13 4Contact: thunderbolt-software@lists.01.org 5Description: This attribute holds current Thunderbolt security level 6 set by the system BIOS. Possible values are: 7 8 none: All devices are automatically authorized 9 user: Devices are only authorized based on writing 10 appropriate value to the authorized attribute 11 secure: Require devices that support secure connect at 12 minimum. User needs to authorize each device. 13 dponly: Automatically tunnel Display port (and USB). No 14 PCIe tunnels are created. 15 16What: /sys/bus/thunderbolt/devices/.../authorized 17Date: Sep 2017 18KernelVersion: 4.13 19Contact: thunderbolt-software@lists.01.org 20Description: This attribute is used to authorize Thunderbolt devices 21 after they have been connected. If the device is not 22 authorized, no devices such as PCIe and Display port are 23 available to the system. 24 25 Contents of this attribute will be 0 when the device is not 26 yet authorized. 27 28 Possible values are supported: 29 1: The device will be authorized and connected 30 31 When key attribute contains 32 byte hex string the possible 32 values are: 33 1: The 32 byte hex string is added to the device NVM and 34 the device is authorized. 35 2: Send a challenge based on the 32 byte hex string. If the 36 challenge response from device is valid, the device is 37 authorized. In case of failure errno will be ENOKEY if 38 the device did not contain a key at all, and 39 EKEYREJECTED if the challenge response did not match. 40 41What: /sys/bus/thunderbolt/devices/.../key 42Date: Sep 2017 43KernelVersion: 4.13 44Contact: thunderbolt-software@lists.01.org 45Description: When a devices supports Thunderbolt secure connect it will 46 have this attribute. Writing 32 byte hex string changes 47 authorization to use the secure connection method instead. 48 49What: /sys/bus/thunderbolt/devices/.../device 50Date: Sep 2017 51KernelVersion: 4.13 52Contact: thunderbolt-software@lists.01.org 53Description: This attribute contains id of this device extracted from 54 the device DROM. 55 56What: /sys/bus/thunderbolt/devices/.../device_name 57Date: Sep 2017 58KernelVersion: 4.13 59Contact: thunderbolt-software@lists.01.org 60Description: This attribute contains name of this device extracted from 61 the device DROM. 62 63What: /sys/bus/thunderbolt/devices/.../vendor 64Date: Sep 2017 65KernelVersion: 4.13 66Contact: thunderbolt-software@lists.01.org 67Description: This attribute contains vendor id of this device extracted 68 from the device DROM. 69 70What: /sys/bus/thunderbolt/devices/.../vendor_name 71Date: Sep 2017 72KernelVersion: 4.13 73Contact: thunderbolt-software@lists.01.org 74Description: This attribute contains vendor name of this device extracted 75 from the device DROM. 76 77What: /sys/bus/thunderbolt/devices/.../unique_id 78Date: Sep 2017 79KernelVersion: 4.13 80Contact: thunderbolt-software@lists.01.org 81Description: This attribute contains unique_id string of this device. 82 This is either read from hardware registers (UUID on 83 newer hardware) or based on UID from the device DROM. 84 Can be used to uniquely identify particular device. 85 86What: /sys/bus/thunderbolt/devices/.../nvm_version 87Date: Sep 2017 88KernelVersion: 4.13 89Contact: thunderbolt-software@lists.01.org 90Description: If the device has upgradeable firmware the version 91 number is available here. Format: %x.%x, major.minor. 92 If the device is in safe mode reading the file returns 93 -ENODATA instead as the NVM version is not available. 94 95What: /sys/bus/thunderbolt/devices/.../nvm_authenticate 96Date: Sep 2017 97KernelVersion: 4.13 98Contact: thunderbolt-software@lists.01.org 99Description: When new NVM image is written to the non-active NVM 100 area (through non_activeX NVMem device), the 101 authentication procedure is started by writing 1 to 102 this file. If everything goes well, the device is 103 restarted with the new NVM firmware. If the image 104 verification fails an error code is returned instead. 105 106 When read holds status of the last authentication 107 operation if an error occurred during the process. This 108 is directly the status value from the DMA configuration 109 based mailbox before the device is power cycled. Writing 110 0 here clears the status. 111