1What: /sys/bus/thunderbolt/devices/.../domainX/boot_acl 2Date: Jun 2018 3KernelVersion: 4.17 4Contact: thunderbolt-software@lists.01.org 5Description: Holds a comma separated list of device unique_ids that 6 are allowed to be connected automatically during system 7 startup (e.g boot devices). The list always contains 8 maximum supported number of unique_ids where unused 9 entries are empty. This allows the userspace software 10 to determine how many entries the controller supports. 11 If there are multiple controllers, each controller has 12 its own ACL list and size may be different between the 13 controllers. 14 15 System BIOS may have an option "Preboot ACL" or similar 16 that needs to be selected before this list is taken into 17 consideration. 18 19 Software always updates a full list in each write. 20 21 If a device is authorized automatically during boot its 22 boot attribute is set to 1. 23 24What: /sys/bus/thunderbolt/devices/.../domainX/iommu_dma_protection 25Date: Mar 2019 26KernelVersion: 4.21 27Contact: thunderbolt-software@lists.01.org 28Description: This attribute tells whether the system uses IOMMU 29 for DMA protection. Value of 1 means IOMMU is used 0 means 30 it is not (DMA protection is solely based on Thunderbolt 31 security levels). 32 33What: /sys/bus/thunderbolt/devices/.../domainX/security 34Date: Sep 2017 35KernelVersion: 4.13 36Contact: thunderbolt-software@lists.01.org 37Description: This attribute holds current Thunderbolt security level 38 set by the system BIOS. Possible values are: 39 40 ======= ================================================== 41 none All devices are automatically authorized 42 user Devices are only authorized based on writing 43 appropriate value to the authorized attribute 44 secure Require devices that support secure connect at 45 minimum. User needs to authorize each device. 46 dponly Automatically tunnel Display port (and USB). No 47 PCIe tunnels are created. 48 usbonly Automatically tunnel USB controller of the 49 connected Thunderbolt dock (and Display Port). All 50 PCIe links downstream of the dock are removed. 51 ======= ================================================== 52 53What: /sys/bus/thunderbolt/devices/.../authorized 54Date: Sep 2017 55KernelVersion: 4.13 56Contact: thunderbolt-software@lists.01.org 57Description: This attribute is used to authorize Thunderbolt devices 58 after they have been connected. If the device is not 59 authorized, no devices such as PCIe and Display port are 60 available to the system. 61 62 Contents of this attribute will be 0 when the device is not 63 yet authorized. 64 65 Possible values are supported: 66 67 == =========================================== 68 1 The device will be authorized and connected 69 == =========================================== 70 71 When key attribute contains 32 byte hex string the possible 72 values are: 73 74 == ======================================================== 75 1 The 32 byte hex string is added to the device NVM and 76 the device is authorized. 77 2 Send a challenge based on the 32 byte hex string. If the 78 challenge response from device is valid, the device is 79 authorized. In case of failure errno will be ENOKEY if 80 the device did not contain a key at all, and 81 EKEYREJECTED if the challenge response did not match. 82 == ======================================================== 83 84What: /sys/bus/thunderbolt/devices/.../boot 85Date: Jun 2018 86KernelVersion: 4.17 87Contact: thunderbolt-software@lists.01.org 88Description: This attribute contains 1 if Thunderbolt device was already 89 authorized on boot and 0 otherwise. 90 91What: /sys/bus/thunderbolt/devices/.../generation 92Date: Jan 2020 93KernelVersion: 5.5 94Contact: Christian Kellner <christian@kellner.me> 95Description: This attribute contains the generation of the Thunderbolt 96 controller associated with the device. It will contain 4 97 for USB4. 98 99What: /sys/bus/thunderbolt/devices/.../key 100Date: Sep 2017 101KernelVersion: 4.13 102Contact: thunderbolt-software@lists.01.org 103Description: When a devices supports Thunderbolt secure connect it will 104 have this attribute. Writing 32 byte hex string changes 105 authorization to use the secure connection method instead. 106 Writing an empty string clears the key and regular connection 107 method can be used again. 108 109What: /sys/bus/thunderbolt/devices/.../device 110Date: Sep 2017 111KernelVersion: 4.13 112Contact: thunderbolt-software@lists.01.org 113Description: This attribute contains id of this device extracted from 114 the device DROM. 115 116What: /sys/bus/thunderbolt/devices/.../device_name 117Date: Sep 2017 118KernelVersion: 4.13 119Contact: thunderbolt-software@lists.01.org 120Description: This attribute contains name of this device extracted from 121 the device DROM. 122 123What: /sys/bus/thunderbolt/devices/.../rx_speed 124Date: Jan 2020 125KernelVersion: 5.5 126Contact: Mika Westerberg <mika.westerberg@linux.intel.com> 127Description: This attribute reports the device RX speed per lane. 128 All RX lanes run at the same speed. 129 130What: /sys/bus/thunderbolt/devices/.../rx_lanes 131Date: Jan 2020 132KernelVersion: 5.5 133Contact: Mika Westerberg <mika.westerberg@linux.intel.com> 134Description: This attribute reports number of RX lanes the device is 135 using simultaneusly through its upstream port. 136 137What: /sys/bus/thunderbolt/devices/.../tx_speed 138Date: Jan 2020 139KernelVersion: 5.5 140Contact: Mika Westerberg <mika.westerberg@linux.intel.com> 141Description: This attribute reports the TX speed per lane. 142 All TX lanes run at the same speed. 143 144What: /sys/bus/thunderbolt/devices/.../tx_lanes 145Date: Jan 2020 146KernelVersion: 5.5 147Contact: Mika Westerberg <mika.westerberg@linux.intel.com> 148Description: This attribute reports number of TX lanes the device is 149 using simultaneusly through its upstream port. 150 151What: /sys/bus/thunderbolt/devices/.../vendor 152Date: Sep 2017 153KernelVersion: 4.13 154Contact: thunderbolt-software@lists.01.org 155Description: This attribute contains vendor id of this device extracted 156 from the device DROM. 157 158What: /sys/bus/thunderbolt/devices/.../vendor_name 159Date: Sep 2017 160KernelVersion: 4.13 161Contact: thunderbolt-software@lists.01.org 162Description: This attribute contains vendor name of this device extracted 163 from the device DROM. 164 165What: /sys/bus/thunderbolt/devices/.../unique_id 166Date: Sep 2017 167KernelVersion: 4.13 168Contact: thunderbolt-software@lists.01.org 169Description: This attribute contains unique_id string of this device. 170 This is either read from hardware registers (UUID on 171 newer hardware) or based on UID from the device DROM. 172 Can be used to uniquely identify particular device. 173 174What: /sys/bus/thunderbolt/devices/.../nvm_version 175Date: Sep 2017 176KernelVersion: 4.13 177Contact: thunderbolt-software@lists.01.org 178Description: If the device has upgradeable firmware the version 179 number is available here. Format: %x.%x, major.minor. 180 If the device is in safe mode reading the file returns 181 -ENODATA instead as the NVM version is not available. 182 183What: /sys/bus/thunderbolt/devices/.../nvm_authenticate 184Date: Sep 2017 185KernelVersion: 4.13 186Contact: thunderbolt-software@lists.01.org 187Description: When new NVM image is written to the non-active NVM 188 area (through non_activeX NVMem device), the 189 authentication procedure is started by writing to 190 this file. 191 If everything goes well, the device is 192 restarted with the new NVM firmware. If the image 193 verification fails an error code is returned instead. 194 195 This file will accept writing values "1" or "2" 196 197 - Writing "1" will flush the image to the storage 198 area and authenticate the image in one action. 199 - Writing "2" will run some basic validation on the image 200 and flush it to the storage area. 201 202 When read holds status of the last authentication 203 operation if an error occurred during the process. This 204 is directly the status value from the DMA configuration 205 based mailbox before the device is power cycled. Writing 206 0 here clears the status. 207 208What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/key 209Date: Jan 2018 210KernelVersion: 4.15 211Contact: thunderbolt-software@lists.01.org 212Description: This contains name of the property directory the XDomain 213 service exposes. This entry describes the protocol in 214 question. Following directories are already reserved by 215 the Apple XDomain specification: 216 217 ======== =============================================== 218 network IP/ethernet over Thunderbolt 219 targetdm Target disk mode protocol over Thunderbolt 220 extdisp External display mode protocol over Thunderbolt 221 ======== =============================================== 222 223What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/modalias 224Date: Jan 2018 225KernelVersion: 4.15 226Contact: thunderbolt-software@lists.01.org 227Description: Stores the same MODALIAS value emitted by uevent for 228 the XDomain service. Format: tbtsvc:kSpNvNrN 229 230What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcid 231Date: Jan 2018 232KernelVersion: 4.15 233Contact: thunderbolt-software@lists.01.org 234Description: This contains XDomain protocol identifier the XDomain 235 service supports. 236 237What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcvers 238Date: Jan 2018 239KernelVersion: 4.15 240Contact: thunderbolt-software@lists.01.org 241Description: This contains XDomain protocol version the XDomain 242 service supports. 243 244What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcrevs 245Date: Jan 2018 246KernelVersion: 4.15 247Contact: thunderbolt-software@lists.01.org 248Description: This contains XDomain software version the XDomain 249 service supports. 250 251What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcstns 252Date: Jan 2018 253KernelVersion: 4.15 254Contact: thunderbolt-software@lists.01.org 255Description: This contains XDomain service specific settings as 256 bitmask. Format: %x 257 258What: /sys/bus/thunderbolt/devices/<device>:<port>.<index>/device 259Date: Oct 2020 260KernelVersion: v5.9 261Contact: Mika Westerberg <mika.westerberg@linux.intel.com> 262Description: Retimer device identifier read from the hardware. 263 264What: /sys/bus/thunderbolt/devices/<device>:<port>.<index>/nvm_authenticate 265Date: Oct 2020 266KernelVersion: v5.9 267Contact: Mika Westerberg <mika.westerberg@linux.intel.com> 268Description: When new NVM image is written to the non-active NVM 269 area (through non_activeX NVMem device), the 270 authentication procedure is started by writing 1 to 271 this file. If everything goes well, the device is 272 restarted with the new NVM firmware. If the image 273 verification fails an error code is returned instead. 274 275 When read holds status of the last authentication 276 operation if an error occurred during the process. 277 Format: %x. 278 279What: /sys/bus/thunderbolt/devices/<device>:<port>.<index>/nvm_version 280Date: Oct 2020 281KernelVersion: v5.9 282Contact: Mika Westerberg <mika.westerberg@linux.intel.com> 283Description: Holds retimer NVM version number. Format: %x.%x, major.minor. 284 285What: /sys/bus/thunderbolt/devices/<device>:<port>.<index>/vendor 286Date: Oct 2020 287KernelVersion: v5.9 288Contact: Mika Westerberg <mika.westerberg@linux.intel.com> 289Description: Retimer vendor identifier read from the hardware. 290 291What: /sys/bus/thunderbolt/devices/.../nvm_authenticate_on_disconnect 292Date: Oct 2020 293KernelVersion: v5.9 294Contact: Mario Limonciello <mario.limonciello@dell.com> 295Description: For supported devices, automatically authenticate the new Thunderbolt 296 image when the device is disconnected from the host system. 297 298 This file will accept writing values "1" or "2" 299 300 - Writing "1" will flush the image to the storage 301 area and prepare the device for authentication on disconnect. 302 - Writing "2" will run some basic validation on the image 303 and flush it to the storage area. 304